Class: Fluent::AnonymizerOutput

Inherits:
Output
  • Object
show all
Includes:
HandleTagNameMixin, SetTagKeyMixin
Defined in:
lib/fluent/plugin/out_anonymizer.rb

Constant Summary collapse

HASH_ALGORITHM = 
%w(md5 sha1 sha256 sha384 sha512 ipaddr_mask)
DIGEST = 
{
  "md5" => Proc.new { OpenSSL::Digest.new('md5') },
  "sha1" => Proc.new { OpenSSL::Digest.new('sha1') },
  "sha256" => Proc.new { OpenSSL::Digest.new('sha256') },
  "sha384" => Proc.new { OpenSSL::Digest.new('sha384') },
  "sha512" => Proc.new { OpenSSL::Digest.new('sha512') }
}

Instance Method Summary collapse

Constructor Details

#initializeAnonymizerOutput

Returns a new instance of AnonymizerOutput.



23
24
25
26
27
 
# File 'lib/fluent/plugin/out_anonymizer.rb', line 23

def initialize
  require 'openssl'
  require 'ipaddr'
  super
end

Instance Method Details

#anonymize(message, algorithm, salt) ⇒ Object 



90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'lib/fluent/plugin/out_anonymizer.rb', line 90

def anonymize(message, algorithm, salt)
  case algorithm
  when 'md5','sha1','sha256','sha384','sha512'
    OpenSSL::HMAC.hexdigest(DIGEST[algorithm].call, salt, message.to_s)
  when 'ipaddr_mask'
    address = IPAddr.new(message)
    subnet = address.ipv4? ? @ipv4_mask_subnet : @ipv6_mask_subnet
    address.mask(subnet).to_s
  else
    $log.warn "anonymizer: unknown algorithm #{algorithm} has called."
  end
end

#configure(conf) ⇒ Object 



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/fluent/plugin/out_anonymizer.rb', line 29

def configure(conf)
  super

  @hash_keys = Hash.new
  conf.keys.select{|k| k =~ /_keys$/}.each do |key|
    hash_algorithm_name = key.sub('_keys','')
    raise Fluent::ConfigError, "anonymizer: unsupported key #{hash_algorithm_name}" unless HASH_ALGORITHM.include?(hash_algorithm_name)
    conf[key].gsub(' ', '').split(',').each do |record_key|
      @hash_keys.store(record_key, hash_algorithm_name)
    end
  end

  if @hash_keys.count < 1
    raise Fluent::ConfigError, "anonymizer: missing hash keys setting."
  end
  $log.info "anonymizer: adding anonymize rules for each field. #{@hash_keys}"

  if ( !@tag && !@remove_tag_prefix && !@remove_tag_suffix && !@add_tag_prefix && !@add_tag_suffix )
    raise Fluent::ConfigError, "anonymizer: missing remove_tag_prefix, remove_tag_suffix, add_tag_prefix or add_tag_suffix."
  end
end

#emit(tag, es, chain) ⇒ Object 



51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/fluent/plugin/out_anonymizer.rb', line 51

def emit(tag, es, chain)
  es.each do |time, record|
    @hash_keys.each do |hash_key, hash_algorithm|
      next unless record.include?(hash_key)
      record[hash_key] = filter_anonymize_record(record[hash_key], hash_algorithm)
    end
    emit_tag = tag.dup
    filter_record(emit_tag, time, record)
    emit_tag = rewrite_tag(@tag, emit_tag) if @tag
    Fluent::Engine.emit(emit_tag, time, record)
  end
  chain.next
end

#filter_anonymize_record(data, hash_algorithm) ⇒ Object 



76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/fluent/plugin/out_anonymizer.rb', line 76

def filter_anonymize_record(data, hash_algorithm)
  begin
    if data.is_a?(Array)
      data = data.collect { |v| anonymize(v, hash_algorithm, @hash_salt) }
    else
      data = anonymize(data, hash_algorithm, @hash_salt)
    end
  rescue StandardError => e
    $log.error "anonymizer: failed to anonymize record. :message=>#{e.message} :data=>#{data}"
    $log.error e.backtrace.join("\n")
  end
  data
end

#rewrite_tag(rewritetag, tag) ⇒ Object 



65
66
67
68
69
70
71
72
73
74
 
# File 'lib/fluent/plugin/out_anonymizer.rb', line 65

def rewrite_tag(rewritetag, tag)
  placeholder = {
    '${tag}' => tag,
    '__TAG__' => tag
  }
  return rewritetag.gsub(/(\${[a-z_]+(\[[0-9]+\])?}|__[A-Z_]+__)/) do
    $log.warn "anonymizer: unknown placeholder found. :placeholder=>#{$1} :tag=>#{tag} :rewritetag=>#{rewritetag}" unless placeholder.include?($1)
    placeholder[$1]
  end
end