Add support for SSL and Basic HTTP authentication

docs/index.asciidoc

@@ -53,6 +53,9 @@ output {
     port => 50070                       # (optional, default: 50070)
     path => "/user/logstash/dt=%{+YYYY-MM-dd}/logstash-%{+HH}.log"  # (required)
     user => "hue"                       # (required)
+    basicauth_user => "htuser"          # (optional, default: no basic HTTP auth)
+    basicauth_password => "123456"      # (optional)
+    use_ssl => true                     # (optional, default: false)
   }
 }
 ----------------------------------
@@ -88,6 +91,10 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-use_kerberos_auth>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-use_ssl_auth>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-user>> |<<string,string>>|Yes
+| <<plugins-{type}s-{plugin}-basicauth_user>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-basicauth_password>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-use_ssl>> |<<boolean,boolean>>|No
+| <<plugins-{type}s-{plugin}-verify_ssl>> |<<boolean,boolean>>|No
 |=======================================================================
 
 Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
@@ -290,4 +297,4 @@ The Username for webhdfs.
 
 
 [id="plugins-{type}s-{plugin}-common-options"]
-include::{include_path}/{type}.asciidoc[]
+include::{include_path}/{type}.asciidoc[]

lib/logstash/outputs/webhdfs.rb

@@ -67,6 +67,12 @@ class LogStash::Outputs::WebHdfs < LogStash::Outputs::Base
   # The Username for webhdfs.
   config :user, :validate => :string, :required => true
 
+  # The Username for Basic HTTP authentication
+  config :basicauth_user, :validate => :string, :default => nil
+
+  # The Password for Basic HTTP authentication
+  config :basicauth_password, :validate => :string, :default => nil
+
   # The path to the file to write to. Event fields can be used here,
   # as well as date fields in the joda time format, e.g.:
   # `/user/logstash/dt=%{+YYYY-MM-dd}/%{@source_host}-%{+HH}.log`
@@ -117,6 +123,12 @@ class LogStash::Outputs::WebHdfs < LogStash::Outputs::Base
   # Set kerberos keytab file. Note that the gssapi library needs to be available to use this.
   config :kerberos_keytab, :validate => :string
 
+  # Use SSL
+  config :use_ssl, :validate => :boolean, :default => false
+
+  # Verify SSL
+  config :verify_ssl, :validate => :boolean, :default => true
+
   # Set ssl authentication. Note that the openssl library needs to be available to use this.
   config :use_ssl_auth, :validate => :boolean, :default => false
 

lib/logstash/outputs/webhdfs_helper.rb

@@ -1,4 +1,5 @@
 require "logstash/namespace"
+require "base64"
 
 module LogStash
   module Outputs
@@ -22,15 +23,31 @@ def load_module(module_name)
       # @param username [String] A valid HDFS user
       # @return [WebHDFS] An setup client instance
       def prepare_client(host, port, username)
-        client = WebHDFS::Client.new(host, port, username)
+        if @basicauth_user == nil
+          client = WebHDFS::Client.new(host, port, username)
+	else
+          basicauth = Base64.encode64("#{@basicauth_user}:#{@basicauth_password}").chomp
+          basicauth = { "Authorization" => "Basic #{basicauth}" }
+          client = WebHDFS::Client.new(host, port, username, nil, nil, nil, basicauth)
+        end
         if @use_kerberos_auth
           require 'gssapi'
           client.kerberos = true
           client.kerberos_keytab = @kerberos_keytab
         end
+        if @use_ssl
+          require 'openssl'
+          client.ssl = true
+          if not @verify_ssl
+            client.ssl_verify_mode = :none
+          end
+        end
         if @use_ssl_auth
           require 'openssl'
           client.ssl = true
+          if not @verify_ssl
+            client.ssl_verify_mode = :none
+          end
           client.ssl_key = OpenSSL::PKey::RSA.new(open(@ssl_key))
           client.ssl_cert = OpenSSL::X509::Certificate.new(open(@ssl_cert))
         end