Add auth forward protocol

example/in_forward_client.conf

@@ -0,0 +1,37 @@
+<system>
+  rpc_endpoint 0.0.0.0:24444
+</system>
+
+<source>
+  @type forward
+  port 24224
+  bind 0.0.0.0
+  <security>
+    self_hostname input.testing.local
+    shared_key    secure_communication_is_awesome
+    user_auth     yes
+    allow_anonymous_source no
+    <user>
+      username user1
+      password yes_this_is_user1
+    </user>
+    <user>
+      username user2
+      password yes_this_is_really_user2
+    </user>
+    <user>
+      username user3
+      password noooooo_this_may_not_be_user3
+    </user>
+    <client>
+      # host  127.0.0.1
+      network 127.0.0.0/24
+      shared_key using_different_key_makes_us_secure
+      users user1,user2
+    </client>
+  </security>
+</source>
+
+<match {test,test2,test3,test4}>
+  @type stdout
+</match>

example/in_forward_shared_key.conf

@@ -0,0 +1,15 @@
+<system>
+  rpc_endpoint 0.0.0.0:24444
+</system>
+
+<source>
+  @type forward
+  <security>
+    self_hostname input.testing.local
+    shared_key    secure_communication_is_awesome
+  </security>
+</source>
+
+<match test>
+  @type stdout
+</match>

example/in_forward_users.conf

@@ -0,0 +1,24 @@
+<system>
+  rpc_endpoint 0.0.0.0:24444
+</system>
+
+<source>
+  @type forward
+  <security>
+    self_hostname input.testing.local
+    shared_key    secure_communication_is_awesome
+    user_auth     yes
+    <user>
+      username user1
+      password yes_this_is_user1
+    </user>
+    <user>
+      username user2
+      password yes_this_is_really_user2
+    </user>
+  </security>
+</source>
+
+<match {test,test2,test3}>
+  @type stdout
+</match>

example/out_forward.conf

@@ -8,22 +8,22 @@
 
   <server>
     # first server
-    host localhost
+    host 127.0.0.1
     port 24224
   </server>
-  <server>
-    # second server
-    host localhost
-    port 24225
-  </server>
-  <server>
-    # second server
-    host localhost
-    port 24226
-    standby
-  </server>
+  # <server>
+  #   # second server
+  #   host localhost
+  #   port 24225
+  # </server>
+  # <server>
+  #   # second server
+  #   host localhost
+  #   port 24226
+  #   standby
+  # </server>
 
-  flush_interval 1
+  flush_interval 0
   send_timeout 60
   heartbeat_type udp
   heartbeat_interval 1

example/out_forward_client.conf

@@ -0,0 +1,109 @@
+<source>
+  @type dummy
+  tag test
+</source>
+<source>
+  @type dummy
+  tag test2
+</source>
+<source>
+  @type dummy
+  tag test3
+</source>
+<source>
+  @type dummy
+  tag test4
+</source>
+<source>
+  @type dummy
+  tag test5
+</source>
+
+<match test>
+  @type forward
+  flush_interval 0
+  <security>
+    self_hostname output.testing.local
+    shared_key    secure_communication_is_awesome
+  </security>
+  <server>
+    host 127.0.0.1
+    port 24224
+    username user1
+    password yes_this_is_user1
+    shared_key using_different_key_makes_us_secure
+  </server>
+</match>
+
+<match test2>
+  @type forward
+  flush_interval 0
+  <security>
+    self_hostname output-alt1.testing.local
+    shared_key    using_different_key_makes_us_secure
+  </security>
+  <server>
+    host 127.0.0.1
+    port 24224
+    username user1
+    password yes_this_is_user1
+  </server>
+  <server>
+    host 127.0.0.1
+    port 24224
+    username user2
+    password yes_this_is_really_user2
+  </server>
+</match>
+
+<match test3>
+  @type forward
+  flush_interval 0
+  <security>
+    self_hostname output-fail1.testing.local
+    # default key: fail
+    shared_key    secure_communication_is_awesome
+  </security>
+  <server>
+    host 127.0.0.1
+    port 24224
+    username user1
+    password yes_this_is_user1
+    # [warn]: Shared key mismatch address="127.0.0.1" hostname="output-fail1.testing.local"
+  </server>
+</match>
+
+<match test4>
+  @type forward
+  flush_interval 0
+  <security>
+    self_hostname output-fail2.testing.local
+    shared_key    using_different_key_makes_us_secure
+  </security>
+  <server>
+    host 127.0.0.1
+    port 24224
+    username user3
+    # user3 (user denied): fail
+    password noooooo_this_may_not_be_user3
+    # [warn]: Authentication failed address="127.0.0.1" hostname="output-fail2.testing.local" username="user3"
+  </server>
+</match>
+
+<match test5>
+  @type forward
+  flush_interval 0
+  <security>
+    self_hostname output-fail3.testing.local
+    shared_key    using_different_key_makes_us_secure
+  </security>
+  <server>
+    # another ip (host rejected): fail
+    # This pattern will work only with Ruby 2.3
+    host "#{Socket.getifaddrs.select{|i| i.addr.ipv4? }.reject{|i| i.addr.ip_address == '127.0.0.1' }.first.addr.ip_address}"
+    port 24224
+    username user1
+    password yes_this_is_user1
+    # [warn]: Anonymous client disallowed address="192.168.1.75" hostname="output-fail3.testing.local"
+  </server>
+</match>

example/out_forward_shared_key.conf

@@ -0,0 +1,36 @@
+<source>
+  @type dummy
+  tag test
+</source>
+<source>
+  @type dummy
+  tag test2
+</source>
+
+<match test>
+  @type forward
+  flush_interval 0
+  <security>
+    self_hostname output.testing.local
+    shared_key    secure_communication_is_awesome
+  </security>
+  <server>
+    host 127.0.0.1
+    port 24224
+  </server>
+</match>
+
+<match test2>
+  @type forward
+  flush_interval 0
+  <security>
+    self_hostname output-fail.testing.local
+    shared_key    secure_communication_is_not_awesome
+    # input plugin shows warning for wrong shared_key
+    # 2016-08-08 16:27:00 +0900 [warn]: Shared key mismatch address="127.0.0.1" hostname="output-fail.testing.local"
+  </security>
+  <server>
+    host 127.0.0.1
+    port 24224
+  </server>
+</match>

example/out_forward_users.conf

@@ -0,0 +1,65 @@
+<source>
+  @type dummy
+  tag test
+</source>
+<source>
+  @type dummy
+  tag test2
+</source>
+<source>
+  @type dummy
+  tag test3
+</source>
+
+<match test>
+  @type forward
+  flush_interval 0
+  <security>
+    self_hostname output.testing.local
+    shared_key    secure_communication_is_awesome
+  </security>
+  <server>
+    host 127.0.0.1
+    port 24224
+    username user1
+    password yes_this_is_user1
+  </server>
+</match>
+
+<match test2>
+  @type forward
+  flush_interval 0
+  <security>
+    self_hostname output-alt1.testing.local
+    shared_key    secure_communication_is_awesome
+  </security>
+  <server>
+    host 127.0.0.1
+    port 24224
+    username user1
+    password yes_this_is_user1
+  </server>
+  <server>
+    host 127.0.0.1
+    port 24224
+    username user2
+    password yes_this_is_really_user2
+  </server>
+</match>
+
+<match test3>
+  @type forward
+  flush_interval 0
+  <security>
+    self_hostname output-fail.testing.local
+    shared_key    secure_communication_is_awesome
+  </security>
+  <server>
+    host 127.0.0.1
+    port 24224
+    username user3
+    password no_there_are_not_such_user
+    # input plugin warns authentication erro:
+    # [warn]: Authentication failed address="127.0.0.1" hostname="output-fail.testing.local" username="user3"
+  </server>
+</match>