fluent-plugin-aws-elasticsearch-service 2.0.0 → 2.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: ab2396d060281d507a79949daf28faf5e36a5493
-  data.tar.gz: d1cddae22131889c0a120ec93c63f53589eecb3e
+SHA256:
+  metadata.gz: 5b43f023ea0c787dc6b18db57b47050078babc38c33d45bccd172e30c2f0b2a0
+  data.tar.gz: a2310d3e8fb5a710edca64ec72b656a5cc0517bac9151976e5ad23b16acfe12c
 SHA512:
-  metadata.gz: 4618e4b0146d64fbaa5f0ea0254be286883c6836d2a0c5d73073040501bbc3a08f9de3bde86ad58ee46ce1613ff1a48ffe1f337ff5227ca21300018a1b03b4d0
-  data.tar.gz: c11262a0903d40523d6dad7ecd852a1d31f22a59b3254502c4a2dd9d6ccf914745c8f6b123706223ed37443e4491589821b26ede96803b669fd4650121041a1f
+  metadata.gz: 6563475cc1717bc69c6c1d417dcef797e4418f172cdab5d0d767efd8f2aedd3beeb38e405ca162f6c1bee2b1a505004e59a50ce8c5ae625fd01b1ab7e291918f
+  data.tar.gz: f270b332238a0e438de2062a72e5e53e5689e4130bf422b0f092423dad625b4a156a62862f5f7c452f4f6855d2f7ee5c61b0eca3473a58cbc692f8ce81b8acd8

data/Gemfile

@@ -3,6 +3,6 @@ source 'https://rubygems.org'
 # Specify your gem's dependencies in fluent-plugin-aws-elasticsearch-service.gemspec
 gemspec
 
-gem 'fluent-plugin-elasticsearch', [">= 2.4.0", "< 4"], require: false
+gem 'fluent-plugin-elasticsearch', [">= 2.4.0", "< 5"], require: false
 gem 'aws-sdk-core', '~> 3', require: false
-gem 'faraday_middleware-aws-sigv4', '>= 0.2.4', '< 0.3.0', require: false
+gem 'faraday_middleware-aws-sigv4', '~> 0.3.0', require: false

data/ISSUE_TEMPLATE.md

@@ -0,0 +1,22 @@
+#### Problem
+
+...
+
+#### Steps to replicate
+
+Provide example config and message
+
+#### Expected Behavior or What you need to ask
+
+...
+
+#### Using Fluentd and ES plugin versions
+
+* OS version
+* Fluentd v0.12 or v0.14/v1.0
+  * paste result of ``fluentd --version`` or ``td-agent --version``
+* AWS ES Service plugin version
+  * paste boot log of fluentd or td-agent
+  * paste result of ``fluent-gem list``, ``td-agent-gem list`` or your Gemfile.lock
+* IAM policies for AWS ES Service (optional)
+* ES version (optional)

data/README.md

@@ -92,6 +92,7 @@ Additionally, you can use an STS assumed role as the authenticating factor and i
     region eu-west-1
     assume_role_arn arn:aws:sts::ACCOUNT:role/ROLE
     assume_role_session_name SESSION_ID # Defaults to fluentd if omitted
+    sts_credentials_region us-west-2 # Defaults to region if omitted
   </endpoint>
 ```
 
@@ -126,6 +127,20 @@ You'll need to ensure that the environment in which the fluentd plugin runs has
 }
 ```
 
+### EKS
+If you want to use IAM roles for service accounts on Amazon EKS clusters, please refer to the official documentation and specify a Service Account for your fluentd Pod.
+
+Then, the endpoint configuration looks like:
+
+```ruby
+<endpoint>
+  url https://CLUSTER_ENDPOINT_URL
+  region eu-west-1
+  assume_role_arn "#{ENV['AWS_ROLE_ARN']}"
+  assume_role_web_identity_token_file "#{ENV['AWS_WEB_IDENTITY_TOKEN_FILE']}"
+</endpoint>
+```
+
 ## Troubleshooting
 
 * "Elasticsearch::Transport::Transport::Errors::Forbidden" error="[403]" even after verifying the access keys/roles/policies.

data/fluent-plugin-aws-elasticsearch-service.gemspec

@@ -5,7 +5,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name          = "fluent-plugin-aws-elasticsearch-service"
-  spec.version       = "2.0.0"
+  spec.version       = "2.4.0"
   spec.authors       = ["atomita"]
   spec.email         = ["sleeping.cait.sith+gh@gmail.com"]
 
@@ -20,12 +20,12 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 1.10"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "bundler", [">= 1.10", "< 3"]
+  spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.0"
   spec.add_development_dependency "test-unit", "~> 3.0"
   spec.add_runtime_dependency "fluentd", [">= 0.14.15", "< 2"]
-  spec.add_runtime_dependency "fluent-plugin-elasticsearch", [">= 2.4.0", "< 4"]
+  spec.add_runtime_dependency "fluent-plugin-elasticsearch", [">= 3.3.0", "< 5"]
   spec.add_runtime_dependency "aws-sdk-core", "~> 3"
-  spec.add_runtime_dependency "faraday_middleware-aws-sigv4", ">= 0.2.4", "< 0.3.0"
+  spec.add_runtime_dependency "faraday_middleware-aws-sigv4", "~> 0.3.0"
 end

data/lib/fluent/plugin/out_aws-elasticsearch-service.rb

@@ -15,10 +15,12 @@ module Fluent::Plugin
       config_param :region, :string
       config_param :url, :string
       config_param :access_key_id, :string, :default => ""
-      config_param :secret_access_key, :string, :default => ""
+      config_param :secret_access_key, :string, :default => "", secret: true
       config_param :assume_role_arn, :string, :default => nil
       config_param :ecs_container_credentials_relative_uri, :string, :default => nil #Set with AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable value
       config_param :assume_role_session_name, :string, :default => "fluentd"
+      config_param :assume_role_web_identity_token_file, :string, :default => nil
+      config_param :sts_credentials_region, :string, :default => nil
     end
 
     # here overrides default value of reload_connections to false because
@@ -31,9 +33,13 @@ module Fluent::Plugin
     #
     # @override
     #
-    def get_connection_options
+    def get_connection_options(con_host=nil)
       raise "`endpoint` require." if @endpoint.empty?
 
+      @endpoint.map do |ep|
+        raise Fluent::ConfigError, "Ensure you don't have a trailing slash on the endpoint URL in your fluentd configuration." if ep[:url].end_with?("/")
+      end
+
       hosts =
         begin
           @endpoint.map do |ep|
@@ -74,21 +80,31 @@ module Fluent::Plugin
           credentials = Aws::Credentials.new opts[:access_key_id], opts[:secret_access_key]
         else
           if opts[:assume_role_arn].nil?
-            if opts[:ecs_container_credentials_relative_uri].nil?
+            aws_container_credentials_relative_uri = opts[:ecs_container_credentials_relative_uri] || ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]
+            if aws_container_credentials_relative_uri.nil?
               credentials = Aws::SharedCredentials.new({retries: 2}).credentials
               credentials ||= Aws::InstanceProfileCredentials.new.credentials
               credentials ||= Aws::ECSCredentials.new.credentials
             else
               credentials = Aws::ECSCredentials.new({
-                credential_path: opts[:ecs_container_credentials_relative_uri]
+                credential_path: aws_container_credentials_relative_uri
               }).credentials
             end
           else
-            credentials = sts_credential_provider({
-                            role_arn: opts[:assume_role_arn],
-                            role_session_name: opts[:assume_role_session_name],
-                            region: opts[:region]
-                          }).credentials
+
+            if opts[:assume_role_web_identity_token_file].nil?
+              credentials = sts_credential_provider({
+                              role_arn: opts[:assume_role_arn],
+                              role_session_name: opts[:assume_role_session_name],
+                              region: sts_credentials_region(opts)
+                            }).credentials
+            else
+              credentials = sts_web_identity_credential_provider({
+                              role_arn: opts[:assume_role_arn],
+                              web_identity_token_file: opts[:assume_role_web_identity_token_file],
+                              region: sts_credentials_region(opts)
+                            }).credentials
+            end
           end
         end
         raise "No valid AWS credentials found." unless credentials.set?
@@ -101,11 +117,20 @@ module Fluent::Plugin
       calback
     end
 
+    def sts_credentials_region(opts)
+      opts[:sts_credentials_region] || opts[:region]
+    end
+
     def sts_credential_provider(opts)
       # AssumeRoleCredentials is an auto-refreshing credential provider
       @sts ||= Aws::AssumeRoleCredentials.new(opts)
     end
 
+    def sts_web_identity_credential_provider(opts)
+      # AssumeRoleWebIdentityCredentials is an auto-refreshing credential provider
+      @sts ||= Aws::AssumeRoleWebIdentityCredentials.new(opts)
+    end
+
   end
 
 

metadata

@@ -1,43 +1,49 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-aws-elasticsearch-service
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.4.0
 platform: ruby
 authors:
 - atomita
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-02-04 00:00:00.000000000 Z
+date: 2020-07-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.10'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.10'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -92,20 +98,20 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.4.0
+        version: 3.3.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: '4'
+        version: '5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.4.0
+        version: 3.3.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: '4'
+        version: '5'
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
   requirement: !ruby/object:Gem::Requirement
@@ -124,20 +130,14 @@ dependencies:
   name: faraday_middleware-aws-sigv4
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.2.4
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.2.4
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.3.0
 description: this is a Output plugin. Post to "Amazon Elasticsearch Service".
@@ -149,6 +149,7 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - Gemfile
+- ISSUE_TEMPLATE.md
 - LICENSE
 - README.md
 - Rakefile
@@ -158,7 +159,7 @@ homepage: https://github.com/atomita/fluent-plugin-aws-elasticsearch-service
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -173,9 +174,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.2.1
-signing_key: 
+rubygems_version: 3.0.1
+signing_key:
 specification_version: 4
 summary: Output plugin to post to "Amazon Elasticsearch Service".
 test_files: []