fluent-plugin-aws-elasticsearch-service 2.1.0 → 2.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +14 -0
  3. data/fluent-plugin-aws-elasticsearch-service.gemspec +1 -1
  4. data/lib/fluent/plugin/out_aws-elasticsearch-service.rb +20 -6
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cebb1488546995a34d5c6cd9f019b5d29b4607a2a5067f97945b728c07779f12
4
- data.tar.gz: 15c86bb134d81b1443eb775e9ec6948b055506d3dbd47a86294d0106de7720c6
3
+ metadata.gz: 5d84467ff7d53aaf3fd8b30bc85e7f9448593be039343b82afe787a1c4a4aae6
4
+ data.tar.gz: c0843971ac83c97da2999308412043ff099c48c1915fed1170c30c20b5ead286
5
5
  SHA512:
6
- metadata.gz: a556f97f09ff229fdad4db491181a52045fbc45c52cf28134134bf0e2488746c052e6926ff7ea0988a7359569d246ef770f775800f113f3e4b1ae37e1ad8ac3f
7
- data.tar.gz: 130a434abf6cee619873a61de9dde56f00ac6f3a1ea6ff69575cd100f0b63c97667ea04cde23c4e4f4d0e4b00ab12b761f1577fd4509995052acdc78fae9a254
6
+ metadata.gz: 29a91e7961c4f6eb7fd671c5dbc0710d5a45efaf84188b1a99f012342384f51db6b1434fb2bfe2f903c26540296610d3446a4570abe5926d44e988df55b6a40a
7
+ data.tar.gz: d93f4865d68fc05ec3b82d66872598d7769e108f143204b041649b91659e6763dd33c138ad3cf3467771e3348336f433a8f35a18345c8a8f3d9e7422592ccdd1
data/README.md CHANGED
@@ -126,6 +126,20 @@ You'll need to ensure that the environment in which the fluentd plugin runs has
126
126
  }
127
127
  ```
128
128
 
129
+ ### EKS
130
+ If you want to use IAM roles for service accounts on Amazon EKS clusters, please refer to the official documentation and specify a Service Account for your fluentd Pod.
131
+
132
+ Then, the endpoint configuration looks like:
133
+
134
+ ```ruby
135
+ <endpoint>
136
+ url https://CLUSTER_ENDPOINT_URL
137
+ region eu-west-1
138
+ assume_role_arn "#{ENV['AWS_ROLE_ARN']}"
139
+ assume_role_web_identity_token_file "#{ENV['AWS_WEB_IDENTITY_TOKEN_FILE']}"
140
+ </endpoint>
141
+ ```
142
+
129
143
  ## Troubleshooting
130
144
 
131
145
  * "Elasticsearch::Transport::Transport::Errors::Forbidden" error="[403]" even after verifying the access keys/roles/policies.
data/fluent-plugin-aws-elasticsearch-service.gemspec CHANGED
@@ -5,7 +5,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
5
 
6
6
  Gem::Specification.new do |spec|
7
7
  spec.name = "fluent-plugin-aws-elasticsearch-service"
8
- spec.version = "2.1.0"
8
+ spec.version = "2.2.0"
9
9
  spec.authors = ["atomita"]
10
10
  spec.email = ["sleeping.cait.sith+gh@gmail.com"]
11
11
 
data/lib/fluent/plugin/out_aws-elasticsearch-service.rb CHANGED
@@ -15,10 +15,11 @@ module Fluent::Plugin
15
15
  config_param :region, :string
16
16
  config_param :url, :string
17
17
  config_param :access_key_id, :string, :default => ""
18
- config_param :secret_access_key, :string, :default => ""
18
+ config_param :secret_access_key, :string, :default => "", secret: true
19
19
  config_param :assume_role_arn, :string, :default => nil
20
20
  config_param :ecs_container_credentials_relative_uri, :string, :default => nil #Set with AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable value
21
21
  config_param :assume_role_session_name, :string, :default => "fluentd"
22
+ config_param :assume_role_web_identity_token_file, :string, :default => nil
22
23
  end
23
24
 
24
25
  # here overrides default value of reload_connections to false because
@@ -84,11 +85,19 @@ module Fluent::Plugin
84
85
  }).credentials
85
86
  end
86
87
  else
87
- credentials = sts_credential_provider({
88
- role_arn: opts[:assume_role_arn],
89
- role_session_name: opts[:assume_role_session_name],
90
- region: opts[:region]
91
- }).credentials
88
+ if opts[:assume_role_web_identity_token_file].nil?
89
+ credentials = sts_credential_provider({
90
+ role_arn: opts[:assume_role_arn],
91
+ role_session_name: opts[:assume_role_session_name],
92
+ region: opts[:region]
93
+ }).credentials
94
+ else
95
+ credentials = sts_web_identity_credential_provider({
96
+ role_arn: opts[:assume_role_arn],
97
+ web_identity_token_file: opts[:assume_role_web_identity_token_file],
98
+ region: opts[:region]
99
+ }).credentials
100
+ end
92
101
  end
93
102
  end
94
103
  raise "No valid AWS credentials found." unless credentials.set?
@@ -106,6 +115,11 @@ module Fluent::Plugin
106
115
  @sts ||= Aws::AssumeRoleCredentials.new(opts)
107
116
  end
108
117
 
118
+ def sts_web_identity_credential_provider(opts)
119
+ # AssumeRoleWebIdentityCredentials is an auto-refreshing credential provider
120
+ @sts ||= Aws::AssumeRoleWebIdentityCredentials.new(opts)
121
+ end
122
+
109
123
  end
110
124
 
111
125
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-aws-elasticsearch-service
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0
4
+ version: 2.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - atomita
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-03-04 00:00:00.000000000 Z
11
+ date: 2019-10-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler