fluent-plugin-aws-elasticsearch-service 2.1.0 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +14 -0
- data/fluent-plugin-aws-elasticsearch-service.gemspec +1 -1
- data/lib/fluent/plugin/out_aws-elasticsearch-service.rb +20 -6
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5d84467ff7d53aaf3fd8b30bc85e7f9448593be039343b82afe787a1c4a4aae6
|
4
|
+
data.tar.gz: c0843971ac83c97da2999308412043ff099c48c1915fed1170c30c20b5ead286
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 29a91e7961c4f6eb7fd671c5dbc0710d5a45efaf84188b1a99f012342384f51db6b1434fb2bfe2f903c26540296610d3446a4570abe5926d44e988df55b6a40a
|
7
|
+
data.tar.gz: d93f4865d68fc05ec3b82d66872598d7769e108f143204b041649b91659e6763dd33c138ad3cf3467771e3348336f433a8f35a18345c8a8f3d9e7422592ccdd1
|
data/README.md
CHANGED
@@ -126,6 +126,20 @@ You'll need to ensure that the environment in which the fluentd plugin runs has
|
|
126
126
|
}
|
127
127
|
```
|
128
128
|
|
129
|
+
### EKS
|
130
|
+
If you want to use IAM roles for service accounts on Amazon EKS clusters, please refer to the official documentation and specify a Service Account for your fluentd Pod.
|
131
|
+
|
132
|
+
Then, the endpoint configuration looks like:
|
133
|
+
|
134
|
+
```ruby
|
135
|
+
<endpoint>
|
136
|
+
url https://CLUSTER_ENDPOINT_URL
|
137
|
+
region eu-west-1
|
138
|
+
assume_role_arn "#{ENV['AWS_ROLE_ARN']}"
|
139
|
+
assume_role_web_identity_token_file "#{ENV['AWS_WEB_IDENTITY_TOKEN_FILE']}"
|
140
|
+
</endpoint>
|
141
|
+
```
|
142
|
+
|
129
143
|
## Troubleshooting
|
130
144
|
|
131
145
|
* "Elasticsearch::Transport::Transport::Errors::Forbidden" error="[403]" even after verifying the access keys/roles/policies.
|
@@ -5,7 +5,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |spec|
|
7
7
|
spec.name = "fluent-plugin-aws-elasticsearch-service"
|
8
|
-
spec.version = "2.
|
8
|
+
spec.version = "2.2.0"
|
9
9
|
spec.authors = ["atomita"]
|
10
10
|
spec.email = ["sleeping.cait.sith+gh@gmail.com"]
|
11
11
|
|
@@ -15,10 +15,11 @@ module Fluent::Plugin
|
|
15
15
|
config_param :region, :string
|
16
16
|
config_param :url, :string
|
17
17
|
config_param :access_key_id, :string, :default => ""
|
18
|
-
config_param :secret_access_key, :string, :default => ""
|
18
|
+
config_param :secret_access_key, :string, :default => "", secret: true
|
19
19
|
config_param :assume_role_arn, :string, :default => nil
|
20
20
|
config_param :ecs_container_credentials_relative_uri, :string, :default => nil #Set with AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable value
|
21
21
|
config_param :assume_role_session_name, :string, :default => "fluentd"
|
22
|
+
config_param :assume_role_web_identity_token_file, :string, :default => nil
|
22
23
|
end
|
23
24
|
|
24
25
|
# here overrides default value of reload_connections to false because
|
@@ -84,11 +85,19 @@ module Fluent::Plugin
|
|
84
85
|
}).credentials
|
85
86
|
end
|
86
87
|
else
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
88
|
+
if opts[:assume_role_web_identity_token_file].nil?
|
89
|
+
credentials = sts_credential_provider({
|
90
|
+
role_arn: opts[:assume_role_arn],
|
91
|
+
role_session_name: opts[:assume_role_session_name],
|
92
|
+
region: opts[:region]
|
93
|
+
}).credentials
|
94
|
+
else
|
95
|
+
credentials = sts_web_identity_credential_provider({
|
96
|
+
role_arn: opts[:assume_role_arn],
|
97
|
+
web_identity_token_file: opts[:assume_role_web_identity_token_file],
|
98
|
+
region: opts[:region]
|
99
|
+
}).credentials
|
100
|
+
end
|
92
101
|
end
|
93
102
|
end
|
94
103
|
raise "No valid AWS credentials found." unless credentials.set?
|
@@ -106,6 +115,11 @@ module Fluent::Plugin
|
|
106
115
|
@sts ||= Aws::AssumeRoleCredentials.new(opts)
|
107
116
|
end
|
108
117
|
|
118
|
+
def sts_web_identity_credential_provider(opts)
|
119
|
+
# AssumeRoleWebIdentityCredentials is an auto-refreshing credential provider
|
120
|
+
@sts ||= Aws::AssumeRoleWebIdentityCredentials.new(opts)
|
121
|
+
end
|
122
|
+
|
109
123
|
end
|
110
124
|
|
111
125
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-aws-elasticsearch-service
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- atomita
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-10-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|