fluent-plugin-cloudwatch-logs 0.10.2 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +26 -0
- data/lib/fluent/plugin/cloudwatch/logs/version.rb +1 -1
- data/lib/fluent/plugin/in_cloudwatch_logs.rb +19 -0
- data/lib/fluent/plugin/out_cloudwatch_logs.rb +19 -0
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1dc48c250b022126a1de2b125bfa8ad3320daaa5eca5613f51ba7e6571a0b9a9
|
4
|
+
data.tar.gz: 23993ce51cac3aacfbe6937c1f928a00a61fbd94f64fb4ccf8c38ac8e4656787
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 84fd2ea44c0b498364a13da89d422d39b6ea18abdb38add8fbacbc9f0c7b04b6ed18498f26e85920ffe8a7c80e5c14dce8f191c6ecc1a2f1c36809ce67e6961b
|
7
|
+
data.tar.gz: e16ab191ba87408d82e1ffa73564aec909a0795cca65c0ab506b2bb538f4c1cd0ad61641035c6b42056ccd4459e4ba677cb35a28d8af74edc3d1d0bd04422db1
|
data/README.md
CHANGED
@@ -160,6 +160,11 @@ Fetch sample log from CloudWatch Logs:
|
|
160
160
|
#endpoint http://localhost:5000/
|
161
161
|
#json_handler json
|
162
162
|
#log_rejected_request true
|
163
|
+
#<web_identity_credentials>
|
164
|
+
# role_arn "#{ENV['AWS_ROLE_ARN']}"
|
165
|
+
# role_session_name ROLE_SESSION_NAME
|
166
|
+
# web_identity_token_file "#{ENV['AWS_WEB_IDENTITY_TOKEN_FILE']}"
|
167
|
+
#</web_identity_credentials>
|
163
168
|
</match>
|
164
169
|
```
|
165
170
|
|
@@ -194,6 +199,14 @@ Fetch sample log from CloudWatch Logs:
|
|
194
199
|
* `retention_in_days_key`: use specified field of records as retention period
|
195
200
|
* `use_tag_as_group`: to use tag as a group name
|
196
201
|
* `use_tag_as_stream`: to use tag as a stream name
|
202
|
+
* `<web_identity_credentials>`: For EKS authentication.
|
203
|
+
* `role_arn`: The Amazon Resource Name (ARN) of the role to assume. This parameter is required when using `<web_identity_credentials>`.
|
204
|
+
* `role_session_name`: An identifier for the assumed role session. This parameter is required when using `<web_identity_credentials>`.
|
205
|
+
* `web_identity_token_file`: The absolute path to the file on disk containing the OIDC token. This parameter is required when using `<web_identity_credentials>`.
|
206
|
+
* `policy`: An IAM policy in JSON format. (default `nil`)
|
207
|
+
* `duration_seconds`: The duration, in seconds, of the role session. The value can range from
|
208
|
+
900 seconds (15 minutes) to 43200 seconds (12 hours). By default, the value
|
209
|
+
is set to 3600 seconds (1 hour). (default `nil`)
|
197
210
|
|
198
211
|
**NOTE:** `retention_in_days` requests additional IAM permission `logs:PutRetentionPolicy` for log_group.
|
199
212
|
Please refer to [the PutRetentionPolicy column in documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/permissions-reference-cwl.html) for details.
|
@@ -221,6 +234,11 @@ Please refer to [the PutRetentionPolicy column in documentation](https://docs.aw
|
|
221
234
|
#<storage>
|
222
235
|
# @type local # or redis, memcached, etc.
|
223
236
|
#</storage>
|
237
|
+
#<web_identity_credentials>
|
238
|
+
# role_arn "#{ENV['AWS_ROLE_ARN']}"
|
239
|
+
# role_session_name ROLE_SESSION_NAME
|
240
|
+
# web_identity_token_file "#{ENV['AWS_WEB_IDENTITY_TOKEN_FILE']}"
|
241
|
+
#</web_identity_credentials>
|
224
242
|
</source>
|
225
243
|
```
|
226
244
|
|
@@ -249,6 +267,14 @@ Please refer to [the PutRetentionPolicy column in documentation](https://docs.aw
|
|
249
267
|
* `format`: specify CloudWatchLogs' log format. (default `nil`)
|
250
268
|
* `<parse>`: specify parser plugin configuration. see also: https://docs.fluentd.org/v/1.0/parser#how-to-use
|
251
269
|
* `<storage>`: specify storage plugin configuration. see also: https://docs.fluentd.org/v/1.0/storage#how-to-use
|
270
|
+
* `<web_identity_credentials>`: For EKS authentication.
|
271
|
+
* `role_arn`: The Amazon Resource Name (ARN) of the role to assume. This parameter is required when using `<web_identity_credentials>`.
|
272
|
+
* `role_session_name`: An identifier for the assumed role session. This parameter is required when using `<web_identity_credentials>`.
|
273
|
+
* `web_identity_token_file`: The absolute path to the file on disk containing the OIDC token. This parameter is required when using `<web_identity_credentials>`.
|
274
|
+
* `policy`: An IAM policy in JSON format. (default `nil`)
|
275
|
+
* `duration_seconds`: The duration, in seconds, of the role session. The value can range from
|
276
|
+
900 seconds (15 minutes) to 43200 seconds (12 hours). By default, the value
|
277
|
+
is set to 3600 seconds (1 hour). (default `nil`)
|
252
278
|
|
253
279
|
## Test
|
254
280
|
|
@@ -35,6 +35,13 @@ module Fluent::Plugin
|
|
35
35
|
config_param :time_range_format, :string, default: "%Y-%m-%d %H:%M:%S"
|
36
36
|
config_param :throttling_retry_seconds, :time, default: nil
|
37
37
|
config_param :include_metadata, :bool, default: false
|
38
|
+
config_section :web_identity_credentials, multi: false do
|
39
|
+
config_param :role_arn, :string
|
40
|
+
config_param :role_session_name, :string
|
41
|
+
config_param :web_identity_token_file, :string, default: nil #required
|
42
|
+
config_param :policy, :string, default: nil
|
43
|
+
config_param :duration_seconds, :time, default: nil
|
44
|
+
end
|
38
45
|
|
39
46
|
config_section :parse do
|
40
47
|
config_set_default :@type, 'none'
|
@@ -79,6 +86,18 @@ module Fluent::Plugin
|
|
79
86
|
role_arn: @aws_sts_role_arn,
|
80
87
|
role_session_name: @aws_sts_session_name
|
81
88
|
)
|
89
|
+
elsif @web_identity_credentials
|
90
|
+
c = @web_identity_credentials
|
91
|
+
credentials_options = {}
|
92
|
+
credentials_options[:role_arn] = c.role_arn
|
93
|
+
credentials_options[:role_session_name] = c.role_session_name
|
94
|
+
credentials_options[:web_identity_token_file] = c.web_identity_token_file
|
95
|
+
credentials_options[:policy] = c.policy if c.policy
|
96
|
+
credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
|
97
|
+
if @region
|
98
|
+
credentials_options[:client] = Aws::STS::Client.new(:region => @region)
|
99
|
+
end
|
100
|
+
options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
|
82
101
|
else
|
83
102
|
options[:credentials] = Aws::Credentials.new(@aws_key_id, @aws_sec_key) if @aws_key_id && @aws_sec_key
|
84
103
|
end
|
@@ -46,6 +46,13 @@ module Fluent::Plugin
|
|
46
46
|
config_param :remove_retention_in_days_key, :bool, default: false
|
47
47
|
config_param :json_handler, :enum, list: [:yajl, :json], :default => :yajl
|
48
48
|
config_param :log_rejected_request, :bool, :default => false
|
49
|
+
config_section :web_identity_credentials, multi: false do
|
50
|
+
config_param :role_arn, :string
|
51
|
+
config_param :role_session_name, :string
|
52
|
+
config_param :web_identity_token_file, :string, default: nil #required
|
53
|
+
config_param :policy, :string, default: nil
|
54
|
+
config_param :duration_seconds, :time, default: nil
|
55
|
+
end
|
49
56
|
|
50
57
|
config_section :buffer do
|
51
58
|
config_set_default :@type, DEFAULT_BUFFER_TYPE
|
@@ -98,6 +105,18 @@ module Fluent::Plugin
|
|
98
105
|
role_arn: @aws_sts_role_arn,
|
99
106
|
role_session_name: @aws_sts_session_name
|
100
107
|
)
|
108
|
+
elsif @web_identity_credentials
|
109
|
+
c = @web_identity_credentials
|
110
|
+
credentials_options = {}
|
111
|
+
credentials_options[:role_arn] = c.role_arn
|
112
|
+
credentials_options[:role_session_name] = c.role_session_name
|
113
|
+
credentials_options[:web_identity_token_file] = c.web_identity_token_file
|
114
|
+
credentials_options[:policy] = c.policy if c.policy
|
115
|
+
credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
|
116
|
+
if @region
|
117
|
+
credentials_options[:client] = Aws::STS::Client.new(:region => @region)
|
118
|
+
end
|
119
|
+
options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
|
101
120
|
else
|
102
121
|
options[:credentials] = Aws::Credentials.new(@aws_key_id, @aws_sec_key) if @aws_key_id && @aws_sec_key
|
103
122
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-cloudwatch-logs
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.11.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ryota Arai
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-10-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: fluentd
|
@@ -108,7 +108,7 @@ dependencies:
|
|
108
108
|
- - ">="
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: '0'
|
111
|
-
description:
|
111
|
+
description:
|
112
112
|
email:
|
113
113
|
- ryota.arai@gmail.com
|
114
114
|
executables: []
|
@@ -136,7 +136,7 @@ homepage: https://github.com/fluent-plugins-nursery/fluent-plugin-cloudwatch-log
|
|
136
136
|
licenses:
|
137
137
|
- MIT
|
138
138
|
metadata: {}
|
139
|
-
post_install_message:
|
139
|
+
post_install_message:
|
140
140
|
rdoc_options: []
|
141
141
|
require_paths:
|
142
142
|
- lib
|
@@ -151,8 +151,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
151
151
|
- !ruby/object:Gem::Version
|
152
152
|
version: '0'
|
153
153
|
requirements: []
|
154
|
-
rubygems_version: 3.
|
155
|
-
signing_key:
|
154
|
+
rubygems_version: 3.1.2
|
155
|
+
signing_key:
|
156
156
|
specification_version: 4
|
157
157
|
summary: CloudWatch Logs Plugin for Fluentd
|
158
158
|
test_files:
|