fluent-plugin-cloudwatch-logs 0.10.2 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3a66a32521964e4be0392f1d786e81750850b4f027b5ec9649a9033ab330595a
4
- data.tar.gz: 6041e92eea6e3148133a78a72ad3d9702ff33f89da89216e4bff579693459725
3
+ metadata.gz: 1dc48c250b022126a1de2b125bfa8ad3320daaa5eca5613f51ba7e6571a0b9a9
4
+ data.tar.gz: 23993ce51cac3aacfbe6937c1f928a00a61fbd94f64fb4ccf8c38ac8e4656787
5
5
  SHA512:
6
- metadata.gz: e8c2a9720f9e309698c1ac04e51bcb1acbe141443997dde1e9daf636cc9ce5356d3f87f7fb9ea18b7c9c760e1e9a57039e9d7aafb1bbcf98d2cbe3f657e89483
7
- data.tar.gz: bf1d58dd34328aedb4d18529b9f172c05b442a3040a332ee0f5d4edfd1e76b50b2df72f2edeb195f44a77ea45628627e3f4413847203581c9610bc5cee69fb75
6
+ metadata.gz: 84fd2ea44c0b498364a13da89d422d39b6ea18abdb38add8fbacbc9f0c7b04b6ed18498f26e85920ffe8a7c80e5c14dce8f191c6ecc1a2f1c36809ce67e6961b
7
+ data.tar.gz: e16ab191ba87408d82e1ffa73564aec909a0795cca65c0ab506b2bb538f4c1cd0ad61641035c6b42056ccd4459e4ba677cb35a28d8af74edc3d1d0bd04422db1
data/README.md CHANGED
@@ -160,6 +160,11 @@ Fetch sample log from CloudWatch Logs:
160
160
  #endpoint http://localhost:5000/
161
161
  #json_handler json
162
162
  #log_rejected_request true
163
+ #<web_identity_credentials>
164
+ # role_arn "#{ENV['AWS_ROLE_ARN']}"
165
+ # role_session_name ROLE_SESSION_NAME
166
+ # web_identity_token_file "#{ENV['AWS_WEB_IDENTITY_TOKEN_FILE']}"
167
+ #</web_identity_credentials>
163
168
  </match>
164
169
  ```
165
170
 
@@ -194,6 +199,14 @@ Fetch sample log from CloudWatch Logs:
194
199
  * `retention_in_days_key`: use specified field of records as retention period
195
200
  * `use_tag_as_group`: to use tag as a group name
196
201
  * `use_tag_as_stream`: to use tag as a stream name
202
+ * `<web_identity_credentials>`: For EKS authentication.
203
+ * `role_arn`: The Amazon Resource Name (ARN) of the role to assume. This parameter is required when using `<web_identity_credentials>`.
204
+ * `role_session_name`: An identifier for the assumed role session. This parameter is required when using `<web_identity_credentials>`.
205
+ * `web_identity_token_file`: The absolute path to the file on disk containing the OIDC token. This parameter is required when using `<web_identity_credentials>`.
206
+ * `policy`: An IAM policy in JSON format. (default `nil`)
207
+ * `duration_seconds`: The duration, in seconds, of the role session. The value can range from
208
+ 900 seconds (15 minutes) to 43200 seconds (12 hours). By default, the value
209
+ is set to 3600 seconds (1 hour). (default `nil`)
197
210
 
198
211
  **NOTE:** `retention_in_days` requests additional IAM permission `logs:PutRetentionPolicy` for log_group.
199
212
  Please refer to [the PutRetentionPolicy column in documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/permissions-reference-cwl.html) for details.
@@ -221,6 +234,11 @@ Please refer to [the PutRetentionPolicy column in documentation](https://docs.aw
221
234
  #<storage>
222
235
  # @type local # or redis, memcached, etc.
223
236
  #</storage>
237
+ #<web_identity_credentials>
238
+ # role_arn "#{ENV['AWS_ROLE_ARN']}"
239
+ # role_session_name ROLE_SESSION_NAME
240
+ # web_identity_token_file "#{ENV['AWS_WEB_IDENTITY_TOKEN_FILE']}"
241
+ #</web_identity_credentials>
224
242
  </source>
225
243
  ```
226
244
 
@@ -249,6 +267,14 @@ Please refer to [the PutRetentionPolicy column in documentation](https://docs.aw
249
267
  * `format`: specify CloudWatchLogs' log format. (default `nil`)
250
268
  * `<parse>`: specify parser plugin configuration. see also: https://docs.fluentd.org/v/1.0/parser#how-to-use
251
269
  * `<storage>`: specify storage plugin configuration. see also: https://docs.fluentd.org/v/1.0/storage#how-to-use
270
+ * `<web_identity_credentials>`: For EKS authentication.
271
+ * `role_arn`: The Amazon Resource Name (ARN) of the role to assume. This parameter is required when using `<web_identity_credentials>`.
272
+ * `role_session_name`: An identifier for the assumed role session. This parameter is required when using `<web_identity_credentials>`.
273
+ * `web_identity_token_file`: The absolute path to the file on disk containing the OIDC token. This parameter is required when using `<web_identity_credentials>`.
274
+ * `policy`: An IAM policy in JSON format. (default `nil`)
275
+ * `duration_seconds`: The duration, in seconds, of the role session. The value can range from
276
+ 900 seconds (15 minutes) to 43200 seconds (12 hours). By default, the value
277
+ is set to 3600 seconds (1 hour). (default `nil`)
252
278
 
253
279
  ## Test
254
280
 
@@ -2,7 +2,7 @@ module Fluent
2
2
  module Plugin
3
3
  module Cloudwatch
4
4
  module Logs
5
- VERSION = "0.10.2"
5
+ VERSION = "0.11.0"
6
6
  end
7
7
  end
8
8
  end
@@ -35,6 +35,13 @@ module Fluent::Plugin
35
35
  config_param :time_range_format, :string, default: "%Y-%m-%d %H:%M:%S"
36
36
  config_param :throttling_retry_seconds, :time, default: nil
37
37
  config_param :include_metadata, :bool, default: false
38
+ config_section :web_identity_credentials, multi: false do
39
+ config_param :role_arn, :string
40
+ config_param :role_session_name, :string
41
+ config_param :web_identity_token_file, :string, default: nil #required
42
+ config_param :policy, :string, default: nil
43
+ config_param :duration_seconds, :time, default: nil
44
+ end
38
45
 
39
46
  config_section :parse do
40
47
  config_set_default :@type, 'none'
@@ -79,6 +86,18 @@ module Fluent::Plugin
79
86
  role_arn: @aws_sts_role_arn,
80
87
  role_session_name: @aws_sts_session_name
81
88
  )
89
+ elsif @web_identity_credentials
90
+ c = @web_identity_credentials
91
+ credentials_options = {}
92
+ credentials_options[:role_arn] = c.role_arn
93
+ credentials_options[:role_session_name] = c.role_session_name
94
+ credentials_options[:web_identity_token_file] = c.web_identity_token_file
95
+ credentials_options[:policy] = c.policy if c.policy
96
+ credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
97
+ if @region
98
+ credentials_options[:client] = Aws::STS::Client.new(:region => @region)
99
+ end
100
+ options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
82
101
  else
83
102
  options[:credentials] = Aws::Credentials.new(@aws_key_id, @aws_sec_key) if @aws_key_id && @aws_sec_key
84
103
  end
@@ -46,6 +46,13 @@ module Fluent::Plugin
46
46
  config_param :remove_retention_in_days_key, :bool, default: false
47
47
  config_param :json_handler, :enum, list: [:yajl, :json], :default => :yajl
48
48
  config_param :log_rejected_request, :bool, :default => false
49
+ config_section :web_identity_credentials, multi: false do
50
+ config_param :role_arn, :string
51
+ config_param :role_session_name, :string
52
+ config_param :web_identity_token_file, :string, default: nil #required
53
+ config_param :policy, :string, default: nil
54
+ config_param :duration_seconds, :time, default: nil
55
+ end
49
56
 
50
57
  config_section :buffer do
51
58
  config_set_default :@type, DEFAULT_BUFFER_TYPE
@@ -98,6 +105,18 @@ module Fluent::Plugin
98
105
  role_arn: @aws_sts_role_arn,
99
106
  role_session_name: @aws_sts_session_name
100
107
  )
108
+ elsif @web_identity_credentials
109
+ c = @web_identity_credentials
110
+ credentials_options = {}
111
+ credentials_options[:role_arn] = c.role_arn
112
+ credentials_options[:role_session_name] = c.role_session_name
113
+ credentials_options[:web_identity_token_file] = c.web_identity_token_file
114
+ credentials_options[:policy] = c.policy if c.policy
115
+ credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
116
+ if @region
117
+ credentials_options[:client] = Aws::STS::Client.new(:region => @region)
118
+ end
119
+ options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
101
120
  else
102
121
  options[:credentials] = Aws::Credentials.new(@aws_key_id, @aws_sec_key) if @aws_key_id && @aws_sec_key
103
122
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-cloudwatch-logs
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.10.2
4
+ version: 0.11.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryota Arai
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-07-21 00:00:00.000000000 Z
11
+ date: 2020-10-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: fluentd
@@ -108,7 +108,7 @@ dependencies:
108
108
  - - ">="
109
109
  - !ruby/object:Gem::Version
110
110
  version: '0'
111
- description:
111
+ description:
112
112
  email:
113
113
  - ryota.arai@gmail.com
114
114
  executables: []
@@ -136,7 +136,7 @@ homepage: https://github.com/fluent-plugins-nursery/fluent-plugin-cloudwatch-log
136
136
  licenses:
137
137
  - MIT
138
138
  metadata: {}
139
- post_install_message:
139
+ post_install_message:
140
140
  rdoc_options: []
141
141
  require_paths:
142
142
  - lib
@@ -151,8 +151,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
151
151
  - !ruby/object:Gem::Version
152
152
  version: '0'
153
153
  requirements: []
154
- rubygems_version: 3.0.3
155
- signing_key:
154
+ rubygems_version: 3.1.2
155
+ signing_key:
156
156
  specification_version: 4
157
157
  summary: CloudWatch Logs Plugin for Fluentd
158
158
  test_files: