fluent-plugin-cloudwatch-logs 0.10.2 → 0.11.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +26 -0
- data/lib/fluent/plugin/cloudwatch/logs/version.rb +1 -1
- data/lib/fluent/plugin/in_cloudwatch_logs.rb +19 -0
- data/lib/fluent/plugin/out_cloudwatch_logs.rb +19 -0
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1dc48c250b022126a1de2b125bfa8ad3320daaa5eca5613f51ba7e6571a0b9a9
|
|
4
|
+
data.tar.gz: 23993ce51cac3aacfbe6937c1f928a00a61fbd94f64fb4ccf8c38ac8e4656787
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 84fd2ea44c0b498364a13da89d422d39b6ea18abdb38add8fbacbc9f0c7b04b6ed18498f26e85920ffe8a7c80e5c14dce8f191c6ecc1a2f1c36809ce67e6961b
|
|
7
|
+
data.tar.gz: e16ab191ba87408d82e1ffa73564aec909a0795cca65c0ab506b2bb538f4c1cd0ad61641035c6b42056ccd4459e4ba677cb35a28d8af74edc3d1d0bd04422db1
|
data/README.md
CHANGED
|
@@ -160,6 +160,11 @@ Fetch sample log from CloudWatch Logs:
|
|
|
160
160
|
#endpoint http://localhost:5000/
|
|
161
161
|
#json_handler json
|
|
162
162
|
#log_rejected_request true
|
|
163
|
+
#<web_identity_credentials>
|
|
164
|
+
# role_arn "#{ENV['AWS_ROLE_ARN']}"
|
|
165
|
+
# role_session_name ROLE_SESSION_NAME
|
|
166
|
+
# web_identity_token_file "#{ENV['AWS_WEB_IDENTITY_TOKEN_FILE']}"
|
|
167
|
+
#</web_identity_credentials>
|
|
163
168
|
</match>
|
|
164
169
|
```
|
|
165
170
|
|
|
@@ -194,6 +199,14 @@ Fetch sample log from CloudWatch Logs:
|
|
|
194
199
|
* `retention_in_days_key`: use specified field of records as retention period
|
|
195
200
|
* `use_tag_as_group`: to use tag as a group name
|
|
196
201
|
* `use_tag_as_stream`: to use tag as a stream name
|
|
202
|
+
* `<web_identity_credentials>`: For EKS authentication.
|
|
203
|
+
* `role_arn`: The Amazon Resource Name (ARN) of the role to assume. This parameter is required when using `<web_identity_credentials>`.
|
|
204
|
+
* `role_session_name`: An identifier for the assumed role session. This parameter is required when using `<web_identity_credentials>`.
|
|
205
|
+
* `web_identity_token_file`: The absolute path to the file on disk containing the OIDC token. This parameter is required when using `<web_identity_credentials>`.
|
|
206
|
+
* `policy`: An IAM policy in JSON format. (default `nil`)
|
|
207
|
+
* `duration_seconds`: The duration, in seconds, of the role session. The value can range from
|
|
208
|
+
900 seconds (15 minutes) to 43200 seconds (12 hours). By default, the value
|
|
209
|
+
is set to 3600 seconds (1 hour). (default `nil`)
|
|
197
210
|
|
|
198
211
|
**NOTE:** `retention_in_days` requests additional IAM permission `logs:PutRetentionPolicy` for log_group.
|
|
199
212
|
Please refer to [the PutRetentionPolicy column in documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/permissions-reference-cwl.html) for details.
|
|
@@ -221,6 +234,11 @@ Please refer to [the PutRetentionPolicy column in documentation](https://docs.aw
|
|
|
221
234
|
#<storage>
|
|
222
235
|
# @type local # or redis, memcached, etc.
|
|
223
236
|
#</storage>
|
|
237
|
+
#<web_identity_credentials>
|
|
238
|
+
# role_arn "#{ENV['AWS_ROLE_ARN']}"
|
|
239
|
+
# role_session_name ROLE_SESSION_NAME
|
|
240
|
+
# web_identity_token_file "#{ENV['AWS_WEB_IDENTITY_TOKEN_FILE']}"
|
|
241
|
+
#</web_identity_credentials>
|
|
224
242
|
</source>
|
|
225
243
|
```
|
|
226
244
|
|
|
@@ -249,6 +267,14 @@ Please refer to [the PutRetentionPolicy column in documentation](https://docs.aw
|
|
|
249
267
|
* `format`: specify CloudWatchLogs' log format. (default `nil`)
|
|
250
268
|
* `<parse>`: specify parser plugin configuration. see also: https://docs.fluentd.org/v/1.0/parser#how-to-use
|
|
251
269
|
* `<storage>`: specify storage plugin configuration. see also: https://docs.fluentd.org/v/1.0/storage#how-to-use
|
|
270
|
+
* `<web_identity_credentials>`: For EKS authentication.
|
|
271
|
+
* `role_arn`: The Amazon Resource Name (ARN) of the role to assume. This parameter is required when using `<web_identity_credentials>`.
|
|
272
|
+
* `role_session_name`: An identifier for the assumed role session. This parameter is required when using `<web_identity_credentials>`.
|
|
273
|
+
* `web_identity_token_file`: The absolute path to the file on disk containing the OIDC token. This parameter is required when using `<web_identity_credentials>`.
|
|
274
|
+
* `policy`: An IAM policy in JSON format. (default `nil`)
|
|
275
|
+
* `duration_seconds`: The duration, in seconds, of the role session. The value can range from
|
|
276
|
+
900 seconds (15 minutes) to 43200 seconds (12 hours). By default, the value
|
|
277
|
+
is set to 3600 seconds (1 hour). (default `nil`)
|
|
252
278
|
|
|
253
279
|
## Test
|
|
254
280
|
|
|
@@ -35,6 +35,13 @@ module Fluent::Plugin
|
|
|
35
35
|
config_param :time_range_format, :string, default: "%Y-%m-%d %H:%M:%S"
|
|
36
36
|
config_param :throttling_retry_seconds, :time, default: nil
|
|
37
37
|
config_param :include_metadata, :bool, default: false
|
|
38
|
+
config_section :web_identity_credentials, multi: false do
|
|
39
|
+
config_param :role_arn, :string
|
|
40
|
+
config_param :role_session_name, :string
|
|
41
|
+
config_param :web_identity_token_file, :string, default: nil #required
|
|
42
|
+
config_param :policy, :string, default: nil
|
|
43
|
+
config_param :duration_seconds, :time, default: nil
|
|
44
|
+
end
|
|
38
45
|
|
|
39
46
|
config_section :parse do
|
|
40
47
|
config_set_default :@type, 'none'
|
|
@@ -79,6 +86,18 @@ module Fluent::Plugin
|
|
|
79
86
|
role_arn: @aws_sts_role_arn,
|
|
80
87
|
role_session_name: @aws_sts_session_name
|
|
81
88
|
)
|
|
89
|
+
elsif @web_identity_credentials
|
|
90
|
+
c = @web_identity_credentials
|
|
91
|
+
credentials_options = {}
|
|
92
|
+
credentials_options[:role_arn] = c.role_arn
|
|
93
|
+
credentials_options[:role_session_name] = c.role_session_name
|
|
94
|
+
credentials_options[:web_identity_token_file] = c.web_identity_token_file
|
|
95
|
+
credentials_options[:policy] = c.policy if c.policy
|
|
96
|
+
credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
|
|
97
|
+
if @region
|
|
98
|
+
credentials_options[:client] = Aws::STS::Client.new(:region => @region)
|
|
99
|
+
end
|
|
100
|
+
options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
|
|
82
101
|
else
|
|
83
102
|
options[:credentials] = Aws::Credentials.new(@aws_key_id, @aws_sec_key) if @aws_key_id && @aws_sec_key
|
|
84
103
|
end
|
|
@@ -46,6 +46,13 @@ module Fluent::Plugin
|
|
|
46
46
|
config_param :remove_retention_in_days_key, :bool, default: false
|
|
47
47
|
config_param :json_handler, :enum, list: [:yajl, :json], :default => :yajl
|
|
48
48
|
config_param :log_rejected_request, :bool, :default => false
|
|
49
|
+
config_section :web_identity_credentials, multi: false do
|
|
50
|
+
config_param :role_arn, :string
|
|
51
|
+
config_param :role_session_name, :string
|
|
52
|
+
config_param :web_identity_token_file, :string, default: nil #required
|
|
53
|
+
config_param :policy, :string, default: nil
|
|
54
|
+
config_param :duration_seconds, :time, default: nil
|
|
55
|
+
end
|
|
49
56
|
|
|
50
57
|
config_section :buffer do
|
|
51
58
|
config_set_default :@type, DEFAULT_BUFFER_TYPE
|
|
@@ -98,6 +105,18 @@ module Fluent::Plugin
|
|
|
98
105
|
role_arn: @aws_sts_role_arn,
|
|
99
106
|
role_session_name: @aws_sts_session_name
|
|
100
107
|
)
|
|
108
|
+
elsif @web_identity_credentials
|
|
109
|
+
c = @web_identity_credentials
|
|
110
|
+
credentials_options = {}
|
|
111
|
+
credentials_options[:role_arn] = c.role_arn
|
|
112
|
+
credentials_options[:role_session_name] = c.role_session_name
|
|
113
|
+
credentials_options[:web_identity_token_file] = c.web_identity_token_file
|
|
114
|
+
credentials_options[:policy] = c.policy if c.policy
|
|
115
|
+
credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
|
|
116
|
+
if @region
|
|
117
|
+
credentials_options[:client] = Aws::STS::Client.new(:region => @region)
|
|
118
|
+
end
|
|
119
|
+
options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
|
|
101
120
|
else
|
|
102
121
|
options[:credentials] = Aws::Credentials.new(@aws_key_id, @aws_sec_key) if @aws_key_id && @aws_sec_key
|
|
103
122
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-cloudwatch-logs
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.11.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryota Arai
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-10-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: fluentd
|
|
@@ -108,7 +108,7 @@ dependencies:
|
|
|
108
108
|
- - ">="
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
110
|
version: '0'
|
|
111
|
-
description:
|
|
111
|
+
description:
|
|
112
112
|
email:
|
|
113
113
|
- ryota.arai@gmail.com
|
|
114
114
|
executables: []
|
|
@@ -136,7 +136,7 @@ homepage: https://github.com/fluent-plugins-nursery/fluent-plugin-cloudwatch-log
|
|
|
136
136
|
licenses:
|
|
137
137
|
- MIT
|
|
138
138
|
metadata: {}
|
|
139
|
-
post_install_message:
|
|
139
|
+
post_install_message:
|
|
140
140
|
rdoc_options: []
|
|
141
141
|
require_paths:
|
|
142
142
|
- lib
|
|
@@ -151,8 +151,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
152
|
version: '0'
|
|
153
153
|
requirements: []
|
|
154
|
-
rubygems_version: 3.
|
|
155
|
-
signing_key:
|
|
154
|
+
rubygems_version: 3.1.2
|
|
155
|
+
signing_key:
|
|
156
156
|
specification_version: 4
|
|
157
157
|
summary: CloudWatch Logs Plugin for Fluentd
|
|
158
158
|
test_files:
|