RubyGems - fluent-plugin-cloudwatch-logs - Versions diffs - 0.13.3 → 0.14.2 - Mend

fluent-plugin-cloudwatch-logs 0.13.3 → 0.14.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/.github/workflows/linux.yml +1 -1
data/.github/workflows/windows.yml +1 -1
data/README.md +11 -3
data/fluent-plugin-cloudwatch-logs.gemspec +1 -0
data/lib/fluent/plugin/cloudwatch/logs/version.rb +1 -1
data/lib/fluent/plugin/in_cloudwatch_logs.rb +21 -3
data/lib/fluent/plugin/out_cloudwatch_logs.rb +14 -1
metadata +17 -4
data/.travis.yml +0 -8

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b5c8b0cb261724720a72342f7c9b5a51dffd93c3deab87b24ca17dec5a342385
-  data.tar.gz: 85698ef2c6b1d51b507d3d1f27f7990e456b0aa76980c2c9520d4babbbec5fae
+  metadata.gz: c43fba0083c45e47060ad0aa61d01acbd7d3b5a114e8e96864075a84c5a18397
+  data.tar.gz: 7fb5cce4a8749fd19b53378f8ab0df8b59d233f9491239a2cd98cca704109eff
 SHA512:
-  metadata.gz: e8186340af3335ec492110059280fb6bdfdff9c90982b8ec27a7c923cc08fc95d9babbf525ea2f558adfd975f8c5bbff2d53e7e4c00177eaf2d9d8c7711c0aa1
-  data.tar.gz: ab3172fffdc73a7ccf307a0b0482cd15f017c30fb2a775a69da657bdaa659a5e3ccee5df4bad85666802dce5b8a172539f37edd8cbca149b22073755c2fae050
+  metadata.gz: 5854c662f12a1f68068b99f804824547df7c5a6220bb5bf54a29a706422e1bb50625f36fe5f0b51f95f226f887bc28aadfca86d779817b50a13afba1cbf1744c
+  data.tar.gz: 83cd966492bbfc1d7ac96d88088628f4b80148bb72dd21a45cca4cf1f2f14cc98ed097de0be07979812220405989c5f07f34d38cb34d490779633bf06807e505

data/.github/workflows/linux.yml CHANGED Viewed

@@ -8,7 +8,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby: [ '2.4', '2.5', '2.6', '2.7' ]
+        ruby: [ '2.5', '2.6', '2.7', '3.0' ]
         os:
           - ubuntu-latest
     name: Ruby ${{ matrix.ruby }} unit testing on ${{ matrix.os }}

data/.github/workflows/windows.yml CHANGED Viewed

@@ -8,7 +8,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby: [ '2.4', '2.5', '2.6', '2.7' ]
+        ruby: [ '2.5', '2.6', '2.7', '3.0' ]
         os:
           - windows-latest
     name: Ruby ${{ matrix.ruby }} unit testing on ${{ matrix.os }}

data/README.md CHANGED Viewed

@@ -16,10 +16,18 @@
 ## Installation
+### For Fluentd
 ```sh
 gem install fluent-plugin-cloudwatch-logs
 ```
+### For td-agent
+```sh
+td-agent-gem install fluent-plugin-cloudwatch-logs
+```
 ## Preparation
 Create IAM user with a policy like the following:
@@ -98,7 +106,7 @@ export AWS_ACCESS_KEY_ID="YOUR_ACCESS_KEY"
 export AWS_SECRET_ACCESS_KEY="YOUR_SECRET_ACCESS_KEY"
 ```
-Note: For this to work persistently the enviornment will need to be set in the startup scripts or docker variables.
+Note: For this to work persistently the environment will need to be set in the startup scripts or docker variables.
 ### AWS Configuration
@@ -176,6 +184,7 @@ Fetch sample log from CloudWatch Logs:
 * `aws_sec_key`: AWS Secret Access Key.  See [Authentication](#authentication) for more information.
 * `concurrency`: use to set the number of threads pushing data to CloudWatch. (default: 1)
 * `endpoint`: use this parameter to connect to the local API endpoint (for testing)
+* `ssl_verify_peer`: when `true` (default), SSL peer certificates are verified when establishing a connection. Setting to `false` can be useful for testing.
 * `http_proxy`: use to set an optional HTTP proxy
 * `include_time_key`: include time key as part of the log entry (defaults to UTC)
 * `json_handler`: name of the library to be used to handle JSON data. For now, supported libraries are `json` (default) and `yajl`.
@@ -255,6 +264,7 @@ Please refer to [the PutRetentionPolicy column in documentation](https://docs.aw
 * `aws_sts_session_name`: the session name to use with sts authentication (default: `fluentd`)
 * `aws_use_sts`: use [AssumeRoleCredentials](http://docs.aws.amazon.com/sdkforruby/api/Aws/AssumeRoleCredentials.html) to authenticate, rather than the [default credential hierarchy](http://docs.aws.amazon.com/sdkforruby/api/Aws/CloudWatchLogs/Client.html#initialize-instance_method). See 'Cross-Account Operation' below for more detail.
 * `endpoint`: use this parameter to connect to the local API endpoint (for testing)
+* `ssl_verify_peer`: when `true` (default), SSL peer certificates are verified when establishing a connection. Setting to `false` can be useful for testing.
 * `fetch_interval`: time period in seconds between checking CloudWatch for new logs. (default: 60)
 * `http_proxy`: use to set an optional HTTP proxy
 * `json_handler`:  name of the library to be used to handle JSON data. For now, supported libraries are `json` (default) and `yajl`.
@@ -444,10 +454,8 @@ In more detail, please refer to [the officilal document for built-in placeholder
 * out_cloudwatch_logs
   * if the data is too big for API, split into multiple requests
-  * format
   * check data size
 * in_cloudwatch_logs
-  * format
   * fallback to start_time because next_token expires after 24 hours
 ## Contributing

data/fluent-plugin-cloudwatch-logs.gemspec CHANGED Viewed

@@ -25,4 +25,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "test-unit"
   spec.add_development_dependency "test-unit-rr"
   spec.add_development_dependency "mocha"
+  spec.add_development_dependency "nokogiri"
 end

data/lib/fluent/plugin/cloudwatch/logs/version.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module Fluent
   module Plugin
     module Cloudwatch
       module Logs
-        VERSION = "0.13.3"
+        VERSION = "0.14.2"
       end
     end
   end

data/lib/fluent/plugin/in_cloudwatch_logs.rb CHANGED Viewed

@@ -17,9 +17,14 @@ module Fluent::Plugin
     config_param :aws_use_sts, :bool, default: false
     config_param :aws_sts_role_arn, :string, default: nil
     config_param :aws_sts_session_name, :string, default: 'fluentd'
+    config_param :aws_sts_external_id, :string, default: nil
+    config_param :aws_sts_policy, :string, default: nil
+    config_param :aws_sts_duration_seconds, :time, default: nil
     config_param :aws_sts_endpoint_url, :string, default: nil
+    config_param :aws_ecs_authentication, :bool, default: false
     config_param :region, :string, default: nil
     config_param :endpoint, :string, default: nil
+    config_param :ssl_verify_peer, :bool, :default => true
     config_param :tag, :string
     config_param :log_group_name, :string
     config_param :add_log_group_name, :bool, default: false
@@ -28,7 +33,7 @@ module Fluent::Plugin
     config_param :log_stream_name, :string, default: nil
     config_param :use_log_stream_name_prefix, :bool, default: false
     config_param :state_file, :string, default: nil,
-                 deprecated: "Use <stroage> instead."
+                 deprecated: "Use <storage> instead."
     config_param :fetch_interval, :time, default: 60
     config_param :http_proxy, :string, default: nil
     config_param :json_handler, :enum, list: [:yajl, :json], default: :yajl
@@ -82,13 +87,17 @@ module Fluent::Plugin
       options = {}
       options[:region] = @region if @region
       options[:endpoint] = @endpoint if @endpoint
+      options[:ssl_verify_peer] = @ssl_verify_peer
       options[:http_proxy] = @http_proxy if @http_proxy
       if @aws_use_sts
         Aws.config[:region] = options[:region]
         credentials_options = {
           role_arn: @aws_sts_role_arn,
-          role_session_name: @aws_sts_session_name
+          role_session_name: @aws_sts_session_name,
+          external_id: @aws_sts_external_id,
+          policy: @aws_sts_policy,
+          duration_seconds: @aws_sts_duration_seconds
         }
         credentials_options[:sts_endpoint_url] = @aws_sts_endpoint_url if @aws_sts_endpoint_url
         if @region and @aws_sts_endpoint_url
@@ -109,6 +118,10 @@ module Fluent::Plugin
           credentials_options[:client] = Aws::STS::Client.new(:region => @region)
         end
         options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
+      elsif @aws_ecs_authentication
+        # collect AWS credential from ECS relative uri ENV variable
+        aws_container_credentials_relative_uri = ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]
+        options[:credentials] = Aws::ECSCredentials.new({credential_path: aws_container_credentials_relative_uri}).credentials
       else
         options[:credentials] = Aws::Credentials.new(@aws_key_id, @aws_sec_key) if @aws_key_id && @aws_sec_key
       end
@@ -221,8 +234,8 @@ module Fluent::Plugin
               end
             end
           end
-        sleep 1
         end
+        sleep 1
       end
     end
@@ -272,6 +285,7 @@ module Fluent::Plugin
           log_next_token = next_token(log_stream_name)
         end
         request[:next_token] = log_next_token if !log_next_token.nil? && !log_next_token.empty?
+        request[:start_from_head] = true if read_from_head?(log_next_token)
         response = @logs.get_log_events(request)
         if valid_next_token(log_next_token, response.next_forward_token)
           if @use_log_group_name_prefix
@@ -285,6 +299,10 @@ module Fluent::Plugin
       end
     end
+    def read_from_head?(next_token)
+      (!next_token.nil? && !next_token.empty?) || @start_time || @end_time
+    end
     def describe_log_streams(log_stream_name_prefix, log_streams = nil, next_token = nil, log_group_name=nil)
       throttling_handler('describe_log_streams') do
         request = {

data/lib/fluent/plugin/out_cloudwatch_logs.rb CHANGED Viewed

@@ -19,9 +19,14 @@ module Fluent::Plugin
     config_param :aws_use_sts, :bool, default: false
     config_param :aws_sts_role_arn, :string, default: nil
     config_param :aws_sts_session_name, :string, default: 'fluentd'
+    config_param :aws_sts_external_id, :string, default: nil
+    config_param :aws_sts_policy, :string, default: nil
+    config_param :aws_sts_duration_seconds, :time, default: nil
     config_param :aws_sts_endpoint_url, :string, default: nil
+    config_param :aws_ecs_authentication, :bool, default: false
     config_param :region, :string, :default => nil
     config_param :endpoint, :string, :default => nil
+    config_param :ssl_verify_peer, :bool, :default => true
     config_param :log_group_name, :string, :default => nil
     config_param :log_stream_name, :string, :default => nil
     config_param :auto_create_stream, :bool, default: false
@@ -117,13 +122,17 @@ module Fluent::Plugin
       options[:log_level] = :debug if log
       options[:region] = @region if @region
       options[:endpoint] = @endpoint if @endpoint
+      options[:ssl_verify_peer] = @ssl_verify_peer
       options[:instance_profile_credentials_retries] = @aws_instance_profile_credentials_retries if @aws_instance_profile_credentials_retries
       if @aws_use_sts
         Aws.config[:region] = options[:region]
         credentials_options = {
           role_arn: @aws_sts_role_arn,
-          role_session_name: @aws_sts_session_name
+          role_session_name: @aws_sts_session_name,
+          external_id: @aws_sts_external_id,
+          policy: @aws_sts_policy,
+          duration_seconds: @aws_sts_duration_seconds
         }
         credentials_options[:sts_endpoint_url] = @aws_sts_endpoint_url if @aws_sts_endpoint_url
         if @region and @aws_sts_endpoint_url
@@ -144,6 +153,10 @@ module Fluent::Plugin
           credentials_options[:client] = Aws::STS::Client.new(:region => @region)
         end
         options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
+      elsif @aws_ecs_authentication
+        # collect AWS credential from ECS relative uri ENV variable
+        aws_container_credentials_relative_uri = ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]
+        options[:credentials] = Aws::ECSCredentials.new({credential_path: aws_container_credentials_relative_uri}).credentials
       else
         options[:credentials] = Aws::Credentials.new(@aws_key_id, @aws_sec_key) if @aws_key_id && @aws_sec_key
       end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-cloudwatch-logs
 version: !ruby/object:Gem::Version
-  version: 0.13.3
+  version: 0.14.2
 platform: ruby
 authors:
 - Ryota Arai
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-10 00:00:00.000000000 Z
+date: 2021-09-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -108,6 +108,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description:
 email:
 - ryota.arai@gmail.com
@@ -119,7 +133,6 @@ files:
 - ".github/workflows/linux.yml"
 - ".github/workflows/windows.yml"
 - ".gitignore"
-- ".travis.yml"
 - Gemfile
 - ISSUE_TEMPLATE.md
 - LICENSE.txt
@@ -153,7 +166,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.2.15
 signing_key:
 specification_version: 4
 summary: CloudWatch Logs Plugin for Fluentd

data/.travis.yml DELETED Viewed

@@ -1,8 +0,0 @@
-sudo: false
-language: ruby
-rvm:
-  - 2.6
-  - 2.5
-  - 2.4
-  - 2.3