fluent-plugin-google-cloud 0.4.17 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4caeb3e6a9cec431492945788635d7e99e3a0b16
-  data.tar.gz: a88c1ce91b2335bac4b4a37f0c5899c864652046
+  metadata.gz: 1989b8ce8911575be17949674d1d8dfb137dbeda
+  data.tar.gz: f5ac2f7ca47a5c61dfc7a32a9254b6de841a2182
 SHA512:
-  metadata.gz: f7130260e115f6547ba0db5782534f9f890655298c37beaafa4d9f254adf1f1489bf26b0a31df225e19dc694d81954d91c60aa12a7ffbd20e0018d3cacb50603
-  data.tar.gz: f8dda17b58fe377783f29f91f93f71bbb2a53f7dca2c440485288efa684c3fba9b3d51e53948add7b8e991d328858972cfab0aec660f2ece1311eea58e3bfe39
+  metadata.gz: 9de731cc6f29055be014d6894f0b4930c7c6b5d836c149789d0ae06fe7e14a09687307485b559b6cf77335770a1f84003945468ed9b863d11c49a079142dad1a
+  data.tar.gz: aa07feea223b293e68da01fcf7e35facef3aa3af7ce3a8ba014304479e3521129809f004bb94a342ac6a00a2ee83bb0fe4132a2caae87ecdfcc4691cf6adbb5b

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    fluent-plugin-google-cloud (0.4.16)
+    fluent-plugin-google-cloud (0.5.0)
       fluentd (~> 0.10)
       google-api-client (> 0.9)
       googleauth (~> 0.4)

data/README.rdoc

@@ -38,7 +38,7 @@ for authorization - for additional information see
 {here}[https://cloud.google.com/logging/docs/agent/authorization].
 
 <em>The previously documented parameters auth_method, private_key_email,
-and private_key_path are deprecated and should no longer be used.</em>
+and private_key_path are removed, and can no longer be used.</em>
 
 == Copyright
 

data/Rakefile

@@ -16,7 +16,17 @@ Rake::TestTask.new(:test) do |test|
   test.verbose = true
 end
 
+# Building the gem will use the local file mode, so ensure it's world-readable.
+# https://github.com/GoogleCloudPlatform/fluent-plugin-google-cloud/issues/53
+desc 'Check plugin file permissions'
+task :check_perms do
+  plugin = 'lib/fluent/plugin/out_google_cloud.rb'
+  mode = File.stat(plugin).mode & 0777
+  fail "Unexpected mode #{mode.to_s(8)} for #{plugin}" unless
+    mode & 0444 == 0444
+end
+
 desc 'Run unit tests and RuboCop to check for style violations'
-task all: [:test, :rubocop]
+task all: [:test, :rubocop, :check_perms]
 
 task default: :all

data/fluent-plugin-google-cloud.gemspec

@@ -10,25 +10,23 @@ eos
   gem.homepage      = \
     'https://github.com/GoogleCloudPlatform/fluent-plugin-google-cloud'
   gem.license       = 'Apache-2.0'
-  gem.version       = '0.4.17'
+  gem.version       = '0.5.0'
   gem.authors       = ['Todd Derr', 'Alex Robinson']
   gem.email         = ['salty@google.com']
+  gem.required_ruby_version = Gem::Requirement.new('>= 2.0')
 
   gem.files         = Dir['**/*'].keep_if { |file| File.file?(file) }
   gem.test_files    = gem.files.grep(/^(test)/)
   gem.require_paths = ['lib']
 
   gem.add_runtime_dependency 'fluentd', '~> 0.10'
-  gem.add_runtime_dependency 'google-api-client', '>= 0.8.6', '< 0.9'
+  gem.add_runtime_dependency 'google-api-client', '> 0.9'
   gem.add_runtime_dependency 'googleauth', '~> 0.4'
   gem.add_runtime_dependency 'json', '~> 1.8'
-  # workaround for jwt 1.5.3 breaking ruby 1.9 support (included by googleauth)
-  # see https://github.com/jwt/ruby-jwt/issues/132
-  gem.add_runtime_dependency 'jwt', '< 1.5.3'
 
   gem.add_development_dependency 'mocha', '~> 1.1'
   gem.add_development_dependency 'rake', '~> 10.3'
-  gem.add_development_dependency 'rubocop', '= 0.34.2'
+  gem.add_development_dependency 'rubocop', '= 0.35.0'
   gem.add_development_dependency 'webmock', '~> 1.17'
   gem.add_development_dependency 'test-unit', '~> 3.0'
 end

data/lib/fluent/plugin/out_google_cloud.rb

@@ -11,14 +11,13 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'cgi'
-require 'google/api_client'
-require 'google/api_client/auth/compute_service_account'
-require 'googleauth'
 require 'json'
 require 'open-uri'
 require 'socket'
 require 'yaml'
+require 'google/apis'
+require 'google/apis/logging_v1beta3'
+require 'googleauth'
 
 module Fluent
   # fluentd output plugin for the Google Cloud Logging API
@@ -26,7 +25,7 @@ module Fluent
     Fluent::Plugin.register_output('google_cloud', self)
 
     PLUGIN_NAME = 'Fluentd Google Cloud Logging plugin'
-    PLUGIN_VERSION = '0.4.17'
+    PLUGIN_VERSION = '0.5.0'
 
     # Constants for service names.
     APPENGINE_SERVICE = 'appengine.googleapis.com'
@@ -42,28 +41,9 @@ module Fluent
     # Address of the metadata service.
     METADATA_SERVICE_ADDR = '169.254.169.254'
 
-    # Fields allowed in httpRequest object
-    HTTP_REQUEST_FIELDS = %w(requestMethod requestUrl requestSize status
-                             responseSize userAgent remoteIp referer
-                             cacheHit validatedWithOriginServer)
-
     # Disable this warning to conform to fluentd config_param conventions.
     # rubocop:disable Style/HashSyntax
 
-    # DEPRECATED: auth_method (and support for 'private_key') is deprecated in
-    # favor of Google Application Default Credentials as documented at:
-    # https://developers.google.com/identity/protocols/application-default-credentials
-    # 'private_key' is still accepted to support existing users; any other
-    # value is ignored.
-    config_param :auth_method, :string, :default => nil
-
-    # DEPRECATED: Parameters necessary to use the private_key auth_method.
-    config_param :private_key_email, :string, :default => nil
-    config_param :private_key_path, :string, :default => nil
-    config_param :private_key_passphrase, :string,
-                 :default => 'notasecret',
-                 :secret => true
-
     # Specify project/instance metadata.
     #
     # project_id, zone, and vm_id are required to have valid values, which
@@ -117,6 +97,15 @@ module Fluent
     #   }
     config_param :label_map, :hash, :default => nil
 
+    # DEPRECATED: The following parameters, if present in the config
+    # indicate that the plugin configuration must be updated.
+    config_param :auth_method, :string, :default => nil
+    config_param :private_key_email, :string, :default => nil
+    config_param :private_key_path, :string, :default => nil
+    config_param :private_key_passphrase, :string,
+                 :default => nil,
+                 :secret => true
+
     # rubocop:enable Style/HashSyntax
 
     # TODO: Add a log_name config option rather than just using the tag?
@@ -141,21 +130,19 @@ module Fluent
     def configure(conf)
       super
 
-      unless @auth_method.nil?
-        @log.warn 'auth_method is deprecated; please migrate to using ' \
-          'Application Default Credentials.'
-        if @auth_method == 'private_key'
-          if !@private_key_email
-            fail Fluent::ConfigError, '"private_key_email" must be ' \
-              'specified if auth_method is "private_key"'
-          elsif !@private_key_path
-            fail Fluent::ConfigError, '"private_key_path" must be ' \
-              'specified if auth_method is "private_key"'
-          elsif !@private_key_passphrase
-            fail Fluent::ConfigError, '"private_key_passphrase" must be ' \
-              'specified if auth_method is "private_key"'
-          end
-        end
+      # Alert on old authentication configuration.
+      unless @auth_method.nil? && @private_key_email.nil? &&
+             @private_key_path.nil? && @private_key_passphrase.nil?
+        extra = []
+        extra << 'auth_method' unless @auth_method.nil?
+        extra << 'private_key_email' unless @private_key_email.nil?
+        extra << 'private_key_path' unless @private_key_path.nil?
+        extra << 'private_key_passphrase' unless @private_key_passphrase.nil?
+
+        fail Fluent::ConfigError,
+             "#{PLUGIN_NAME} no longer supports auth_method.\n" \
+             'Please remove configuration parameters: ' +
+               extra.join(' ')
       end
 
       # TODO: Send instance tags as labels as well?
@@ -350,14 +337,13 @@ module Fluent
         arr.each do |time, record|
           next unless record.is_a?(Hash)
 
-          entry = {
-            'metadata' => {
-              'serviceName' => @service_name,
-              'projectId' => @project_id,
-              'zone' => @zone,
-              'labels' => {}
-            }
-          }
+          entry = Google::Apis::LoggingV1beta3::LogEntry.new(
+            metadata: Google::Apis::LoggingV1beta3::LogEntryMetadata.new(
+              service_name: @service_name,
+              project_id: @project_id,
+              zone: @zone,
+              labels: {}
+            ))
 
           if @service_name == CLOUDFUNCTIONS_SERVICE && record.key?('log')
             @cloudfunctions_log_match =
@@ -365,7 +351,7 @@ module Fluent
           end
           if @service_name == CONTAINER_SERVICE
             # Move the stdout/stderr annotation from the record into a label
-            field_to_label(record, 'stream', entry['metadata']['labels'],
+            field_to_label(record, 'stream', entry.metadata.labels,
                            "#{CONTAINER_SERVICE}/stream")
             # If the record has been annotated by the kubernetes_metadata_filter
             # plugin, then use that metadata. Otherwise, rely on commonLabels
@@ -403,87 +389,75 @@ module Fluent
           # and do not send that field as part of the payload.
           if @label_map
             @label_map.each do |field, label|
-              field_to_label(record, field, entry['metadata']['labels'], label)
+              field_to_label(record, field, entry.metadata.labels, label)
             end
           end
 
           if @service_name == CLOUDFUNCTIONS_SERVICE &&
              @cloudfunctions_log_match &&
              @cloudfunctions_log_match['execution_id']
-            entry['metadata']['labels']['execution_id'] =
+            entry.metadata.labels['execution_id'] =
               @cloudfunctions_log_match['execution_id']
           end
 
           set_payload(record, entry, is_container_json)
-
-          # Remove the labels metadata if we didn't populate it with anything.
-          if entry['metadata']['labels'].empty?
-            entry['metadata'].delete('labels')
-          end
+          entry.metadata.labels = nil if entry.metadata.labels.empty?
 
           entries.push(entry)
         end
         # Don't send an empty request if we rejected all the entries.
         next if entries.empty?
 
-        log_name = CGI.escape(log_name(tag, labels))
-        url = 'https://logging.googleapis.com/v1beta3/projects/' \
-          "#{@project_id}/logs/#{log_name}/entries:write"
+        log_name = log_name(tag, labels)
 
         begin
+          # Does the actual write to the cloud logging api.
+          # The URI of the write is constructed by the Google::Api request;
+          # it is equivalent to this URL:
+          # 'https://logging.googleapis.com/v1beta3/projects/' \
+          #   "#{@project_id}/logs/#{log_name}/entries:write"
+
           client = api_client
-          request = client.generate_request(
-            uri: url,
-            http_method: 'POST',
-            authenticated: true,
-            body_object: {
-              'commonLabels' => labels,
-              'entries' => entries
-            }
-          )
-          client.execute!(request)
+
+          write_request = \
+            Google::Apis::LoggingV1beta3::WriteLogEntriesRequest.new(
+              common_labels: labels,
+              entries: entries)
+
+          # TODO: RequestOptions
+          client.write_log_entries(@project_id, log_name, write_request)
+
           # Let the user explicitly know when the first call succeeded,
           # to aid with verification and troubleshooting.
           unless @successful_call
             @successful_call = true
             @log.info 'Successfully sent to Google Cloud Logging API.'
           end
-        # Allow most exceptions to propagate, which will cause fluentd to
-        # retry (with backoff), but in some cases we catch the error and
-        # drop the request (we will emit a log message in those cases).
-        rescue Google::APIClient::ClientError => error
+
+        rescue Google::Apis::ServerError => error
+          # Server error, so retry via re-raising the error.
+          raise error
+
+        rescue Google::Apis::AuthorizationError => error
+          # Authorization error.
+          # These are usually solved via a `gcloud auth` call, or by modifying
+          # the permissions on the Google Cloud project.
+          dropped = entries.length
+          @log.warn "Dropping #{dropped} log message(s)",
+                    error_class: error.class.to_s, error: error.to_s
+
+        rescue Google::Apis::ClientError => error
           # Most ClientErrors indicate a problem with the request itself and
-          # should not be retried, unless it is an authentication issue, in
-          # which case we will retry the request via re-raising the exception.
-          raise error if retriable_client_error?(error)
-          log_write_failure(entries.length, error)
-        rescue JSON::GeneratorError => error
-          # This happens if the request contains illegal characters;
-          # do not retry it because it will fail repeatedly.
-          log_write_failure(entries.length, error)
+          # should not be retried.
+          dropped = entries.length
+          @log.warn "Dropping #{dropped} log message(s)",
+                    error_class: error.class.to_s, error: error.to_s
         end
       end
     end
 
     private
 
-    RETRIABLE_CLIENT_ERRORS = Set.new [
-      'Invalid Credentials',
-      'Request had invalid credentials.',
-      'The caller does not have permission',
-      'Project has not enabled the API. Please use Google Developers ' \
-        'Console to activate the API for your project.',
-      'Unable to fetch access token (no scopes configured?)']
-
-    def retriable_client_error?(error)
-      RETRIABLE_CLIENT_ERRORS.include?(error.message)
-    end
-
-    def log_write_failure(dropped, error)
-      @log.warn "Dropping #{dropped} log message(s)",
-                error_class: error.class.to_s, error: error.to_s
-    end
-
     def parse_json_or_nil(input)
       # Only here to please rubocop...
       return nil if input.nil?
@@ -512,11 +486,11 @@ module Fluent
 
       begin
         open('http://' + METADATA_SERVICE_ADDR) do |f|
-          if (f.meta['metadata-flavor'] == 'Google')
+          if f.meta['metadata-flavor'] == 'Google'
             @log.info 'Detected GCE platform'
             return Platform::GCE
           end
-          if (f.meta['server'] == 'EC2ws')
+          if f.meta['server'] == 'EC2ws'
             @log.info 'Detected EC2 platform'
             return Platform::EC2
           end
@@ -554,7 +528,6 @@ module Fluent
       # Determine the project ID from the credentials, if possible.
       # Returns the project ID (as a string) on success, or nil on failure.
       def self.project_id
-        return nil if @auth_method == 'private_key'
         creds = Google::Auth.get_application_default(LOGGING_SCOPE)
         if creds.issuer
           id = extract_project_id(creds.issuer)
@@ -610,16 +583,14 @@ module Fluent
         record.delete('timestamp')
       elsif record.key?('timestampSeconds') &&
             record.key?('timestampNanos')
-        ts_secs = record['timestampSeconds']
-        ts_nanos = record['timestampNanos']
-        record.delete('timestampSeconds')
-        record.delete('timestampNanos')
+        ts_secs = record.delete('timestampSeconds')
+        ts_nanos = record.delete('timestampNanos')
       elsif record.key?('timeNanos')
         # This is deprecated since the precision is insufficient.
         # Use timestampSeconds/timestampNanos instead
-        ts_secs = (record['timeNanos'] / 1_000_000_000).to_i
-        ts_nanos = record['timeNanos'] % 1_000_000_000
-        record.delete('timeNanos')
+        nanos = record.delete('timeNanos')
+        ts_secs = (nanos / 1_000_000_000).to_i
+        ts_nanos = nanos % 1_000_000_000
         unless @timenanos_warning
           # Warn the user this is deprecated, but only once to avoid spam.
           @timenanos_warning = true
@@ -636,47 +607,51 @@ module Fluent
         ts_secs = timestamp.tv_sec
         ts_nanos = timestamp.tv_nsec
       end
-      entry['metadata']['timestamp'] = {
-        'seconds' => ts_secs,
-        'nanos' => ts_nanos
+      entry.metadata.timestamp = {
+        seconds: ts_secs,
+        nanos: ts_nanos
       }
     end
 
     def set_severity(record, entry)
       if @service_name == CLOUDFUNCTIONS_SERVICE
         if @cloudfunctions_log_match && @cloudfunctions_log_match['severity']
-          entry['metadata']['severity'] =
+          entry.metadata.severity =
             parse_severity(@cloudfunctions_log_match['severity'])
         elsif record.key?('stream') && record['stream'] == 'stdout'
-          entry['metadata']['severity'] = 'INFO'
+          entry.metadata.severity = 'INFO'
           record.delete('stream')
         elsif record.key?('stream') && record['stream'] == 'stderr'
-          entry['metadata']['severity'] = 'ERROR'
+          entry.metadata.severity = 'ERROR'
           record.delete('stream')
         else
-          entry['metadata']['severity'] = 'DEFAULT'
+          entry.metadata.severity = 'DEFAULT'
         end
       elsif record.key?('severity')
-        entry['metadata']['severity'] = parse_severity(record['severity'])
+        entry.metadata.severity = parse_severity(record['severity'])
         record.delete('severity')
       else
-        entry['metadata']['severity'] = 'DEFAULT'
+        entry.metadata.severity = 'DEFAULT'
       end
     end
 
     def set_http_request(record, entry)
-      return unless record['httpRequest'].is_a?(Hash)
-
-      entry['httpRequest'] = {}
-
-      HTTP_REQUEST_FIELDS.each do |field|
-        if record['httpRequest'].key?(field)
-          entry['httpRequest'][field] = record['httpRequest'][field]
-          record['httpRequest'].delete(field)
-        end
-      end
-
-      record.delete('httpRequest') if record['httpRequest'].empty?
+      return nil unless record['httpRequest'].is_a?(Hash)
+      input = record['httpRequest']
+      output = Google::Apis::LoggingV1beta3::HttpRequest.new
+      output.request_method = input.delete('requestMethod')
+      output.request_url = input.delete('requestUrl')
+      output.request_size = input.delete('requestSize')
+      output.status = input.delete('status')
+      output.response_size = input.delete('responseSize')
+      output.user_agent = input.delete('userAgent')
+      output.remote_ip = input.delete('remoteIp')
+      output.referer = input.delete('referer')
+      output.cache_hit = input.delete('cacheHit')
+      output.validated_with_origin_server = \
+        input.delete('validatedWithOriginServer')
+      record.delete('httpRequest') if input.empty?
+      entry.http_request = output
     end
 
     # Values permitted by the API for 'severity' (which is an enum).
@@ -748,13 +723,13 @@ module Fluent
     def handle_container_metadata(record, entry)
       fields = %w(namespace_id namespace_name pod_id pod_name container_name)
       fields.each do |field|
-        field_to_label(record['kubernetes'], field, entry['metadata']['labels'],
+        field_to_label(record['kubernetes'], field, entry.metadata.labels,
                        "#{CONTAINER_SERVICE}/#{field}")
       end
       # Prepend label/ to all user-defined labels' keys.
       if record['kubernetes'].key?('labels')
         record['kubernetes']['labels'].each do |key, value|
-          entry['metadata']['labels']["label/#{key}"] = value
+          entry.metadata.labels["label/#{key}"] = value
         end
       end
       # We've explicitly consumed all the fields we care about -- don't litter
@@ -777,20 +752,20 @@ module Fluent
       # 3. This is an unstructured Container log and the 'log' key is available
       # 4. The only remaining key is 'message'
       if @service_name == CLOUDFUNCTIONS_SERVICE && @cloudfunctions_log_match
-        entry['textPayload'] = @cloudfunctions_log_match['text']
+        entry.text_payload = @cloudfunctions_log_match['text']
       elsif @service_name == CLOUDFUNCTIONS_SERVICE && record.key?('log')
-        entry['textPayload'] = record['log']
+        entry.text_payload = record['log']
       elsif @service_name == CONTAINER_SERVICE && record.key?('log') &&
             !is_container_json
-        entry['textPayload'] = record['log']
+        entry.text_payload = record['log']
       elsif record.size == 1 && record.key?('message')
-        entry['textPayload'] = record['message']
+        entry.text_payload = record['message']
       else
-        entry['structPayload'] = record
+        entry.struct_payload = record
       end
     end
 
-    def log_name(tag, commonLabels)
+    def log_name(tag, common_labels)
       if @service_name == CLOUDFUNCTIONS_SERVICE
         return 'cloud-functions'
       elsif @running_on_managed_vm
@@ -800,30 +775,20 @@ module Fluent
         # For Kubernetes logs, use just the container name as the log name
         # if we have it.
         container_name_key = "#{CONTAINER_SERVICE}/container_name"
-        if commonLabels && commonLabels.key?(container_name_key)
-          return commonLabels[container_name_key]
+        if common_labels && common_labels.key?(container_name_key)
+          return common_labels[container_name_key]
         end
       end
       tag
     end
 
     def init_api_client
-      @client = Google::APIClient.new(
-        application_name: PLUGIN_NAME,
-        application_version: PLUGIN_VERSION,
-        retries: 1)
-
-      if @auth_method == 'private_key'
-        key = Google::APIClient::PKCS12.load_key(@private_key_path,
-                                                 @private_key_passphrase)
-        jwt_asserter = Google::APIClient::JWTAsserter.new(
-          @private_key_email, LOGGING_SCOPE, key)
-        @client.authorization = jwt_asserter.to_authorization
-        @client.authorization.expiry = 3600 # 3600s is the max allowed value
-      else
-        @client.authorization = Google::Auth.get_application_default(
-          LOGGING_SCOPE)
-      end
+      # TODO: Use a non-default ClientOptions object.
+      Google::Apis::ClientOptions.default.application_name = PLUGIN_NAME
+      Google::Apis::ClientOptions.default.application_version = PLUGIN_VERSION
+      @client = Google::Apis::LoggingV1beta3::LoggingService.new
+      @client.authorization = Google::Auth.get_application_default(
+        LOGGING_SCOPE)
     end
 
     def api_client

data/test/plugin/test_out_google_cloud.rb

@@ -16,6 +16,7 @@ require 'helper'
 require 'json'
 require 'mocha/test_unit'
 require 'webmock/test_unit'
+require 'google/apis'
 
 # Unit tests for Google Cloud Logging plugin
 class GoogleCloudOutputTest < Test::Unit::TestCase
@@ -117,9 +118,9 @@ class GoogleCloudOutputTest < Test::Unit::TestCase
 
   # rubocop:disable Metrics/LineLength
   PRIVATE_KEY_CONFIG = %(
-    auth_method private_key
-    private_key_email 271661262351-ft99kc9kjro9rrihq3k2n3s2inbplu0q@developer.gserviceaccount.com
-    private_key_path test/plugin/data/c31e573fd7f62ed495c9ca3821a5a85cb036dee1-privatekey.p12
+     auth_method private_key
+     private_key_email 271661262351-ft99kc9kjro9rrihq3k2n3s2inbplu0q@developer.gserviceaccount.com
+     private_key_path test/plugin/data/c31e573fd7f62ed495c9ca3821a5a85cb036dee1-privatekey.p12
   )
   # rubocop:enable Metrics/LineLength
 
@@ -138,14 +139,6 @@ class GoogleCloudOutputTest < Test::Unit::TestCase
     vm_name #{CUSTOM_HOSTNAME}
   )
 
-  CONFIG_MISSING_PRIVATE_KEY_PATH = %(
-    auth_method private_key
-    private_key_email nobody@example.com
-  )
-  CONFIG_MISSING_PRIVATE_KEY_EMAIL = %(
-    auth_method private_key
-    private_key_path /fake/path/to/key
-  )
   CONFIG_MISSING_METADATA_PROJECT_ID = %(
     zone #{CUSTOM_ZONE}
     vm_id #{CUSTOM_VM_ID}
@@ -331,43 +324,28 @@ class GoogleCloudOutputTest < Test::Unit::TestCase
   def test_configure_service_account_application_default
     setup_gce_metadata_stubs
     d = create_driver(APPLICATION_DEFAULT_CONFIG)
-    assert d.instance.auth_method.nil?
+    assert_equal HOSTNAME, d.instance.vm_name
   end
 
   def test_configure_service_account_private_key
+    # Using out-of-date config method.
     setup_gce_metadata_stubs
-    d = create_driver(PRIVATE_KEY_CONFIG)
-    assert_equal 'private_key', d.instance.auth_method
-  end
-
-  def test_configure_custom_metadata
-    setup_no_metadata_service_stubs
-    d = create_driver(CUSTOM_METADATA_CONFIG)
-    assert_equal CUSTOM_PROJECT_ID, d.instance.project_id
-    assert_equal CUSTOM_ZONE, d.instance.zone
-    assert_equal CUSTOM_VM_ID, d.instance.vm_id
-  end
-
-  def test_configure_invalid_private_key_missing_path
     exception_count = 0
     begin
-      _d = create_driver(CONFIG_MISSING_PRIVATE_KEY_PATH)
+      _d = create_driver(PRIVATE_KEY_CONFIG)
     rescue Fluent::ConfigError => error
-      assert error.message.include? 'private_key_path'
+      assert error.message.include? 'Please remove configuration parameters'
       exception_count += 1
     end
     assert_equal 1, exception_count
   end
 
-  def test_configure_invalid_private_key_missing_email
-    exception_count = 0
-    begin
-      _d = create_driver(CONFIG_MISSING_PRIVATE_KEY_EMAIL)
-    rescue Fluent::ConfigError => error
-      assert error.message.include? 'private_key_email'
-      exception_count += 1
-    end
-    assert_equal 1, exception_count
+  def test_configure_custom_metadata
+    setup_no_metadata_service_stubs
+    d = create_driver(CUSTOM_METADATA_CONFIG)
+    assert_equal CUSTOM_PROJECT_ID, d.instance.project_id
+    assert_equal CUSTOM_ZONE, d.instance.zone
+    assert_equal CUSTOM_VM_ID, d.instance.vm_id
   end
 
   def test_configure_invalid_metadata_missing_project_id_no_metadata_service
@@ -569,15 +547,6 @@ class GoogleCloudOutputTest < Test::Unit::TestCase
     assert_equal 1, exception_count
   end
 
-  def test_one_log_private_key
-    setup_gce_metadata_stubs
-    setup_logging_stubs
-    d = create_driver(PRIVATE_KEY_CONFIG)
-    d.emit('message' => log_entry(0))
-    d.run
-    verify_log_entries(1, COMPUTE_PARAMS)
-  end
-
   def test_one_log_custom_metadata
     # don't set up any metadata stubs, so the test will fail if we try to
     # fetch metadata (and explicitly check this as well).
@@ -795,7 +764,7 @@ class GoogleCloudOutputTest < Test::Unit::TestCase
     assert @logs_sent.empty?
   end
 
-  def test_client_error
+  def test_client_400
     setup_gce_metadata_stubs
     # The API Client should not retry this and the plugin should consume
     # the exception.
@@ -807,43 +776,19 @@ class GoogleCloudOutputTest < Test::Unit::TestCase
     assert_requested(:post, uri_for_log(COMPUTE_PARAMS), times: 1)
   end
 
-  # helper for the ClientError retriable special cases below.
-  def client_error_helper(message)
+  # All credentials errors resolve to a 401.
+  def test_client_401
     setup_gce_metadata_stubs
     stub_request(:post, uri_for_log(COMPUTE_PARAMS))
-      .to_return(status: 401, body: message)
+      .to_return(status: 401, body: 'Unauthorized')
     d = create_driver
     d.emit('message' => log_entry(0))
-    exception_count = 0
     begin
       d.run
-    rescue Google::APIClient::ClientError => error
-      assert_equal message, error.message
-      exception_count += 1
+    rescue Google::Apis::AuthorizationError => error
+      assert_equal 'Unauthorized', error.message
     end
     assert_requested(:post, uri_for_log(COMPUTE_PARAMS), times: 2)
-    assert_equal 1, exception_count
-  end
-
-  def test_client_error_invalid_credentials
-    client_error_helper('Invalid Credentials')
-  end
-
-  def test_client_error_caller_does_not_have_permission
-    client_error_helper('The caller does not have permission')
-  end
-
-  def test_client_error_request_had_invalid_credentials
-    client_error_helper('Request had invalid credentials.')
-  end
-
-  def test_client_error_project_has_not_enabled_the_api
-    client_error_helper('Project has not enabled the API. Please use ' \
-      'Google Developers Console to activate the API for your project.')
-  end
-
-  def test_client_error_unable_to_fetch_accesss_token
-    client_error_helper('Unable to fetch access token (no scopes configured?)')
   end
 
   def test_server_error
@@ -857,11 +802,11 @@ class GoogleCloudOutputTest < Test::Unit::TestCase
     exception_count = 0
     begin
       d.run
-    rescue Google::APIClient::ServerError => error
-      assert_equal 'Server Error', error.message
+    rescue Google::Apis::ServerError => error
+      assert_equal 'Server error', error.message
       exception_count += 1
     end
-    assert_requested(:post, uri_for_log(COMPUTE_PARAMS), times: 2)
+    assert_requested(:post, uri_for_log(COMPUTE_PARAMS), times: 1)
     assert_equal 1, exception_count
   end
 
@@ -1266,14 +1211,6 @@ class GoogleCloudOutputTest < Test::Unit::TestCase
                  status: 200,
                  headers: { 'Content-Length' => FAKE_AUTH_TOKEN.length,
                             'Content-Type' => 'application/json' })
-
-    # Used for 'private_key' auth.
-    stub_request(:post, 'https://accounts.google.com/o/oauth2/token')
-      .with(body: hash_including(grant_type: AUTH_GRANT_TYPE))
-      .to_return(body: %({"access_token": "#{FAKE_AUTH_TOKEN}"}),
-                 status: 200,
-                 headers: { 'Content-Length' => FAKE_AUTH_TOKEN.length,
-                            'Content-Type' => 'application/json' })
   end
 
   def setup_managed_vm_metadata_stubs
@@ -1376,7 +1313,7 @@ class GoogleCloudOutputTest < Test::Unit::TestCase
           assert entry.key?(payload_type), 'Entry did not contain expected ' \
             "#{payload_type} key: " + entry.to_s
           # Check the payload for textPayload, otherwise it's up to the caller.
-          if (payload_type == 'textPayload')
+          if payload_type == 'textPayload'
             assert_equal "test log entry #{i}", entry['textPayload'], batch
           end
         end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-google-cloud
 version: !ruby/object:Gem::Version
-  version: 0.4.17
+  version: 0.5.0
 platform: ruby
 authors:
 - Todd Derr
@@ -29,20 +29,14 @@ dependencies:
   name: google-api-client
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.8.6
-    - - "<"
+    - - ">"
       - !ruby/object:Gem::Version
         version: '0.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.8.6
-    - - "<"
+    - - ">"
       - !ruby/object:Gem::Version
         version: '0.9'
 - !ruby/object:Gem::Dependency
@@ -73,20 +67,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.8'
-- !ruby/object:Gem::Dependency
-  name: jwt
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 1.5.3
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 1.5.3
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
@@ -121,14 +101,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.34.2
+        version: 0.35.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.34.2
+        version: 0.35.0
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -194,7 +174,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="