fluent-plugin-grafana-loki 1.2.14 → 1.2.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/fluent/plugin/out_loki.rb +44 -25
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9da0220850d940db558feefbf825cd3e1b5a73c73f0a2e35516c98a9bc86f4f8
|
|
4
|
+
data.tar.gz: 50f3c8cfda6747c98cf0335f6cf60705b828e34e44c5372ac9ff5c13f59caf96
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 64ee54f30a6cb6da3c5b2725eebe9f3a8b25e41ba51bcf8027d876d33080ffbd831371252ba05f39a3dced2fad6d94a9b35f918d4be060e25f3d690223005a06
|
|
7
|
+
data.tar.gz: f6c507d56f16056306e8f53688a5a509cb1425947b57dba7e143aa4b2496dcb438adc38be2a1b9bde4051ef8c522214f514149888bb93fcd38760f08db143968
|
|
@@ -35,21 +35,24 @@ module Fluent
|
|
|
35
35
|
|
|
36
36
|
DEFAULT_BUFFER_TYPE = 'memory'
|
|
37
37
|
|
|
38
|
-
desc '
|
|
38
|
+
desc 'Loki API base URL'
|
|
39
39
|
config_param :url, :string, default: 'https://logs-prod-us-central1.grafana.net'
|
|
40
40
|
|
|
41
|
-
desc '
|
|
41
|
+
desc 'Authentication: basic auth credentials'
|
|
42
42
|
config_param :username, :string, default: nil
|
|
43
43
|
config_param :password, :string, default: nil, secret: true
|
|
44
44
|
|
|
45
|
-
desc '
|
|
45
|
+
desc 'Authentication: Authorization header with Bearer token scheme'
|
|
46
|
+
config_param :bearer_token_file, :string, default: nil
|
|
47
|
+
|
|
48
|
+
desc 'TLS: parameters for presenting a client certificate'
|
|
46
49
|
config_param :cert, :string, default: nil
|
|
47
50
|
config_param :key, :string, default: nil
|
|
48
51
|
|
|
49
|
-
desc 'TLS'
|
|
52
|
+
desc 'TLS: CA certificate file for server certificate verification'
|
|
50
53
|
config_param :ca_cert, :string, default: nil
|
|
51
54
|
|
|
52
|
-
desc '
|
|
55
|
+
desc 'TLS: disable server certificate verification'
|
|
53
56
|
config_param :insecure_tls, :bool, default: false
|
|
54
57
|
|
|
55
58
|
desc 'Loki tenant id'
|
|
@@ -80,7 +83,7 @@ module Fluent
|
|
|
80
83
|
super
|
|
81
84
|
@uri = URI.parse(@url + '/loki/api/v1/push')
|
|
82
85
|
unless @uri.is_a?(URI::HTTP) || @uri.is_a?(URI::HTTPS)
|
|
83
|
-
raise Fluent::ConfigError, '
|
|
86
|
+
raise Fluent::ConfigError, 'URL parameter must have HTTP/HTTPS scheme'
|
|
84
87
|
end
|
|
85
88
|
|
|
86
89
|
@record_accessors = {}
|
|
@@ -96,24 +99,42 @@ module Fluent
|
|
|
96
99
|
@remove_keys_accessors.push(record_accessor_create(key))
|
|
97
100
|
end
|
|
98
101
|
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
+
# If configured, load and validate client certificate (and corresponding key)
|
|
103
|
+
if client_cert_configured?
|
|
104
|
+
load_client_cert
|
|
105
|
+
validate_client_cert_key
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
raise "bearer_token_file #{@bearer_token_file} not found" if !@bearer_token_file.nil? && !File.exist?(@bearer_token_file)
|
|
109
|
+
|
|
110
|
+
@auth_token_bearer = nil
|
|
111
|
+
if !@bearer_token_file.nil?
|
|
112
|
+
if !File.exist?(@bearer_token_file)
|
|
113
|
+
raise "bearer_token_file #{@bearer_token_file} not found"
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
# Read the file once, assume long-lived authentication token.
|
|
117
|
+
@auth_token_bearer = File.read(@bearer_token_file)
|
|
118
|
+
if @auth_token_bearer.empty?
|
|
119
|
+
raise "bearer_token_file #{@bearer_token_file} is empty"
|
|
120
|
+
end
|
|
121
|
+
log.info "will use Bearer token from bearer_token_file #{@bearer_token_file} in Authorization header"
|
|
102
122
|
end
|
|
103
123
|
|
|
124
|
+
|
|
104
125
|
raise "CA certificate file #{@ca_cert} not found" if !@ca_cert.nil? && !File.exist?(@ca_cert)
|
|
105
126
|
end
|
|
106
127
|
|
|
107
|
-
def
|
|
128
|
+
def client_cert_configured?
|
|
108
129
|
!@key.nil? && !@cert.nil?
|
|
109
130
|
end
|
|
110
131
|
|
|
111
|
-
def
|
|
132
|
+
def load_client_cert
|
|
112
133
|
@cert = OpenSSL::X509::Certificate.new(File.read(@cert)) if @cert
|
|
113
134
|
@key = OpenSSL::PKey.read(File.read(@key)) if @key
|
|
114
135
|
end
|
|
115
136
|
|
|
116
|
-
def
|
|
137
|
+
def validate_client_cert_key
|
|
117
138
|
if !@key.is_a?(OpenSSL::PKey::RSA) && !@key.is_a?(OpenSSL::PKey::DSA)
|
|
118
139
|
raise "Unsupported private key type #{key.class}"
|
|
119
140
|
end
|
|
@@ -123,13 +144,6 @@ module Fluent
|
|
|
123
144
|
true
|
|
124
145
|
end
|
|
125
146
|
|
|
126
|
-
def http_opts(uri)
|
|
127
|
-
opts = {
|
|
128
|
-
use_ssl: uri.scheme == 'https'
|
|
129
|
-
}
|
|
130
|
-
opts
|
|
131
|
-
end
|
|
132
|
-
|
|
133
147
|
# flush a chunk to loki
|
|
134
148
|
def write(chunk)
|
|
135
149
|
# streams by label
|
|
@@ -141,7 +155,10 @@ module Fluent
|
|
|
141
155
|
# add ingest path to loki url
|
|
142
156
|
res = loki_http_request(body, tenant)
|
|
143
157
|
|
|
144
|
-
|
|
158
|
+
if res.is_a?(Net::HTTPSuccess)
|
|
159
|
+
log.debug "POST request was responded to with status code #{res.code}"
|
|
160
|
+
return
|
|
161
|
+
end
|
|
145
162
|
|
|
146
163
|
res_summary = "#{res.code} #{res.message} #{res.body}"
|
|
147
164
|
log.warn "failed to write post to #{@uri} (#{res_summary})"
|
|
@@ -151,19 +168,19 @@ module Fluent
|
|
|
151
168
|
raise(LogPostError, res_summary) if res.is_a?(Net::HTTPTooManyRequests) || res.is_a?(Net::HTTPServerError)
|
|
152
169
|
end
|
|
153
170
|
|
|
154
|
-
def
|
|
171
|
+
def http_request_opts(uri)
|
|
155
172
|
opts = {
|
|
156
173
|
use_ssl: uri.scheme == 'https'
|
|
157
174
|
}
|
|
158
175
|
|
|
159
|
-
#
|
|
176
|
+
# Optionally disable server server certificate verification.
|
|
160
177
|
if @insecure_tls
|
|
161
178
|
opts = opts.merge(
|
|
162
179
|
verify_mode: OpenSSL::SSL::VERIFY_NONE
|
|
163
180
|
)
|
|
164
181
|
end
|
|
165
182
|
|
|
166
|
-
#
|
|
183
|
+
# Optionally present client certificate
|
|
167
184
|
if !@cert.nil? && !@key.nil?
|
|
168
185
|
opts = opts.merge(
|
|
169
186
|
cert: @cert,
|
|
@@ -171,7 +188,8 @@ module Fluent
|
|
|
171
188
|
)
|
|
172
189
|
end
|
|
173
190
|
|
|
174
|
-
#
|
|
191
|
+
# For server certificate verification: set custom CA bundle.
|
|
192
|
+
# Only takes effect when `insecure_tls` is not set.
|
|
175
193
|
unless @ca_cert.nil?
|
|
176
194
|
opts = opts.merge(
|
|
177
195
|
ca_file: @ca_cert
|
|
@@ -194,11 +212,12 @@ module Fluent
|
|
|
194
212
|
@uri.request_uri
|
|
195
213
|
)
|
|
196
214
|
req.add_field('Content-Type', 'application/json')
|
|
215
|
+
req.add_field('Authorization', "Bearer #{@auth_token_bearer}") if !@auth_token_bearer.nil?
|
|
197
216
|
req.add_field('X-Scope-OrgID', tenant) if tenant
|
|
198
217
|
req.body = Yajl.dump(body)
|
|
199
218
|
req.basic_auth(@username, @password) if @username
|
|
200
219
|
|
|
201
|
-
opts =
|
|
220
|
+
opts = http_request_opts(@uri)
|
|
202
221
|
|
|
203
222
|
msg = "sending #{req.body.length} bytes to loki"
|
|
204
223
|
msg += " (tenant: \"#{tenant}\")" if tenant
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-grafana-loki
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.2.
|
|
4
|
+
version: 1.2.15
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- woodsaj
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2020-
|
|
13
|
+
date: 2020-10-16 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: fluentd
|