fluent-plugin-grafana-loki 1.2.14 → 1.2.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/fluent/plugin/out_loki.rb +44 -25
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9da0220850d940db558feefbf825cd3e1b5a73c73f0a2e35516c98a9bc86f4f8
|
|
4
|
+
data.tar.gz: 50f3c8cfda6747c98cf0335f6cf60705b828e34e44c5372ac9ff5c13f59caf96
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 64ee54f30a6cb6da3c5b2725eebe9f3a8b25e41ba51bcf8027d876d33080ffbd831371252ba05f39a3dced2fad6d94a9b35f918d4be060e25f3d690223005a06
|
|
7
|
+
data.tar.gz: f6c507d56f16056306e8f53688a5a509cb1425947b57dba7e143aa4b2496dcb438adc38be2a1b9bde4051ef8c522214f514149888bb93fcd38760f08db143968
|
|
@@ -35,21 +35,24 @@ module Fluent
|
|
|
35
35
|
|
|
36
36
|
DEFAULT_BUFFER_TYPE = 'memory'
|
|
37
37
|
|
|
38
|
-
desc '
|
|
38
|
+
desc 'Loki API base URL'
|
|
39
39
|
config_param :url, :string, default: 'https://logs-prod-us-central1.grafana.net'
|
|
40
40
|
|
|
41
|
-
desc '
|
|
41
|
+
desc 'Authentication: basic auth credentials'
|
|
42
42
|
config_param :username, :string, default: nil
|
|
43
43
|
config_param :password, :string, default: nil, secret: true
|
|
44
44
|
|
|
45
|
-
desc '
|
|
45
|
+
desc 'Authentication: Authorization header with Bearer token scheme'
|
|
46
|
+
config_param :bearer_token_file, :string, default: nil
|
|
47
|
+
|
|
48
|
+
desc 'TLS: parameters for presenting a client certificate'
|
|
46
49
|
config_param :cert, :string, default: nil
|
|
47
50
|
config_param :key, :string, default: nil
|
|
48
51
|
|
|
49
|
-
desc 'TLS'
|
|
52
|
+
desc 'TLS: CA certificate file for server certificate verification'
|
|
50
53
|
config_param :ca_cert, :string, default: nil
|
|
51
54
|
|
|
52
|
-
desc '
|
|
55
|
+
desc 'TLS: disable server certificate verification'
|
|
53
56
|
config_param :insecure_tls, :bool, default: false
|
|
54
57
|
|
|
55
58
|
desc 'Loki tenant id'
|
|
@@ -80,7 +83,7 @@ module Fluent
|
|
|
80
83
|
super
|
|
81
84
|
@uri = URI.parse(@url + '/loki/api/v1/push')
|
|
82
85
|
unless @uri.is_a?(URI::HTTP) || @uri.is_a?(URI::HTTPS)
|
|
83
|
-
raise Fluent::ConfigError, '
|
|
86
|
+
raise Fluent::ConfigError, 'URL parameter must have HTTP/HTTPS scheme'
|
|
84
87
|
end
|
|
85
88
|
|
|
86
89
|
@record_accessors = {}
|
|
@@ -96,24 +99,42 @@ module Fluent
|
|
|
96
99
|
@remove_keys_accessors.push(record_accessor_create(key))
|
|
97
100
|
end
|
|
98
101
|
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
+
# If configured, load and validate client certificate (and corresponding key)
|
|
103
|
+
if client_cert_configured?
|
|
104
|
+
load_client_cert
|
|
105
|
+
validate_client_cert_key
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
raise "bearer_token_file #{@bearer_token_file} not found" if !@bearer_token_file.nil? && !File.exist?(@bearer_token_file)
|
|
109
|
+
|
|
110
|
+
@auth_token_bearer = nil
|
|
111
|
+
if !@bearer_token_file.nil?
|
|
112
|
+
if !File.exist?(@bearer_token_file)
|
|
113
|
+
raise "bearer_token_file #{@bearer_token_file} not found"
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
# Read the file once, assume long-lived authentication token.
|
|
117
|
+
@auth_token_bearer = File.read(@bearer_token_file)
|
|
118
|
+
if @auth_token_bearer.empty?
|
|
119
|
+
raise "bearer_token_file #{@bearer_token_file} is empty"
|
|
120
|
+
end
|
|
121
|
+
log.info "will use Bearer token from bearer_token_file #{@bearer_token_file} in Authorization header"
|
|
102
122
|
end
|
|
103
123
|
|
|
124
|
+
|
|
104
125
|
raise "CA certificate file #{@ca_cert} not found" if !@ca_cert.nil? && !File.exist?(@ca_cert)
|
|
105
126
|
end
|
|
106
127
|
|
|
107
|
-
def
|
|
128
|
+
def client_cert_configured?
|
|
108
129
|
!@key.nil? && !@cert.nil?
|
|
109
130
|
end
|
|
110
131
|
|
|
111
|
-
def
|
|
132
|
+
def load_client_cert
|
|
112
133
|
@cert = OpenSSL::X509::Certificate.new(File.read(@cert)) if @cert
|
|
113
134
|
@key = OpenSSL::PKey.read(File.read(@key)) if @key
|
|
114
135
|
end
|
|
115
136
|
|
|
116
|
-
def
|
|
137
|
+
def validate_client_cert_key
|
|
117
138
|
if !@key.is_a?(OpenSSL::PKey::RSA) && !@key.is_a?(OpenSSL::PKey::DSA)
|
|
118
139
|
raise "Unsupported private key type #{key.class}"
|
|
119
140
|
end
|
|
@@ -123,13 +144,6 @@ module Fluent
|
|
|
123
144
|
true
|
|
124
145
|
end
|
|
125
146
|
|
|
126
|
-
def http_opts(uri)
|
|
127
|
-
opts = {
|
|
128
|
-
use_ssl: uri.scheme == 'https'
|
|
129
|
-
}
|
|
130
|
-
opts
|
|
131
|
-
end
|
|
132
|
-
|
|
133
147
|
# flush a chunk to loki
|
|
134
148
|
def write(chunk)
|
|
135
149
|
# streams by label
|
|
@@ -141,7 +155,10 @@ module Fluent
|
|
|
141
155
|
# add ingest path to loki url
|
|
142
156
|
res = loki_http_request(body, tenant)
|
|
143
157
|
|
|
144
|
-
|
|
158
|
+
if res.is_a?(Net::HTTPSuccess)
|
|
159
|
+
log.debug "POST request was responded to with status code #{res.code}"
|
|
160
|
+
return
|
|
161
|
+
end
|
|
145
162
|
|
|
146
163
|
res_summary = "#{res.code} #{res.message} #{res.body}"
|
|
147
164
|
log.warn "failed to write post to #{@uri} (#{res_summary})"
|
|
@@ -151,19 +168,19 @@ module Fluent
|
|
|
151
168
|
raise(LogPostError, res_summary) if res.is_a?(Net::HTTPTooManyRequests) || res.is_a?(Net::HTTPServerError)
|
|
152
169
|
end
|
|
153
170
|
|
|
154
|
-
def
|
|
171
|
+
def http_request_opts(uri)
|
|
155
172
|
opts = {
|
|
156
173
|
use_ssl: uri.scheme == 'https'
|
|
157
174
|
}
|
|
158
175
|
|
|
159
|
-
#
|
|
176
|
+
# Optionally disable server server certificate verification.
|
|
160
177
|
if @insecure_tls
|
|
161
178
|
opts = opts.merge(
|
|
162
179
|
verify_mode: OpenSSL::SSL::VERIFY_NONE
|
|
163
180
|
)
|
|
164
181
|
end
|
|
165
182
|
|
|
166
|
-
#
|
|
183
|
+
# Optionally present client certificate
|
|
167
184
|
if !@cert.nil? && !@key.nil?
|
|
168
185
|
opts = opts.merge(
|
|
169
186
|
cert: @cert,
|
|
@@ -171,7 +188,8 @@ module Fluent
|
|
|
171
188
|
)
|
|
172
189
|
end
|
|
173
190
|
|
|
174
|
-
#
|
|
191
|
+
# For server certificate verification: set custom CA bundle.
|
|
192
|
+
# Only takes effect when `insecure_tls` is not set.
|
|
175
193
|
unless @ca_cert.nil?
|
|
176
194
|
opts = opts.merge(
|
|
177
195
|
ca_file: @ca_cert
|
|
@@ -194,11 +212,12 @@ module Fluent
|
|
|
194
212
|
@uri.request_uri
|
|
195
213
|
)
|
|
196
214
|
req.add_field('Content-Type', 'application/json')
|
|
215
|
+
req.add_field('Authorization', "Bearer #{@auth_token_bearer}") if !@auth_token_bearer.nil?
|
|
197
216
|
req.add_field('X-Scope-OrgID', tenant) if tenant
|
|
198
217
|
req.body = Yajl.dump(body)
|
|
199
218
|
req.basic_auth(@username, @password) if @username
|
|
200
219
|
|
|
201
|
-
opts =
|
|
220
|
+
opts = http_request_opts(@uri)
|
|
202
221
|
|
|
203
222
|
msg = "sending #{req.body.length} bytes to loki"
|
|
204
223
|
msg += " (tenant: \"#{tenant}\")" if tenant
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-grafana-loki
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.2.
|
|
4
|
+
version: 1.2.15
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- woodsaj
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2020-
|
|
13
|
+
date: 2020-10-16 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: fluentd
|