fluent-plugin-grafana-loki 1.2.14 → 1.2.15

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/fluent/plugin/out_loki.rb +44 -25
  3. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1fd9308b0afb758b4718b7ad46fc5a3c154400a93514ea79fe3453279abe5cdc
4
- data.tar.gz: b67621f7aa29c775f6e81f546623dec74d326097071f2ce5bd04523ffd865769
3
+ metadata.gz: 9da0220850d940db558feefbf825cd3e1b5a73c73f0a2e35516c98a9bc86f4f8
4
+ data.tar.gz: 50f3c8cfda6747c98cf0335f6cf60705b828e34e44c5372ac9ff5c13f59caf96
5
5
  SHA512:
6
- metadata.gz: 5e6fee1480cdd594f027cbbb22e503a7ecc0dd2384a6b5d46083eed2a6cdbb820d3c3bfe8f98f2cd197d89cbee2876d8a6659d57a070980b609e6b0cc99fec7a
7
- data.tar.gz: 5452556eed1158c3ccaf5bcb5509a773ff89ad4f64e7b3e778603aef0d221cbd2d1ea5ff0e7bed47b1d68b51abae9bf58fccab5996b9ca67bcbfaf81a977cafe
6
+ metadata.gz: 64ee54f30a6cb6da3c5b2725eebe9f3a8b25e41ba51bcf8027d876d33080ffbd831371252ba05f39a3dced2fad6d94a9b35f918d4be060e25f3d690223005a06
7
+ data.tar.gz: f6c507d56f16056306e8f53688a5a509cb1425947b57dba7e143aa4b2496dcb438adc38be2a1b9bde4051ef8c522214f514149888bb93fcd38760f08db143968
@@ -35,21 +35,24 @@ module Fluent
35
35
 
36
36
  DEFAULT_BUFFER_TYPE = 'memory'
37
37
 
38
- desc 'url of loki server'
38
+ desc 'Loki API base URL'
39
39
  config_param :url, :string, default: 'https://logs-prod-us-central1.grafana.net'
40
40
 
41
- desc 'BasicAuth credentials'
41
+ desc 'Authentication: basic auth credentials'
42
42
  config_param :username, :string, default: nil
43
43
  config_param :password, :string, default: nil, secret: true
44
44
 
45
- desc 'Client certificate'
45
+ desc 'Authentication: Authorization header with Bearer token scheme'
46
+ config_param :bearer_token_file, :string, default: nil
47
+
48
+ desc 'TLS: parameters for presenting a client certificate'
46
49
  config_param :cert, :string, default: nil
47
50
  config_param :key, :string, default: nil
48
51
 
49
- desc 'TLS'
52
+ desc 'TLS: CA certificate file for server certificate verification'
50
53
  config_param :ca_cert, :string, default: nil
51
54
 
52
- desc 'Disable server certificate verification'
55
+ desc 'TLS: disable server certificate verification'
53
56
  config_param :insecure_tls, :bool, default: false
54
57
 
55
58
  desc 'Loki tenant id'
@@ -80,7 +83,7 @@ module Fluent
80
83
  super
81
84
  @uri = URI.parse(@url + '/loki/api/v1/push')
82
85
  unless @uri.is_a?(URI::HTTP) || @uri.is_a?(URI::HTTPS)
83
- raise Fluent::ConfigError, 'url parameter must be valid HTTP'
86
+ raise Fluent::ConfigError, 'URL parameter must have HTTP/HTTPS scheme'
84
87
  end
85
88
 
86
89
  @record_accessors = {}
@@ -96,24 +99,42 @@ module Fluent
96
99
  @remove_keys_accessors.push(record_accessor_create(key))
97
100
  end
98
101
 
99
- if ssl_cert?
100
- load_ssl
101
- validate_ssl_key
102
+ # If configured, load and validate client certificate (and corresponding key)
103
+ if client_cert_configured?
104
+ load_client_cert
105
+ validate_client_cert_key
106
+ end
107
+
108
+ raise "bearer_token_file #{@bearer_token_file} not found" if !@bearer_token_file.nil? && !File.exist?(@bearer_token_file)
109
+
110
+ @auth_token_bearer = nil
111
+ if !@bearer_token_file.nil?
112
+ if !File.exist?(@bearer_token_file)
113
+ raise "bearer_token_file #{@bearer_token_file} not found"
114
+ end
115
+
116
+ # Read the file once, assume long-lived authentication token.
117
+ @auth_token_bearer = File.read(@bearer_token_file)
118
+ if @auth_token_bearer.empty?
119
+ raise "bearer_token_file #{@bearer_token_file} is empty"
120
+ end
121
+ log.info "will use Bearer token from bearer_token_file #{@bearer_token_file} in Authorization header"
102
122
  end
103
123
 
124
+
104
125
  raise "CA certificate file #{@ca_cert} not found" if !@ca_cert.nil? && !File.exist?(@ca_cert)
105
126
  end
106
127
 
107
- def ssl_cert?
128
+ def client_cert_configured?
108
129
  !@key.nil? && !@cert.nil?
109
130
  end
110
131
 
111
- def load_ssl
132
+ def load_client_cert
112
133
  @cert = OpenSSL::X509::Certificate.new(File.read(@cert)) if @cert
113
134
  @key = OpenSSL::PKey.read(File.read(@key)) if @key
114
135
  end
115
136
 
116
- def validate_ssl_key
137
+ def validate_client_cert_key
117
138
  if !@key.is_a?(OpenSSL::PKey::RSA) && !@key.is_a?(OpenSSL::PKey::DSA)
118
139
  raise "Unsupported private key type #{key.class}"
119
140
  end
@@ -123,13 +144,6 @@ module Fluent
123
144
  true
124
145
  end
125
146
 
126
- def http_opts(uri)
127
- opts = {
128
- use_ssl: uri.scheme == 'https'
129
- }
130
- opts
131
- end
132
-
133
147
  # flush a chunk to loki
134
148
  def write(chunk)
135
149
  # streams by label
@@ -141,7 +155,10 @@ module Fluent
141
155
  # add ingest path to loki url
142
156
  res = loki_http_request(body, tenant)
143
157
 
144
- return if res.is_a?(Net::HTTPSuccess)
158
+ if res.is_a?(Net::HTTPSuccess)
159
+ log.debug "POST request was responded to with status code #{res.code}"
160
+ return
161
+ end
145
162
 
146
163
  res_summary = "#{res.code} #{res.message} #{res.body}"
147
164
  log.warn "failed to write post to #{@uri} (#{res_summary})"
@@ -151,19 +168,19 @@ module Fluent
151
168
  raise(LogPostError, res_summary) if res.is_a?(Net::HTTPTooManyRequests) || res.is_a?(Net::HTTPServerError)
152
169
  end
153
170
 
154
- def ssl_opts(uri)
171
+ def http_request_opts(uri)
155
172
  opts = {
156
173
  use_ssl: uri.scheme == 'https'
157
174
  }
158
175
 
159
- # Disable server TLS certificate verification
176
+ # Optionally disable server server certificate verification.
160
177
  if @insecure_tls
161
178
  opts = opts.merge(
162
179
  verify_mode: OpenSSL::SSL::VERIFY_NONE
163
180
  )
164
181
  end
165
182
 
166
- # Verify client TLS certificate
183
+ # Optionally present client certificate
167
184
  if !@cert.nil? && !@key.nil?
168
185
  opts = opts.merge(
169
186
  cert: @cert,
@@ -171,7 +188,8 @@ module Fluent
171
188
  )
172
189
  end
173
190
 
174
- # Specify custom certificate authority
191
+ # For server certificate verification: set custom CA bundle.
192
+ # Only takes effect when `insecure_tls` is not set.
175
193
  unless @ca_cert.nil?
176
194
  opts = opts.merge(
177
195
  ca_file: @ca_cert
@@ -194,11 +212,12 @@ module Fluent
194
212
  @uri.request_uri
195
213
  )
196
214
  req.add_field('Content-Type', 'application/json')
215
+ req.add_field('Authorization', "Bearer #{@auth_token_bearer}") if !@auth_token_bearer.nil?
197
216
  req.add_field('X-Scope-OrgID', tenant) if tenant
198
217
  req.body = Yajl.dump(body)
199
218
  req.basic_auth(@username, @password) if @username
200
219
 
201
- opts = ssl_opts(@uri)
220
+ opts = http_request_opts(@uri)
202
221
 
203
222
  msg = "sending #{req.body.length} bytes to loki"
204
223
  msg += " (tenant: \"#{tenant}\")" if tenant
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-grafana-loki
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.14
4
+ version: 1.2.15
5
5
  platform: ruby
6
6
  authors:
7
7
  - woodsaj
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2020-07-23 00:00:00.000000000 Z
13
+ date: 2020-10-16 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: fluentd