fluent-plugin-kubernetes_metadata_filter 2.1.5 → 2.1.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +5 -5
  2. data/README.md +3 -0
  3. data/fluent-plugin-kubernetes_metadata_filter.gemspec +1 -1
  4. data/lib/fluent/plugin/filter_kubernetes_metadata.rb +19 -0
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 375c81d10e8289931076d5897cc16a5469ab46c4
4
- data.tar.gz: 820c9cd521aeb1bc0732fd26b1ad0bf1a2f596bf
2
+ SHA256:
3
+ metadata.gz: 4a83bf6d7f3f2f80e380d89a9aa78024c706a4312b971d8d53ffe79a67bdb322
4
+ data.tar.gz: 241adc577d1c9eb2bdb97ef2a7d7ef6511cbbe836e15b91301f04657e4345feb
5
5
  SHA512:
6
- metadata.gz: 405b343bfd0db4636663b87a46841786f2c369f9f3d2847e722b867a36b6698c5662bb2815b732547e09b79368864ad27c8c49fcad91af691f05b46eded95d10
7
- data.tar.gz: d3e25d492f9e2ba6311f03d0e83a12e96da0ee487075c079dc09eee75b11326a2497cccf7c5f9a3c2fd84346d4fedc3ed43d3b0684a16547bfcba36346b60063
6
+ metadata.gz: 2e3923244e262befe237d2f35cc8f54788558e22ff53cec53bd4edd044931ea35682bee853eda5775254df44026cfdedd16bda247aee2b2f443b1cb73e853514
7
+ data.tar.gz: bda740f2a37e0a2510277b84c32e469360b8652327d47b994b464942ab17e246b6eda6f16ad43c4b65b806b8928188886524684ae37199abf9cd58edab84445b
data/README.md CHANGED
@@ -54,6 +54,9 @@ when true (default: `true`)
54
54
  * `orphaned_namespace_name` - The namespace to associate with records where the namespace can not be determined (default: `.orphaned`)
55
55
  * `orphaned_namespace_id` - The namespace id to associate with records where the namespace can not be determined (default: `orphaned`)
56
56
  * `lookup_from_k8s_field` - If the field `kubernetes` is present, lookup the metadata from the given subfields such as `kubernetes.namespace_name`, `kubernetes.pod_name`, etc. This allows you to avoid having to pass in metadata to lookup in an explicitly formatted tag name or in an explicitly formatted `CONTAINER_NAME` value. For example, set `kubernetes.namespace_name`, `kubernetes.pod_name`, `kubernetes.container_name`, and `docker.id` in the record, and the filter will fill in the rest. (default: `true`)
57
+ * `ssl_partial_chain` - if `ca_file` is for an intermediate CA, or otherwise we do not have the root CA and want
58
+ to trust the intermediate CA certs we do have, set this to `true` - this corresponds to
59
+ the `openssl s_client -partial_chain` flag and `X509_V_FLAG_PARTIAL_CHAIN` (default: `false`)
57
60
 
58
61
  **NOTE:** As of the release 2.1.x of this plugin, it no longer supports parsing the source message into JSON and attaching it to the
59
62
  payload. The following configuration options are removed:
data/fluent-plugin-kubernetes_metadata_filter.gemspec CHANGED
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
4
 
5
5
  Gem::Specification.new do |gem|
6
6
  gem.name = "fluent-plugin-kubernetes_metadata_filter"
7
- gem.version = "2.1.5"
7
+ gem.version = "2.1.6"
8
8
  gem.authors = ["Jimmi Dyson"]
9
9
  gem.email = ["jimmidyson@gmail.com"]
10
10
  gem.description = %q{Filter plugin to add Kubernetes metadata}
data/lib/fluent/plugin/filter_kubernetes_metadata.rb CHANGED
@@ -72,6 +72,10 @@ module Fluent::Plugin
72
72
  config_param :orphaned_namespace_name, :string, default: '.orphaned'
73
73
  config_param :orphaned_namespace_id, :string, default: 'orphaned'
74
74
  config_param :lookup_from_k8s_field, :bool, default: true
75
+ # if `ca_file` is for an intermediate CA, or otherwise we do not have the root CA and want
76
+ # to trust the intermediate CA certs we do have, set this to `true` - this corresponds to
77
+ # the openssl s_client -partial_chain flag and X509_V_FLAG_PARTIAL_CHAIN
78
+ config_param :ssl_partial_chain, :bool, default: false
75
79
 
76
80
  def fetch_pod_metadata(namespace_name, pod_name)
77
81
  log.trace("fetching pod metadata: #{namespace_name}/#{pod_name}") if log.trace?
@@ -219,6 +223,21 @@ module Fluent::Plugin
219
223
  verify_ssl: @verify_ssl ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
220
224
  }
221
225
 
226
+ if @ssl_partial_chain
227
+ # taken from the ssl.rb OpenSSL::SSL::SSLContext code for DEFAULT_CERT_STORE
228
+ require 'openssl'
229
+ ssl_store = OpenSSL::X509::Store.new
230
+ ssl_store.set_default_paths
231
+ if defined? OpenSSL::X509::V_FLAG_PARTIAL_CHAIN
232
+ flagval = OpenSSL::X509::V_FLAG_PARTIAL_CHAIN
233
+ else
234
+ # this version of ruby does not define OpenSSL::X509::V_FLAG_PARTIAL_CHAIN
235
+ flagval = 0x80000
236
+ end
237
+ ssl_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL | flagval
238
+ ssl_options[:cert_store] = ssl_store
239
+ end
240
+
222
241
  auth_options = {}
223
242
 
224
243
  if @bearer_token_file.present?
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-kubernetes_metadata_filter
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.5
4
+ version: 2.1.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jimmi Dyson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-11-19 00:00:00.000000000 Z
11
+ date: 2018-12-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: fluentd
@@ -256,7 +256,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
256
256
  version: '0'
257
257
  requirements: []
258
258
  rubyforge_project:
259
- rubygems_version: 2.6.12
259
+ rubygems_version: 2.7.6
260
260
  signing_key:
261
261
  specification_version: 4
262
262
  summary: Fluentd filter plugin to add Kubernetes metadata