fluent-plugin-s3 1.3.2 → 1.3.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ChangeLog +5 -0
- data/VERSION +1 -1
- data/lib/fluent/plugin/in_s3.rb +2 -2
- data/lib/fluent/plugin/out_s3.rb +11 -3
- data/test/test_out_s3.rb +30 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6b9e71e48fe8776d96c49e62012af3fc76ad2dbc6d7ded8a5514a82b1e9d0fc6
|
|
4
|
+
data.tar.gz: c1cba63a0f740b46557fe3e99ae86415a395df09fa573e9c12fe96de058f6971
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 705a0c4eff9cac0ea5f8bd1b36b081a2c282b6cfb1b4c54ebc1e94e819560fc51b4d7192041d67a7054c89f645448a33af4f76c71f0050c026cd535f97c1309a
|
|
7
|
+
data.tar.gz: 0eb1a170b8d8155a156c7d7b786a2ff5a9a3a618e63a98fca1eb75ae93b32fe71daffd513a08a41597f69d3639a604cb60780058a4db0aed8e70aa86000d5d43
|
data/ChangeLog
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.3.
|
|
1
|
+
1.3.3
|
data/lib/fluent/plugin/in_s3.rb
CHANGED
|
@@ -118,11 +118,11 @@ module Fluent::Plugin
|
|
|
118
118
|
def configure(conf)
|
|
119
119
|
super
|
|
120
120
|
|
|
121
|
-
if @s3_endpoint && @s3_endpoint.end_with?('amazonaws.com')
|
|
121
|
+
if @s3_endpoint && (@s3_endpoint.end_with?('amazonaws.com') && !['fips', 'gov'].any? { |e| @s3_endpoint.include?(e) })
|
|
122
122
|
raise Fluent::ConfigError, "s3_endpoint parameter is not supported for S3, use s3_region instead. This parameter is for S3 compatible services"
|
|
123
123
|
end
|
|
124
124
|
|
|
125
|
-
if @sqs.endpoint && @sqs.endpoint.end_with?('amazonaws.com')
|
|
125
|
+
if @sqs.endpoint && (@sqs.endpoint.end_with?('amazonaws.com') && !['fips', 'gov'].any? { |e| @sqs.endpoint.include?(e) })
|
|
126
126
|
raise Fluent::ConfigError, "sqs/endpoint parameter is not supported for SQS, use s3_region instead. This parameter is for SQS compatible services"
|
|
127
127
|
end
|
|
128
128
|
|
data/lib/fluent/plugin/out_s3.rb
CHANGED
|
@@ -39,6 +39,8 @@ module Fluent::Plugin
|
|
|
39
39
|
config_param :duration_seconds, :integer, default: nil
|
|
40
40
|
desc "A unique identifier that is used by third parties when assuming roles in their customers' accounts."
|
|
41
41
|
config_param :external_id, :string, default: nil, secret: true
|
|
42
|
+
desc "The region of the STS endpoint to use."
|
|
43
|
+
config_param :sts_region, :string, default: nil
|
|
42
44
|
end
|
|
43
45
|
# See the following link for additional params that could be added:
|
|
44
46
|
# https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/STS/Client.html#assume_role_with_web_identity-instance_method
|
|
@@ -53,6 +55,8 @@ module Fluent::Plugin
|
|
|
53
55
|
config_param :policy, :string, default: nil
|
|
54
56
|
desc "The duration, in seconds, of the role session (900-43200)"
|
|
55
57
|
config_param :duration_seconds, :integer, default: nil
|
|
58
|
+
desc "The region of the STS endpoint to use."
|
|
59
|
+
config_param :sts_region, :string, default: nil
|
|
56
60
|
end
|
|
57
61
|
config_section :instance_profile_credentials, multi: false do
|
|
58
62
|
desc "Number of times to retry when retrieving credentials"
|
|
@@ -171,7 +175,7 @@ module Fluent::Plugin
|
|
|
171
175
|
|
|
172
176
|
Aws.use_bundled_cert! if @use_bundled_cert
|
|
173
177
|
|
|
174
|
-
if @s3_endpoint && @s3_endpoint.end_with?('amazonaws.com')
|
|
178
|
+
if @s3_endpoint && (@s3_endpoint.end_with?('amazonaws.com') && !['fips', 'gov'].any? { |e| @s3_endpoint.include?(e) })
|
|
175
179
|
raise Fluent::ConfigError, "s3_endpoint parameter is not supported for S3, use s3_region instead. This parameter is for S3 compatible services"
|
|
176
180
|
end
|
|
177
181
|
|
|
@@ -485,7 +489,9 @@ module Fluent::Plugin
|
|
|
485
489
|
credentials_options[:policy] = c.policy if c.policy
|
|
486
490
|
credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
|
|
487
491
|
credentials_options[:external_id] = c.external_id if c.external_id
|
|
488
|
-
if
|
|
492
|
+
if c.sts_region
|
|
493
|
+
credentials_options[:client] = Aws::STS::Client.new(region: c.sts_region)
|
|
494
|
+
elsif @s3_region
|
|
489
495
|
credentials_options[:client] = Aws::STS::Client.new(region: @s3_region)
|
|
490
496
|
end
|
|
491
497
|
options[:credentials] = Aws::AssumeRoleCredentials.new(credentials_options)
|
|
@@ -496,7 +502,9 @@ module Fluent::Plugin
|
|
|
496
502
|
credentials_options[:web_identity_token_file] = c.web_identity_token_file
|
|
497
503
|
credentials_options[:policy] = c.policy if c.policy
|
|
498
504
|
credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
|
|
499
|
-
if
|
|
505
|
+
if c.sts_region
|
|
506
|
+
credentials_options[:client] = Aws::STS::Client.new(:region => c.sts_region)
|
|
507
|
+
elsif @s3_region
|
|
500
508
|
credentials_options[:client] = Aws::STS::Client.new(:region => @s3_region)
|
|
501
509
|
end
|
|
502
510
|
options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
|
data/test/test_out_s3.rb
CHANGED
|
@@ -593,6 +593,36 @@ EOC
|
|
|
593
593
|
assert_equal(expected_credentials, credentials)
|
|
594
594
|
end
|
|
595
595
|
|
|
596
|
+
def test_web_identity_credentials_with_sts_region
|
|
597
|
+
expected_credentials = Aws::Credentials.new("test_key", "test_secret")
|
|
598
|
+
sts_client = Aws::STS::Client.new(region: 'us-east-1')
|
|
599
|
+
mock(Aws::STS::Client).new(region: 'us-east-1'){ sts_client }
|
|
600
|
+
mock(Aws::AssumeRoleWebIdentityCredentials).new(
|
|
601
|
+
role_arn: "test_arn",
|
|
602
|
+
role_session_name: "test_session",
|
|
603
|
+
web_identity_token_file: "test_file",
|
|
604
|
+
client: sts_client
|
|
605
|
+
){
|
|
606
|
+
expected_credentials
|
|
607
|
+
}
|
|
608
|
+
|
|
609
|
+
config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
|
|
610
|
+
config += %[
|
|
611
|
+
s3_region us-west-2
|
|
612
|
+
<web_identity_credentials>
|
|
613
|
+
role_arn test_arn
|
|
614
|
+
role_session_name test_session
|
|
615
|
+
web_identity_token_file test_file
|
|
616
|
+
sts_region us-east-1
|
|
617
|
+
</web_identity_credentials>
|
|
618
|
+
]
|
|
619
|
+
d = create_time_sliced_driver(config)
|
|
620
|
+
assert_nothing_raised { d.run {} }
|
|
621
|
+
client = d.instance.instance_variable_get(:@s3).client
|
|
622
|
+
credentials = client.config.credentials
|
|
623
|
+
assert_equal(expected_credentials, credentials)
|
|
624
|
+
end
|
|
625
|
+
|
|
596
626
|
def test_instance_profile_credentials
|
|
597
627
|
expected_credentials = Aws::Credentials.new("test_key", "test_secret")
|
|
598
628
|
mock(Aws::InstanceProfileCredentials).new({}).returns(expected_credentials)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-s3
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sadayuki Furuhashi
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2020-
|
|
12
|
+
date: 2020-06-25 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: fluentd
|