fluent-plugin-s3 1.3.2 → 1.3.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fbed7d556d0f9b4cda2531325a30beab6089f1c0355891ce806f80c19ea99dd6
4
- data.tar.gz: bb76ae613efd56b49c3b55d9e4dd47402df460331b16df92d89197101307b46d
3
+ metadata.gz: 6b9e71e48fe8776d96c49e62012af3fc76ad2dbc6d7ded8a5514a82b1e9d0fc6
4
+ data.tar.gz: c1cba63a0f740b46557fe3e99ae86415a395df09fa573e9c12fe96de058f6971
5
5
  SHA512:
6
- metadata.gz: 24b5c6f162b1e093dfd56668812104d00f81a32c6970d95f6f2e15524148f3bdde1a155172554f0c8b711b7c82021620ebad14429c7a54521442667230890571
7
- data.tar.gz: b80c299e39e34a331752eef996e0d4fe9420fd897b50f6936ae9049821311b9ff38aa8435b9dfd83730bc1cb6522b9b6640e3a31239e004db51777d5449cdfc9
6
+ metadata.gz: 705a0c4eff9cac0ea5f8bd1b36b081a2c282b6cfb1b4c54ebc1e94e819560fc51b4d7192041d67a7054c89f645448a33af4f76c71f0050c026cd535f97c1309a
7
+ data.tar.gz: 0eb1a170b8d8155a156c7d7b786a2ff5a9a3a618e63a98fca1eb75ae93b32fe71daffd513a08a41597f69d3639a604cb60780058a4db0aed8e70aa86000d5d43
data/ChangeLog CHANGED
@@ -1,3 +1,8 @@
1
+ Release 1.3.3 - 2020/06/25
2
+
3
+ * Allow fips/gov included endpoint
4
+ * Support sts_region parameter
5
+
1
6
  Release 1.3.2 - 2020/05/18
2
7
 
3
8
  * out_s3: Show warning message for object conflict case.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.3.2
1
+ 1.3.3
@@ -118,11 +118,11 @@ module Fluent::Plugin
118
118
  def configure(conf)
119
119
  super
120
120
 
121
- if @s3_endpoint && @s3_endpoint.end_with?('amazonaws.com')
121
+ if @s3_endpoint && (@s3_endpoint.end_with?('amazonaws.com') && !['fips', 'gov'].any? { |e| @s3_endpoint.include?(e) })
122
122
  raise Fluent::ConfigError, "s3_endpoint parameter is not supported for S3, use s3_region instead. This parameter is for S3 compatible services"
123
123
  end
124
124
 
125
- if @sqs.endpoint && @sqs.endpoint.end_with?('amazonaws.com')
125
+ if @sqs.endpoint && (@sqs.endpoint.end_with?('amazonaws.com') && !['fips', 'gov'].any? { |e| @sqs.endpoint.include?(e) })
126
126
  raise Fluent::ConfigError, "sqs/endpoint parameter is not supported for SQS, use s3_region instead. This parameter is for SQS compatible services"
127
127
  end
128
128
 
@@ -39,6 +39,8 @@ module Fluent::Plugin
39
39
  config_param :duration_seconds, :integer, default: nil
40
40
  desc "A unique identifier that is used by third parties when assuming roles in their customers' accounts."
41
41
  config_param :external_id, :string, default: nil, secret: true
42
+ desc "The region of the STS endpoint to use."
43
+ config_param :sts_region, :string, default: nil
42
44
  end
43
45
  # See the following link for additional params that could be added:
44
46
  # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/STS/Client.html#assume_role_with_web_identity-instance_method
@@ -53,6 +55,8 @@ module Fluent::Plugin
53
55
  config_param :policy, :string, default: nil
54
56
  desc "The duration, in seconds, of the role session (900-43200)"
55
57
  config_param :duration_seconds, :integer, default: nil
58
+ desc "The region of the STS endpoint to use."
59
+ config_param :sts_region, :string, default: nil
56
60
  end
57
61
  config_section :instance_profile_credentials, multi: false do
58
62
  desc "Number of times to retry when retrieving credentials"
@@ -171,7 +175,7 @@ module Fluent::Plugin
171
175
 
172
176
  Aws.use_bundled_cert! if @use_bundled_cert
173
177
 
174
- if @s3_endpoint && @s3_endpoint.end_with?('amazonaws.com')
178
+ if @s3_endpoint && (@s3_endpoint.end_with?('amazonaws.com') && !['fips', 'gov'].any? { |e| @s3_endpoint.include?(e) })
175
179
  raise Fluent::ConfigError, "s3_endpoint parameter is not supported for S3, use s3_region instead. This parameter is for S3 compatible services"
176
180
  end
177
181
 
@@ -485,7 +489,9 @@ module Fluent::Plugin
485
489
  credentials_options[:policy] = c.policy if c.policy
486
490
  credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
487
491
  credentials_options[:external_id] = c.external_id if c.external_id
488
- if @s3_region
492
+ if c.sts_region
493
+ credentials_options[:client] = Aws::STS::Client.new(region: c.sts_region)
494
+ elsif @s3_region
489
495
  credentials_options[:client] = Aws::STS::Client.new(region: @s3_region)
490
496
  end
491
497
  options[:credentials] = Aws::AssumeRoleCredentials.new(credentials_options)
@@ -496,7 +502,9 @@ module Fluent::Plugin
496
502
  credentials_options[:web_identity_token_file] = c.web_identity_token_file
497
503
  credentials_options[:policy] = c.policy if c.policy
498
504
  credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
499
- if @s3_region
505
+ if c.sts_region
506
+ credentials_options[:client] = Aws::STS::Client.new(:region => c.sts_region)
507
+ elsif @s3_region
500
508
  credentials_options[:client] = Aws::STS::Client.new(:region => @s3_region)
501
509
  end
502
510
  options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
@@ -593,6 +593,36 @@ EOC
593
593
  assert_equal(expected_credentials, credentials)
594
594
  end
595
595
 
596
+ def test_web_identity_credentials_with_sts_region
597
+ expected_credentials = Aws::Credentials.new("test_key", "test_secret")
598
+ sts_client = Aws::STS::Client.new(region: 'us-east-1')
599
+ mock(Aws::STS::Client).new(region: 'us-east-1'){ sts_client }
600
+ mock(Aws::AssumeRoleWebIdentityCredentials).new(
601
+ role_arn: "test_arn",
602
+ role_session_name: "test_session",
603
+ web_identity_token_file: "test_file",
604
+ client: sts_client
605
+ ){
606
+ expected_credentials
607
+ }
608
+
609
+ config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
610
+ config += %[
611
+ s3_region us-west-2
612
+ <web_identity_credentials>
613
+ role_arn test_arn
614
+ role_session_name test_session
615
+ web_identity_token_file test_file
616
+ sts_region us-east-1
617
+ </web_identity_credentials>
618
+ ]
619
+ d = create_time_sliced_driver(config)
620
+ assert_nothing_raised { d.run {} }
621
+ client = d.instance.instance_variable_get(:@s3).client
622
+ credentials = client.config.credentials
623
+ assert_equal(expected_credentials, credentials)
624
+ end
625
+
596
626
  def test_instance_profile_credentials
597
627
  expected_credentials = Aws::Credentials.new("test_key", "test_secret")
598
628
  mock(Aws::InstanceProfileCredentials).new({}).returns(expected_credentials)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-s3
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.2
4
+ version: 1.3.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sadayuki Furuhashi
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2020-05-18 00:00:00.000000000 Z
12
+ date: 2020-06-25 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: fluentd