fluent-plugin-s3 1.3.2 → 1.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fbed7d556d0f9b4cda2531325a30beab6089f1c0355891ce806f80c19ea99dd6
4
- data.tar.gz: bb76ae613efd56b49c3b55d9e4dd47402df460331b16df92d89197101307b46d
3
+ metadata.gz: 6b9e71e48fe8776d96c49e62012af3fc76ad2dbc6d7ded8a5514a82b1e9d0fc6
4
+ data.tar.gz: c1cba63a0f740b46557fe3e99ae86415a395df09fa573e9c12fe96de058f6971
5
5
  SHA512:
6
- metadata.gz: 24b5c6f162b1e093dfd56668812104d00f81a32c6970d95f6f2e15524148f3bdde1a155172554f0c8b711b7c82021620ebad14429c7a54521442667230890571
7
- data.tar.gz: b80c299e39e34a331752eef996e0d4fe9420fd897b50f6936ae9049821311b9ff38aa8435b9dfd83730bc1cb6522b9b6640e3a31239e004db51777d5449cdfc9
6
+ metadata.gz: 705a0c4eff9cac0ea5f8bd1b36b081a2c282b6cfb1b4c54ebc1e94e819560fc51b4d7192041d67a7054c89f645448a33af4f76c71f0050c026cd535f97c1309a
7
+ data.tar.gz: 0eb1a170b8d8155a156c7d7b786a2ff5a9a3a618e63a98fca1eb75ae93b32fe71daffd513a08a41597f69d3639a604cb60780058a4db0aed8e70aa86000d5d43
data/ChangeLog CHANGED
@@ -1,3 +1,8 @@
1
+ Release 1.3.3 - 2020/06/25
2
+
3
+ * Allow fips/gov included endpoint
4
+ * Support sts_region parameter
5
+
1
6
  Release 1.3.2 - 2020/05/18
2
7
 
3
8
  * out_s3: Show warning message for object conflict case.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.3.2
1
+ 1.3.3
@@ -118,11 +118,11 @@ module Fluent::Plugin
118
118
  def configure(conf)
119
119
  super
120
120
 
121
- if @s3_endpoint && @s3_endpoint.end_with?('amazonaws.com')
121
+ if @s3_endpoint && (@s3_endpoint.end_with?('amazonaws.com') && !['fips', 'gov'].any? { |e| @s3_endpoint.include?(e) })
122
122
  raise Fluent::ConfigError, "s3_endpoint parameter is not supported for S3, use s3_region instead. This parameter is for S3 compatible services"
123
123
  end
124
124
 
125
- if @sqs.endpoint && @sqs.endpoint.end_with?('amazonaws.com')
125
+ if @sqs.endpoint && (@sqs.endpoint.end_with?('amazonaws.com') && !['fips', 'gov'].any? { |e| @sqs.endpoint.include?(e) })
126
126
  raise Fluent::ConfigError, "sqs/endpoint parameter is not supported for SQS, use s3_region instead. This parameter is for SQS compatible services"
127
127
  end
128
128
 
@@ -39,6 +39,8 @@ module Fluent::Plugin
39
39
  config_param :duration_seconds, :integer, default: nil
40
40
  desc "A unique identifier that is used by third parties when assuming roles in their customers' accounts."
41
41
  config_param :external_id, :string, default: nil, secret: true
42
+ desc "The region of the STS endpoint to use."
43
+ config_param :sts_region, :string, default: nil
42
44
  end
43
45
  # See the following link for additional params that could be added:
44
46
  # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/STS/Client.html#assume_role_with_web_identity-instance_method
@@ -53,6 +55,8 @@ module Fluent::Plugin
53
55
  config_param :policy, :string, default: nil
54
56
  desc "The duration, in seconds, of the role session (900-43200)"
55
57
  config_param :duration_seconds, :integer, default: nil
58
+ desc "The region of the STS endpoint to use."
59
+ config_param :sts_region, :string, default: nil
56
60
  end
57
61
  config_section :instance_profile_credentials, multi: false do
58
62
  desc "Number of times to retry when retrieving credentials"
@@ -171,7 +175,7 @@ module Fluent::Plugin
171
175
 
172
176
  Aws.use_bundled_cert! if @use_bundled_cert
173
177
 
174
- if @s3_endpoint && @s3_endpoint.end_with?('amazonaws.com')
178
+ if @s3_endpoint && (@s3_endpoint.end_with?('amazonaws.com') && !['fips', 'gov'].any? { |e| @s3_endpoint.include?(e) })
175
179
  raise Fluent::ConfigError, "s3_endpoint parameter is not supported for S3, use s3_region instead. This parameter is for S3 compatible services"
176
180
  end
177
181
 
@@ -485,7 +489,9 @@ module Fluent::Plugin
485
489
  credentials_options[:policy] = c.policy if c.policy
486
490
  credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
487
491
  credentials_options[:external_id] = c.external_id if c.external_id
488
- if @s3_region
492
+ if c.sts_region
493
+ credentials_options[:client] = Aws::STS::Client.new(region: c.sts_region)
494
+ elsif @s3_region
489
495
  credentials_options[:client] = Aws::STS::Client.new(region: @s3_region)
490
496
  end
491
497
  options[:credentials] = Aws::AssumeRoleCredentials.new(credentials_options)
@@ -496,7 +502,9 @@ module Fluent::Plugin
496
502
  credentials_options[:web_identity_token_file] = c.web_identity_token_file
497
503
  credentials_options[:policy] = c.policy if c.policy
498
504
  credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
499
- if @s3_region
505
+ if c.sts_region
506
+ credentials_options[:client] = Aws::STS::Client.new(:region => c.sts_region)
507
+ elsif @s3_region
500
508
  credentials_options[:client] = Aws::STS::Client.new(:region => @s3_region)
501
509
  end
502
510
  options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
@@ -593,6 +593,36 @@ EOC
593
593
  assert_equal(expected_credentials, credentials)
594
594
  end
595
595
 
596
+ def test_web_identity_credentials_with_sts_region
597
+ expected_credentials = Aws::Credentials.new("test_key", "test_secret")
598
+ sts_client = Aws::STS::Client.new(region: 'us-east-1')
599
+ mock(Aws::STS::Client).new(region: 'us-east-1'){ sts_client }
600
+ mock(Aws::AssumeRoleWebIdentityCredentials).new(
601
+ role_arn: "test_arn",
602
+ role_session_name: "test_session",
603
+ web_identity_token_file: "test_file",
604
+ client: sts_client
605
+ ){
606
+ expected_credentials
607
+ }
608
+
609
+ config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
610
+ config += %[
611
+ s3_region us-west-2
612
+ <web_identity_credentials>
613
+ role_arn test_arn
614
+ role_session_name test_session
615
+ web_identity_token_file test_file
616
+ sts_region us-east-1
617
+ </web_identity_credentials>
618
+ ]
619
+ d = create_time_sliced_driver(config)
620
+ assert_nothing_raised { d.run {} }
621
+ client = d.instance.instance_variable_get(:@s3).client
622
+ credentials = client.config.credentials
623
+ assert_equal(expected_credentials, credentials)
624
+ end
625
+
596
626
  def test_instance_profile_credentials
597
627
  expected_credentials = Aws::Credentials.new("test_key", "test_secret")
598
628
  mock(Aws::InstanceProfileCredentials).new({}).returns(expected_credentials)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-s3
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.2
4
+ version: 1.3.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sadayuki Furuhashi
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2020-05-18 00:00:00.000000000 Z
12
+ date: 2020-06-25 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: fluentd