fluent-plugin-s3 1.3.2 → 1.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ChangeLog +5 -0
- data/VERSION +1 -1
- data/lib/fluent/plugin/in_s3.rb +2 -2
- data/lib/fluent/plugin/out_s3.rb +11 -3
- data/test/test_out_s3.rb +30 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6b9e71e48fe8776d96c49e62012af3fc76ad2dbc6d7ded8a5514a82b1e9d0fc6
|
4
|
+
data.tar.gz: c1cba63a0f740b46557fe3e99ae86415a395df09fa573e9c12fe96de058f6971
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 705a0c4eff9cac0ea5f8bd1b36b081a2c282b6cfb1b4c54ebc1e94e819560fc51b4d7192041d67a7054c89f645448a33af4f76c71f0050c026cd535f97c1309a
|
7
|
+
data.tar.gz: 0eb1a170b8d8155a156c7d7b786a2ff5a9a3a618e63a98fca1eb75ae93b32fe71daffd513a08a41597f69d3639a604cb60780058a4db0aed8e70aa86000d5d43
|
data/ChangeLog
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.3.
|
1
|
+
1.3.3
|
data/lib/fluent/plugin/in_s3.rb
CHANGED
@@ -118,11 +118,11 @@ module Fluent::Plugin
|
|
118
118
|
def configure(conf)
|
119
119
|
super
|
120
120
|
|
121
|
-
if @s3_endpoint && @s3_endpoint.end_with?('amazonaws.com')
|
121
|
+
if @s3_endpoint && (@s3_endpoint.end_with?('amazonaws.com') && !['fips', 'gov'].any? { |e| @s3_endpoint.include?(e) })
|
122
122
|
raise Fluent::ConfigError, "s3_endpoint parameter is not supported for S3, use s3_region instead. This parameter is for S3 compatible services"
|
123
123
|
end
|
124
124
|
|
125
|
-
if @sqs.endpoint && @sqs.endpoint.end_with?('amazonaws.com')
|
125
|
+
if @sqs.endpoint && (@sqs.endpoint.end_with?('amazonaws.com') && !['fips', 'gov'].any? { |e| @sqs.endpoint.include?(e) })
|
126
126
|
raise Fluent::ConfigError, "sqs/endpoint parameter is not supported for SQS, use s3_region instead. This parameter is for SQS compatible services"
|
127
127
|
end
|
128
128
|
|
data/lib/fluent/plugin/out_s3.rb
CHANGED
@@ -39,6 +39,8 @@ module Fluent::Plugin
|
|
39
39
|
config_param :duration_seconds, :integer, default: nil
|
40
40
|
desc "A unique identifier that is used by third parties when assuming roles in their customers' accounts."
|
41
41
|
config_param :external_id, :string, default: nil, secret: true
|
42
|
+
desc "The region of the STS endpoint to use."
|
43
|
+
config_param :sts_region, :string, default: nil
|
42
44
|
end
|
43
45
|
# See the following link for additional params that could be added:
|
44
46
|
# https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/STS/Client.html#assume_role_with_web_identity-instance_method
|
@@ -53,6 +55,8 @@ module Fluent::Plugin
|
|
53
55
|
config_param :policy, :string, default: nil
|
54
56
|
desc "The duration, in seconds, of the role session (900-43200)"
|
55
57
|
config_param :duration_seconds, :integer, default: nil
|
58
|
+
desc "The region of the STS endpoint to use."
|
59
|
+
config_param :sts_region, :string, default: nil
|
56
60
|
end
|
57
61
|
config_section :instance_profile_credentials, multi: false do
|
58
62
|
desc "Number of times to retry when retrieving credentials"
|
@@ -171,7 +175,7 @@ module Fluent::Plugin
|
|
171
175
|
|
172
176
|
Aws.use_bundled_cert! if @use_bundled_cert
|
173
177
|
|
174
|
-
if @s3_endpoint && @s3_endpoint.end_with?('amazonaws.com')
|
178
|
+
if @s3_endpoint && (@s3_endpoint.end_with?('amazonaws.com') && !['fips', 'gov'].any? { |e| @s3_endpoint.include?(e) })
|
175
179
|
raise Fluent::ConfigError, "s3_endpoint parameter is not supported for S3, use s3_region instead. This parameter is for S3 compatible services"
|
176
180
|
end
|
177
181
|
|
@@ -485,7 +489,9 @@ module Fluent::Plugin
|
|
485
489
|
credentials_options[:policy] = c.policy if c.policy
|
486
490
|
credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
|
487
491
|
credentials_options[:external_id] = c.external_id if c.external_id
|
488
|
-
if
|
492
|
+
if c.sts_region
|
493
|
+
credentials_options[:client] = Aws::STS::Client.new(region: c.sts_region)
|
494
|
+
elsif @s3_region
|
489
495
|
credentials_options[:client] = Aws::STS::Client.new(region: @s3_region)
|
490
496
|
end
|
491
497
|
options[:credentials] = Aws::AssumeRoleCredentials.new(credentials_options)
|
@@ -496,7 +502,9 @@ module Fluent::Plugin
|
|
496
502
|
credentials_options[:web_identity_token_file] = c.web_identity_token_file
|
497
503
|
credentials_options[:policy] = c.policy if c.policy
|
498
504
|
credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
|
499
|
-
if
|
505
|
+
if c.sts_region
|
506
|
+
credentials_options[:client] = Aws::STS::Client.new(:region => c.sts_region)
|
507
|
+
elsif @s3_region
|
500
508
|
credentials_options[:client] = Aws::STS::Client.new(:region => @s3_region)
|
501
509
|
end
|
502
510
|
options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
|
data/test/test_out_s3.rb
CHANGED
@@ -593,6 +593,36 @@ EOC
|
|
593
593
|
assert_equal(expected_credentials, credentials)
|
594
594
|
end
|
595
595
|
|
596
|
+
def test_web_identity_credentials_with_sts_region
|
597
|
+
expected_credentials = Aws::Credentials.new("test_key", "test_secret")
|
598
|
+
sts_client = Aws::STS::Client.new(region: 'us-east-1')
|
599
|
+
mock(Aws::STS::Client).new(region: 'us-east-1'){ sts_client }
|
600
|
+
mock(Aws::AssumeRoleWebIdentityCredentials).new(
|
601
|
+
role_arn: "test_arn",
|
602
|
+
role_session_name: "test_session",
|
603
|
+
web_identity_token_file: "test_file",
|
604
|
+
client: sts_client
|
605
|
+
){
|
606
|
+
expected_credentials
|
607
|
+
}
|
608
|
+
|
609
|
+
config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
|
610
|
+
config += %[
|
611
|
+
s3_region us-west-2
|
612
|
+
<web_identity_credentials>
|
613
|
+
role_arn test_arn
|
614
|
+
role_session_name test_session
|
615
|
+
web_identity_token_file test_file
|
616
|
+
sts_region us-east-1
|
617
|
+
</web_identity_credentials>
|
618
|
+
]
|
619
|
+
d = create_time_sliced_driver(config)
|
620
|
+
assert_nothing_raised { d.run {} }
|
621
|
+
client = d.instance.instance_variable_get(:@s3).client
|
622
|
+
credentials = client.config.credentials
|
623
|
+
assert_equal(expected_credentials, credentials)
|
624
|
+
end
|
625
|
+
|
596
626
|
def test_instance_profile_credentials
|
597
627
|
expected_credentials = Aws::Credentials.new("test_key", "test_secret")
|
598
628
|
mock(Aws::InstanceProfileCredentials).new({}).returns(expected_credentials)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-s3
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.3.
|
4
|
+
version: 1.3.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sadayuki Furuhashi
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2020-
|
12
|
+
date: 2020-06-25 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: fluentd
|