fluent-plugin-s3 1.8.1 → 1.8.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/linux.yml +1 -1
- data/ChangeLog +9 -0
- data/VERSION +1 -1
- data/docs/output.md +12 -0
- data/lib/fluent/plugin/out_s3.rb +25 -5
- data/test/test_out_s3.rb +86 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a674e172940ab48c2892af28f310ed186d382f34c73da8d9ac01287965691110
|
|
4
|
+
data.tar.gz: ed90652d734c43c099b58d050214de9d3a033ea38b94dd9b1c9dc0a427dc9de4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 677cc94165eeb960faf1af30fa2f1a31df4cbafa694801758f45eca7101a5370192299207a47c9b7c3fce973a4c87e97aaa53e420fdfc6b76a5ab2d1f9315c88
|
|
7
|
+
data.tar.gz: 7b974daffad50c509fe40c5574ba63240ec75d86480d74a1ab31a9ff85018356dc3be7573965b8c9245523c2bbc4fd699da8f54a6aeeccda2a8316d57d04d9c6
|
data/.github/workflows/linux.yml
CHANGED
data/ChangeLog
CHANGED
|
@@ -1,3 +1,12 @@
|
|
|
1
|
+
Release 1.8.3 - 2025/02/18
|
|
2
|
+
|
|
3
|
+
* out_s3: Add `sts_http_proxy` and `sts_endpoint_url` to web_identity_credentials (GitHub: #452)
|
|
4
|
+
|
|
5
|
+
Release 1.8.2 - 2024/12/18
|
|
6
|
+
|
|
7
|
+
* out_s3: Add more logging to identify unexpected error of Tempfile#close.
|
|
8
|
+
* out_s3: Support `checksum_algorithm` parameter to validate the data with checksum (CRC32, CRC32C, SHA1 and SHA256) during upload/download.
|
|
9
|
+
|
|
1
10
|
Release 1.8.1 - 2024/11/15
|
|
2
11
|
|
|
3
12
|
* dependency: Change zstd-ruby dependency optional. Install zstd-ruby manually if you want to enable Zstd compression feature.
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.8.
|
|
1
|
+
1.8.3
|
data/docs/output.md
CHANGED
|
@@ -430,6 +430,18 @@ Specifies the AWS KMS key ID to use for object encryption.
|
|
|
430
430
|
|
|
431
431
|
Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
|
|
432
432
|
|
|
433
|
+
## checksum_algorithm
|
|
434
|
+
|
|
435
|
+
AWS allows to calculate the integrity checksum server side. The additional checksum is
|
|
436
|
+
used to validate the data during upload or download. The following 4 SHA and CRC algorithms are supported:
|
|
437
|
+
|
|
438
|
+
* CRC32
|
|
439
|
+
* CRC32C
|
|
440
|
+
* SHA1
|
|
441
|
+
* SHA256
|
|
442
|
+
|
|
443
|
+
For more info refer to [object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html).
|
|
444
|
+
|
|
433
445
|
## compute_checksums
|
|
434
446
|
|
|
435
447
|
AWS SDK uses MD5 for API request/response by default. On FIPS enabled environment,
|
data/lib/fluent/plugin/out_s3.rb
CHANGED
|
@@ -62,6 +62,10 @@ module Fluent::Plugin
|
|
|
62
62
|
config_param :duration_seconds, :integer, default: nil
|
|
63
63
|
desc "The region of the STS endpoint to use."
|
|
64
64
|
config_param :sts_region, :string, default: nil
|
|
65
|
+
desc "A http proxy url for requests to aws sts service"
|
|
66
|
+
config_param :sts_http_proxy, :string, default: nil, secret: true
|
|
67
|
+
desc "A url for a regional sts api endpoint, the default is global"
|
|
68
|
+
config_param :sts_endpoint_url, :string, default: nil
|
|
65
69
|
end
|
|
66
70
|
config_section :instance_profile_credentials, multi: false do
|
|
67
71
|
desc "Number of times to retry when retrieving credentials"
|
|
@@ -154,6 +158,8 @@ module Fluent::Plugin
|
|
|
154
158
|
desc "Arbitrary S3 tag-set for the object"
|
|
155
159
|
config_param :tagging, :string, default: nil
|
|
156
160
|
desc "Arbitrary S3 metadata headers to set for the object"
|
|
161
|
+
config_param :checksum_algorithm, :string, default: nil
|
|
162
|
+
desc "Indicates the algorithm you want Amazon S3 to use to create the checksum for the object (CRC32,CRC32C,SHA1,SHA256)"
|
|
157
163
|
config_param :s3_metadata, :hash, default: nil
|
|
158
164
|
config_section :bucket_lifecycle_rule, param_name: :bucket_lifecycle_rules, multi: true do
|
|
159
165
|
desc "A unique ID for this rule"
|
|
@@ -368,6 +374,7 @@ module Fluent::Plugin
|
|
|
368
374
|
put_options[:grant_read] = @grant_read if @grant_read
|
|
369
375
|
put_options[:grant_read_acp] = @grant_read_acp if @grant_read_acp
|
|
370
376
|
put_options[:grant_write_acp] = @grant_write_acp if @grant_write_acp
|
|
377
|
+
put_options[:checksum_algorithm] = @checksum_algorithm if @checksum_algorithm
|
|
371
378
|
put_options[:tagging] = @tagging if @tagging
|
|
372
379
|
|
|
373
380
|
if @s3_metadata
|
|
@@ -378,6 +385,8 @@ module Fluent::Plugin
|
|
|
378
385
|
end
|
|
379
386
|
@bucket.object(s3path).put(put_options)
|
|
380
387
|
|
|
388
|
+
log.debug "out_s3: completed to write chunk #{dump_unique_id_hex(chunk.unique_id)} with metadata #{chunk.metadata} to s3://#{@s3_bucket}/#{s3path}"
|
|
389
|
+
|
|
381
390
|
@values_for_s3_object_chunk.delete(chunk.unique_id)
|
|
382
391
|
|
|
383
392
|
if @warn_for_delay
|
|
@@ -386,7 +395,11 @@ module Fluent::Plugin
|
|
|
386
395
|
end
|
|
387
396
|
end
|
|
388
397
|
ensure
|
|
389
|
-
|
|
398
|
+
begin
|
|
399
|
+
tmp.close(true)
|
|
400
|
+
rescue => e
|
|
401
|
+
log.info "out_s3: Tempfile#close caused unexpected error", error: e
|
|
402
|
+
end
|
|
390
403
|
end
|
|
391
404
|
end
|
|
392
405
|
|
|
@@ -531,15 +544,22 @@ module Fluent::Plugin
|
|
|
531
544
|
options[:secret_access_key] = @aws_sec_key
|
|
532
545
|
when @web_identity_credentials
|
|
533
546
|
c = @web_identity_credentials
|
|
547
|
+
region = c.sts_region || @s3_region
|
|
534
548
|
credentials_options[:role_arn] = c.role_arn
|
|
535
549
|
credentials_options[:role_session_name] = c.role_session_name
|
|
536
550
|
credentials_options[:web_identity_token_file] = c.web_identity_token_file
|
|
537
551
|
credentials_options[:policy] = c.policy if c.policy
|
|
538
552
|
credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
|
|
539
|
-
if c.
|
|
540
|
-
|
|
541
|
-
|
|
542
|
-
credentials_options[:client] = Aws::STS::Client.new(:region
|
|
553
|
+
credentials_options[:sts_endpoint_url] = c.sts_endpoint_url if c.sts_endpoint_url
|
|
554
|
+
credentials_options[:sts_http_proxy] = c.sts_http_proxy if c.sts_http_proxy
|
|
555
|
+
if c.sts_http_proxy && c.sts_endpoint_url
|
|
556
|
+
credentials_options[:client] = Aws::STS::Client.new(region: region, http_proxy: c.sts_http_proxy, endpoint: c.sts_endpoint_url)
|
|
557
|
+
elsif c.sts_http_proxy
|
|
558
|
+
credentials_options[:client] = Aws::STS::Client.new(region: region, http_proxy: c.sts_http_proxy)
|
|
559
|
+
elsif c.sts_endpoint_url
|
|
560
|
+
credentials_options[:client] = Aws::STS::Client.new(region: region, endpoint: c.sts_endpoint_url)
|
|
561
|
+
else
|
|
562
|
+
credentials_options[:client] = Aws::STS::Client.new(region: region)
|
|
543
563
|
end
|
|
544
564
|
options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
|
|
545
565
|
when @instance_profile_credentials
|
data/test/test_out_s3.rb
CHANGED
|
@@ -803,6 +803,92 @@ EOC
|
|
|
803
803
|
assert_equal(expected_credentials, credentials)
|
|
804
804
|
end
|
|
805
805
|
|
|
806
|
+
def test_web_identity_credentials_with_region_and_sts_http_proxy
|
|
807
|
+
expected_credentials = Aws::Credentials.new("test_key", "test_secret")
|
|
808
|
+
expected_region = "ap-northeast-1"
|
|
809
|
+
expected_sts_http_proxy = 'http://example.com'
|
|
810
|
+
sts_client = Aws::STS::Client.new(region: expected_region, http_proxy: expected_sts_http_proxy)
|
|
811
|
+
mock(Aws::STS::Client).new(region:expected_region, http_proxy: expected_sts_http_proxy){ sts_client }
|
|
812
|
+
mock(Aws::AssumeRoleWebIdentityCredentials).new({ role_arn: "test_arn",
|
|
813
|
+
role_session_name: "test_session",
|
|
814
|
+
web_identity_token_file: "test_file",
|
|
815
|
+
client: sts_client,
|
|
816
|
+
sts_http_proxy: expected_sts_http_proxy }){
|
|
817
|
+
expected_credentials
|
|
818
|
+
}
|
|
819
|
+
config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
|
|
820
|
+
config += %[
|
|
821
|
+
s3_region #{expected_region}
|
|
822
|
+
<web_identity_credentials>
|
|
823
|
+
role_arn test_arn
|
|
824
|
+
role_session_name test_session
|
|
825
|
+
web_identity_token_file test_file
|
|
826
|
+
sts_http_proxy #{expected_sts_http_proxy}
|
|
827
|
+
</web_identity_credentials>
|
|
828
|
+
]
|
|
829
|
+
d = create_time_sliced_driver(config)
|
|
830
|
+
assert_nothing_raised { d.run {} }
|
|
831
|
+
client = d.instance.instance_variable_get(:@s3).client
|
|
832
|
+
credentials = client.config.credentials
|
|
833
|
+
assert_equal(expected_credentials, credentials)
|
|
834
|
+
end
|
|
835
|
+
|
|
836
|
+
def test_web_identity_credentials_with_sts_http_proxy
|
|
837
|
+
expected_credentials = Aws::Credentials.new("test_key", "test_secret")
|
|
838
|
+
expected_sts_http_proxy = 'http://example.com'
|
|
839
|
+
sts_client = Aws::STS::Client.new(region: "us-east-1", http_proxy: expected_sts_http_proxy)
|
|
840
|
+
mock(Aws::STS::Client).new(region: "us-east-1", http_proxy: expected_sts_http_proxy){ sts_client }
|
|
841
|
+
mock(Aws::AssumeRoleWebIdentityCredentials).new({ role_arn: "test_arn",
|
|
842
|
+
role_session_name: "test_session",
|
|
843
|
+
web_identity_token_file: "test_file",
|
|
844
|
+
client: sts_client,
|
|
845
|
+
sts_http_proxy: expected_sts_http_proxy }){
|
|
846
|
+
expected_credentials
|
|
847
|
+
}
|
|
848
|
+
config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
|
|
849
|
+
config += %[
|
|
850
|
+
<web_identity_credentials>
|
|
851
|
+
role_arn test_arn
|
|
852
|
+
role_session_name test_session
|
|
853
|
+
web_identity_token_file test_file
|
|
854
|
+
sts_http_proxy #{expected_sts_http_proxy}
|
|
855
|
+
</web_identity_credentials>
|
|
856
|
+
]
|
|
857
|
+
d = create_time_sliced_driver(config)
|
|
858
|
+
assert_nothing_raised { d.run {} }
|
|
859
|
+
client = d.instance.instance_variable_get(:@s3).client
|
|
860
|
+
credentials = client.config.credentials
|
|
861
|
+
assert_equal(expected_credentials, credentials)
|
|
862
|
+
end
|
|
863
|
+
|
|
864
|
+
def test_web_identity_credentials_with_sts_endpoint_url
|
|
865
|
+
expected_credentials = Aws::Credentials.new("test_key", "test_secret")
|
|
866
|
+
expected_sts_endpoint_url = 'http://example.com'
|
|
867
|
+
sts_client = Aws::STS::Client.new(region: "us-east-1", endpoint: expected_sts_endpoint_url)
|
|
868
|
+
mock(Aws::STS::Client).new(region: "us-east-1", endpoint: expected_sts_endpoint_url){ sts_client }
|
|
869
|
+
mock(Aws::AssumeRoleWebIdentityCredentials).new({ role_arn: "test_arn",
|
|
870
|
+
role_session_name: "test_session",
|
|
871
|
+
web_identity_token_file: "test_file",
|
|
872
|
+
client: sts_client,
|
|
873
|
+
sts_endpoint_url: expected_sts_endpoint_url }){
|
|
874
|
+
expected_credentials
|
|
875
|
+
}
|
|
876
|
+
config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
|
|
877
|
+
config += %[
|
|
878
|
+
<web_identity_credentials>
|
|
879
|
+
role_arn test_arn
|
|
880
|
+
role_session_name test_session
|
|
881
|
+
web_identity_token_file test_file
|
|
882
|
+
sts_endpoint_url #{expected_sts_endpoint_url}
|
|
883
|
+
</web_identity_credentials>
|
|
884
|
+
]
|
|
885
|
+
d = create_time_sliced_driver(config)
|
|
886
|
+
assert_nothing_raised { d.run {} }
|
|
887
|
+
client = d.instance.instance_variable_get(:@s3).client
|
|
888
|
+
credentials = client.config.credentials
|
|
889
|
+
assert_equal(expected_credentials, credentials)
|
|
890
|
+
end
|
|
891
|
+
|
|
806
892
|
def test_web_identity_credentials_with_sts_region
|
|
807
893
|
expected_credentials = Aws::Credentials.new("test_key", "test_secret")
|
|
808
894
|
sts_client = Aws::STS::Client.new(region: 'us-east-1')
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-s3
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.8.
|
|
4
|
+
version: 1.8.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sadayuki Furuhashi
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2025-02-18 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: fluentd
|