RubyGems - fluent-plugin-s3 - Versions diffs - 1.1.6 → 1.1.7 - Mend

fluent-plugin-s3 1.1.6 → 1.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0263bee7f101a3d938fb85697b7acf0473b9f3ed
-  data.tar.gz: 1f7b330dc029d10f50f9eee56a1f2310ebcca839
+  metadata.gz: cce40365e053256475e60bf82f122c1ed0ccff27
+  data.tar.gz: e39318c0a195293034c053a457f455ab93feda5d
 SHA512:
-  metadata.gz: 1fafe6a2e4c311f4850afa2f241332292f31849c167010bd187f9a3cddcce03308bd41a8fb01a9447e3c86ae181d67857a28f8a26b441da4b2203019443ef95a
-  data.tar.gz: ad7e122c740eb2dbeaf17d39927b2ecb4474e60bc81e2d9592647568565fb453821607a4e8ebc62f940186fc68c7d4e3c5fd47a853123e56ec17235fc4f6003b
+  metadata.gz: e112e247a473d37fbaaebef78f43a0aa1c81b1b29d667be08a8bf81e876ca5effb8b0cc6d8768019a3163eb463f059d6dbab8cf3fc414cece916666602893b73
+  data.tar.gz: 609f60be06d0ecfc986cef522078da31d78494d9a1ebb036b0442961159f31dc4ba711008547bd374c41924312d68ffb303f258e0c160b0c382a968497ae8b11

data/ChangeLog CHANGED

@@ -1,3 +1,8 @@
+Release 1.1.7 - 2018/11/14
+  * in_s3: Fix the bug proxy_uri parameter setting
+  * in_s3: Support cross-acount bucket/sqs capability with AssumeRole
 Release 1.1.6 - 2018/09/11
   * in_s3: Add s3_endpoint parameter to support S3 compatible service

data/README.md CHANGED

@@ -37,7 +37,134 @@ Simply use RubyGems:
     $ gem install fluent-plugin-s3 -v "~> 0.8" --no-document # for fluentd v0.12 or later
     $ gem install fluent-plugin-s3 -v 1.0.0 --no-document # for fluentd v1.0 or later
-## Output: Configuration
+## Configuration: credentials
+Both S3 input/output plugin provide several credential methods for authentication/authorization.
+### AWS key and secret authentication
+These parameters are required when your agent is not running on EC2 instance with an IAM Role. When using an IAM role, make sure to configure `instance_profile_credentials`. Usage can be found below.
+**aws_key_id**
+AWS access key id.
+**aws_sec_key**
+AWS secret key.
+### assume_role_credentials
+Typically, you use AssumeRole for cross-account access or federation.
+    <match *>
+      @type s3
+      <assume_role_credentials>
+        role_arn          ROLE_ARN
+        role_session_name ROLE_SESSION_NAME
+      </assume_role_credentials>
+    </match>
+See also:
+*   [Using IAM Roles - AWS Identity and Access
+    Management](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
+*   [Aws::STS::Client](http://docs.aws.amazon.com/sdkforruby/api/Aws/STS/Client.html)
+*   [Aws::AssumeRoleCredentials](http://docs.aws.amazon.com/sdkforruby/api/Aws/AssumeRoleCredentials.html)
+**role_arn (required)**
+The Amazon Resource Name (ARN) of the role to assume.
+**role_session_name (required)**
+An identifier for the assumed role session.
+**policy**
+An IAM policy in JSON format.
+**duration_seconds**
+The duration, in seconds, of the role session. The value can range from
+900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the value
+is set to 3600 seconds.
+**external_id**
+A unique identifier that is used by third parties when assuming roles in
+their customers' accounts.
+### instance_profile_credentials
+Retrieve temporary security credentials via HTTP request. This is useful on
+EC2 instance.
+    <match *>
+      @type s3
+      <instance_profile_credentials>
+        ip_address IP_ADDRESS
+        port       PORT
+      </instance_profile_credentials>
+    </match>
+See also:
+*   [Aws::InstanceProfileCredentials](http://docs.aws.amazon.com/sdkforruby/api/Aws/InstanceProfileCredentials.html)
+*   [Temporary Security Credentials - AWS Identity and Access
+    Management](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
+*   [Instance Metadata and User Data - Amazon Elastic Compute
+    Cloud](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
+**retries**
+Number of times to retry when retrieving credentials. Default is 5.
+**ip_address**
+Default is 169.254.169.254.
+**port**
+Default is 80.
+**http_open_timeout**
+Default is 5.
+**http_read_timeout**
+Default is 5.
+### shared_credentials
+This loads AWS access credentials from local ini file. This is useful for
+local developing.
+    <match *>
+      @type s3
+      <shared_credentials>
+        path         PATH
+        profile_name PROFILE_NAME
+      </shared_credentials>
+    </match>
+See also:
+*   [Aws::SharedCredentials](http://docs.aws.amazon.com/sdkforruby/api/Aws/SharedCredentials.html)
+**path**
+Path to the shared file. Defaults to "#{Dir.home}/.aws/credentials".
+**profile_name**
+Defaults to 'default' or `[ENV]('AWS_PROFILE')`.
+## Configuration: Output
 ### v1.0 style
@@ -102,19 +229,10 @@ This configuration works with both fluentd v0.12 and v1.0.
 If you want to embed tag in `path` / `s3_object_key_format`, you need to use `fluent-plugin-forest` plugin.
-**aws_key_id**
-AWS access key id. This parameter is required when your agent is not
-running on EC2 instance with an IAM Role. When using an IAM role, make
-sure to configure `instance_profile_credentials`. Usage can be found below.
-**aws_sec_key**
-AWS secret key. This parameter is required when your agent is not running
-on EC2 instance with an IAM Role.
 **aws_iam_retries**
+This parameter is deprecated. Use `instance_profile_credentials` instead.
 The number of attempts to make (with exponential backoff) when loading
 instance profile credentials from the EC2 metadata service using an IAM
 role. Defaults to 5 retries.
@@ -460,117 +578,6 @@ It would be useful when you use S3 compatible storage that accepts only signatur
 Given a threshold to treat events as delay, output warning logs if delayed events were put into s3.
-### assume_role_credentials
-Typically, you use AssumeRole for cross-account access or federation.
-    <match *>
-      @type s3
-      <assume_role_credentials>
-        role_arn          ROLE_ARN
-        role_session_name ROLE_SESSION_NAME
-      </assume_role_credentials>
-    </match>
-See also:
-*   [Using IAM Roles - AWS Identity and Access
-    Management](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
-*   [Aws::STS::Client](http://docs.aws.amazon.com/sdkforruby/api/Aws/STS/Client.html)
-*   [Aws::AssumeRoleCredentials](http://docs.aws.amazon.com/sdkforruby/api/Aws/AssumeRoleCredentials.html)
-**role_arn (required)**
-The Amazon Resource Name (ARN) of the role to assume.
-**role_session_name (required)**
-An identifier for the assumed role session.
-**policy**
-An IAM policy in JSON format.
-**duration_seconds**
-The duration, in seconds, of the role session. The value can range from
-900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the value
-is set to 3600 seconds.
-**external_id**
-A unique identifier that is used by third parties when assuming roles in
-their customers' accounts.
-### instance_profile_credentials
-Retrieve temporary security credentials via HTTP request. This is useful on
-EC2 instance.
-    <match *>
-      @type s3
-      <instance_profile_credentials>
-        ip_address IP_ADDRESS
-        port       PORT
-      </instance_profile_credentials>
-    </match>
-See also:
-*   [Aws::InstanceProfileCredentials](http://docs.aws.amazon.com/sdkforruby/api/Aws/InstanceProfileCredentials.html)
-*   [Temporary Security Credentials - AWS Identity and Access
-    Management](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
-*   [Instance Metadata and User Data - Amazon Elastic Compute
-    Cloud](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
-**retries**
-Number of times to retry when retrieving credentials. Default is 5.
-**ip_address**
-Default is 169.254.169.254.
-**port**
-Default is 80.
-**http_open_timeout**
-Default is 5.
-**http_read_timeout**
-Default is 5.
-### shared_credentials
-This loads AWS access credentials from local ini file. This is useful for
-local developing.
-    <match *>
-      @type s3
-      <shared_credentials>
-        path         PATH
-        profile_name PROFILE_NAME
-      </shared_credentials>
-    </match>
-See also:
-*   [Aws::SharedCredentials](http://docs.aws.amazon.com/sdkforruby/api/Aws/SharedCredentials.html)
-**path**
-Path to the shared file. Defaults to "#{Dir.home}/.aws/credentials".
-**profile_name**
-Defaults to 'default' or `[ENV]('AWS_PROFILE')`.
 ## Input: Setup
 1. Create new [SQS](https://aws.amazon.com/documentation/sqs/) queue (use same region as S3)
@@ -579,7 +586,7 @@ Defaults to 'default' or `[ENV]('AWS_PROFILE')`.
 4. Write configuration file such as fluent.conf
 5. Run fluentd
-## Input: Configuration
+## Configuration: Input
     <source>
       @type s3
@@ -594,19 +601,6 @@ Defaults to 'default' or `[ENV]('AWS_PROFILE')`.
       </sqs>
     </source>
-**aws_key_id**
-AWS access key id. This parameter is required when your agent is not running on EC2 instance with an IAM Role.
-**aws_sec_key**
-AWS secret key. This parameter is required when your agent is not running on EC2 instance with an IAM Role.
-**aws_iam_retries**
-The number of attempts to make (with exponential backoff) when loading instance profile credentials from the EC2 metadata
-service using an IAM role. Defaults to 5 retries.
 **s3_bucket (required)**
 S3 bucket name.

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 1.1.6
1	+ 1.1.7

data/lib/fluent/plugin/in_s3.rb CHANGED

@@ -78,6 +78,8 @@ module Fluent::Plugin
     config_section :sqs, required: true, multi: false do
       desc "SQS queue name"
       config_param :queue_name, :string, default: nil
+      desc "SQS Owner Account ID"
+      config_param :queue_owner_aws_account_id, :string, default: nil
       desc "Use 's3_region' instead"
       config_param :endpoint, :string, default: nil
       desc "Skip message deletion"
@@ -133,7 +135,7 @@ module Fluent::Plugin
       sqs_client = create_sqs_client
       log.debug("Succeeded to create SQS client")
-      response = sqs_client.get_queue_url(queue_name: @sqs.queue_name)
+      response = sqs_client.get_queue_url(queue_name: @sqs.queue_name, queue_owner_aws_account_id: @sqs.queue_owner_aws_account_id)
       sqs_queue_url = response.queue_url
       log.debug("Succeeded to get SQS queue URL")
@@ -186,6 +188,9 @@ module Fluent::Plugin
         credentials_options[:policy] = c.policy if c.policy
         credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
         credentials_options[:external_id] = c.external_id if c.external_id
+        if @s3_region
+          credentials_options[:client] = Aws::STS::Client.new(:region => @s3_region)
+        end
         options[:credentials] = Aws::AssumeRoleCredentials.new(credentials_options)
       when @instance_profile_credentials
         c = @instance_profile_credentials
@@ -212,7 +217,7 @@ module Fluent::Plugin
       options[:region] = @s3_region if @s3_region
       options[:endpoint] = @s3_endpoint if @s3_endpoint
       options[:force_path_style] = @force_path_style
-      options[:proxy_uri] = @proxy_uri if @proxy_uri
+      options[:http_proxy] = @proxy_uri if @proxy_uri
       log.on_trace do
         options[:http_wire_trace] = true
         options[:logger] = log
@@ -225,6 +230,7 @@ module Fluent::Plugin
       options = setup_credentials
       options[:region] = @s3_region if @s3_region
       options[:endpoint] = @sqs.endpoint if @sqs.endpoint
+      options[:http_proxy] = @proxy_uri if @proxy_uri
       log.on_trace do
         options[:http_wire_trace] = true
         options[:logger] = log

data/test/test_in_s3.rb CHANGED

@@ -31,6 +31,7 @@ class S3InputTest < Test::Unit::TestCase
     buffer_type memory
     <sqs>
       queue_name test_queue
+      queue_owner_aws_account_id 123456789123
     </sqs>
   ]
@@ -162,7 +163,7 @@ EOS
     test_queue_url = "http://example.com/test_queue"
     @sqs_client = stub(Aws::SQS::Client.new(stub_responses: true))
     @sqs_response = stub(Struct::StubResponse.new(test_queue_url))
-    @sqs_client.get_queue_url(queue_name: "test_queue"){ @sqs_response }
+    @sqs_client.get_queue_url(queue_name: "test_queue", queue_owner_aws_account_id: "123456789123"){ @sqs_response }
     mock(Aws::SQS::Client).new(anything).once { @sqs_client }
     @real_poller = Aws::SQS::QueuePoller.new(test_queue_url, client: @sqs_client)
     @sqs_poller = stub(@real_poller)

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-s3
 version: !ruby/object:Gem::Version
-  version: 1.1.6
+  version: 1.1.7
 platform: ruby
 authors:
 - Sadayuki Furuhashi
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-09-12 00:00:00.000000000 Z
+date: 2018-11-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd