fluent-plugin-s3 1.1.6 → 1.1.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ChangeLog +5 -0
- data/README.md +131 -137
- data/VERSION +1 -1
- data/lib/fluent/plugin/in_s3.rb +8 -2
- data/test/test_in_s3.rb +2 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cce40365e053256475e60bf82f122c1ed0ccff27
|
4
|
+
data.tar.gz: e39318c0a195293034c053a457f455ab93feda5d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e112e247a473d37fbaaebef78f43a0aa1c81b1b29d667be08a8bf81e876ca5effb8b0cc6d8768019a3163eb463f059d6dbab8cf3fc414cece916666602893b73
|
7
|
+
data.tar.gz: 609f60be06d0ecfc986cef522078da31d78494d9a1ebb036b0442961159f31dc4ba711008547bd374c41924312d68ffb303f258e0c160b0c382a968497ae8b11
|
data/ChangeLog
CHANGED
data/README.md
CHANGED
@@ -37,7 +37,134 @@ Simply use RubyGems:
|
|
37
37
|
$ gem install fluent-plugin-s3 -v "~> 0.8" --no-document # for fluentd v0.12 or later
|
38
38
|
$ gem install fluent-plugin-s3 -v 1.0.0 --no-document # for fluentd v1.0 or later
|
39
39
|
|
40
|
-
##
|
40
|
+
## Configuration: credentials
|
41
|
+
|
42
|
+
Both S3 input/output plugin provide several credential methods for authentication/authorization.
|
43
|
+
|
44
|
+
### AWS key and secret authentication
|
45
|
+
|
46
|
+
These parameters are required when your agent is not running on EC2 instance with an IAM Role. When using an IAM role, make sure to configure `instance_profile_credentials`. Usage can be found below.
|
47
|
+
|
48
|
+
**aws_key_id**
|
49
|
+
|
50
|
+
AWS access key id.
|
51
|
+
|
52
|
+
**aws_sec_key**
|
53
|
+
|
54
|
+
AWS secret key.
|
55
|
+
|
56
|
+
### assume_role_credentials
|
57
|
+
|
58
|
+
Typically, you use AssumeRole for cross-account access or federation.
|
59
|
+
|
60
|
+
<match *>
|
61
|
+
@type s3
|
62
|
+
|
63
|
+
<assume_role_credentials>
|
64
|
+
role_arn ROLE_ARN
|
65
|
+
role_session_name ROLE_SESSION_NAME
|
66
|
+
</assume_role_credentials>
|
67
|
+
</match>
|
68
|
+
|
69
|
+
See also:
|
70
|
+
|
71
|
+
* [Using IAM Roles - AWS Identity and Access
|
72
|
+
Management](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
|
73
|
+
* [Aws::STS::Client](http://docs.aws.amazon.com/sdkforruby/api/Aws/STS/Client.html)
|
74
|
+
* [Aws::AssumeRoleCredentials](http://docs.aws.amazon.com/sdkforruby/api/Aws/AssumeRoleCredentials.html)
|
75
|
+
|
76
|
+
**role_arn (required)**
|
77
|
+
|
78
|
+
The Amazon Resource Name (ARN) of the role to assume.
|
79
|
+
|
80
|
+
**role_session_name (required)**
|
81
|
+
|
82
|
+
An identifier for the assumed role session.
|
83
|
+
|
84
|
+
**policy**
|
85
|
+
|
86
|
+
An IAM policy in JSON format.
|
87
|
+
|
88
|
+
**duration_seconds**
|
89
|
+
|
90
|
+
The duration, in seconds, of the role session. The value can range from
|
91
|
+
900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the value
|
92
|
+
is set to 3600 seconds.
|
93
|
+
|
94
|
+
**external_id**
|
95
|
+
|
96
|
+
A unique identifier that is used by third parties when assuming roles in
|
97
|
+
their customers' accounts.
|
98
|
+
|
99
|
+
### instance_profile_credentials
|
100
|
+
|
101
|
+
Retrieve temporary security credentials via HTTP request. This is useful on
|
102
|
+
EC2 instance.
|
103
|
+
|
104
|
+
<match *>
|
105
|
+
@type s3
|
106
|
+
|
107
|
+
<instance_profile_credentials>
|
108
|
+
ip_address IP_ADDRESS
|
109
|
+
port PORT
|
110
|
+
</instance_profile_credentials>
|
111
|
+
</match>
|
112
|
+
|
113
|
+
See also:
|
114
|
+
|
115
|
+
* [Aws::InstanceProfileCredentials](http://docs.aws.amazon.com/sdkforruby/api/Aws/InstanceProfileCredentials.html)
|
116
|
+
* [Temporary Security Credentials - AWS Identity and Access
|
117
|
+
Management](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
|
118
|
+
* [Instance Metadata and User Data - Amazon Elastic Compute
|
119
|
+
Cloud](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
|
120
|
+
|
121
|
+
**retries**
|
122
|
+
|
123
|
+
Number of times to retry when retrieving credentials. Default is 5.
|
124
|
+
|
125
|
+
**ip_address**
|
126
|
+
|
127
|
+
Default is 169.254.169.254.
|
128
|
+
|
129
|
+
**port**
|
130
|
+
|
131
|
+
Default is 80.
|
132
|
+
|
133
|
+
**http_open_timeout**
|
134
|
+
|
135
|
+
Default is 5.
|
136
|
+
|
137
|
+
**http_read_timeout**
|
138
|
+
|
139
|
+
Default is 5.
|
140
|
+
|
141
|
+
### shared_credentials
|
142
|
+
|
143
|
+
This loads AWS access credentials from local ini file. This is useful for
|
144
|
+
local developing.
|
145
|
+
|
146
|
+
<match *>
|
147
|
+
@type s3
|
148
|
+
|
149
|
+
<shared_credentials>
|
150
|
+
path PATH
|
151
|
+
profile_name PROFILE_NAME
|
152
|
+
</shared_credentials>
|
153
|
+
</match>
|
154
|
+
|
155
|
+
See also:
|
156
|
+
|
157
|
+
* [Aws::SharedCredentials](http://docs.aws.amazon.com/sdkforruby/api/Aws/SharedCredentials.html)
|
158
|
+
|
159
|
+
**path**
|
160
|
+
|
161
|
+
Path to the shared file. Defaults to "#{Dir.home}/.aws/credentials".
|
162
|
+
|
163
|
+
**profile_name**
|
164
|
+
|
165
|
+
Defaults to 'default' or `[ENV]('AWS_PROFILE')`.
|
166
|
+
|
167
|
+
## Configuration: Output
|
41
168
|
|
42
169
|
### v1.0 style
|
43
170
|
|
@@ -102,19 +229,10 @@ This configuration works with both fluentd v0.12 and v1.0.
|
|
102
229
|
|
103
230
|
If you want to embed tag in `path` / `s3_object_key_format`, you need to use `fluent-plugin-forest` plugin.
|
104
231
|
|
105
|
-
**aws_key_id**
|
106
|
-
|
107
|
-
AWS access key id. This parameter is required when your agent is not
|
108
|
-
running on EC2 instance with an IAM Role. When using an IAM role, make
|
109
|
-
sure to configure `instance_profile_credentials`. Usage can be found below.
|
110
|
-
|
111
|
-
**aws_sec_key**
|
112
|
-
|
113
|
-
AWS secret key. This parameter is required when your agent is not running
|
114
|
-
on EC2 instance with an IAM Role.
|
115
|
-
|
116
232
|
**aws_iam_retries**
|
117
233
|
|
234
|
+
This parameter is deprecated. Use `instance_profile_credentials` instead.
|
235
|
+
|
118
236
|
The number of attempts to make (with exponential backoff) when loading
|
119
237
|
instance profile credentials from the EC2 metadata service using an IAM
|
120
238
|
role. Defaults to 5 retries.
|
@@ -460,117 +578,6 @@ It would be useful when you use S3 compatible storage that accepts only signatur
|
|
460
578
|
|
461
579
|
Given a threshold to treat events as delay, output warning logs if delayed events were put into s3.
|
462
580
|
|
463
|
-
### assume_role_credentials
|
464
|
-
|
465
|
-
Typically, you use AssumeRole for cross-account access or federation.
|
466
|
-
|
467
|
-
<match *>
|
468
|
-
@type s3
|
469
|
-
|
470
|
-
<assume_role_credentials>
|
471
|
-
role_arn ROLE_ARN
|
472
|
-
role_session_name ROLE_SESSION_NAME
|
473
|
-
</assume_role_credentials>
|
474
|
-
</match>
|
475
|
-
|
476
|
-
See also:
|
477
|
-
|
478
|
-
* [Using IAM Roles - AWS Identity and Access
|
479
|
-
Management](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
|
480
|
-
* [Aws::STS::Client](http://docs.aws.amazon.com/sdkforruby/api/Aws/STS/Client.html)
|
481
|
-
* [Aws::AssumeRoleCredentials](http://docs.aws.amazon.com/sdkforruby/api/Aws/AssumeRoleCredentials.html)
|
482
|
-
|
483
|
-
**role_arn (required)**
|
484
|
-
|
485
|
-
The Amazon Resource Name (ARN) of the role to assume.
|
486
|
-
|
487
|
-
**role_session_name (required)**
|
488
|
-
|
489
|
-
An identifier for the assumed role session.
|
490
|
-
|
491
|
-
**policy**
|
492
|
-
|
493
|
-
An IAM policy in JSON format.
|
494
|
-
|
495
|
-
**duration_seconds**
|
496
|
-
|
497
|
-
The duration, in seconds, of the role session. The value can range from
|
498
|
-
900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the value
|
499
|
-
is set to 3600 seconds.
|
500
|
-
|
501
|
-
**external_id**
|
502
|
-
|
503
|
-
A unique identifier that is used by third parties when assuming roles in
|
504
|
-
their customers' accounts.
|
505
|
-
|
506
|
-
### instance_profile_credentials
|
507
|
-
|
508
|
-
Retrieve temporary security credentials via HTTP request. This is useful on
|
509
|
-
EC2 instance.
|
510
|
-
|
511
|
-
<match *>
|
512
|
-
@type s3
|
513
|
-
|
514
|
-
<instance_profile_credentials>
|
515
|
-
ip_address IP_ADDRESS
|
516
|
-
port PORT
|
517
|
-
</instance_profile_credentials>
|
518
|
-
</match>
|
519
|
-
|
520
|
-
See also:
|
521
|
-
|
522
|
-
* [Aws::InstanceProfileCredentials](http://docs.aws.amazon.com/sdkforruby/api/Aws/InstanceProfileCredentials.html)
|
523
|
-
* [Temporary Security Credentials - AWS Identity and Access
|
524
|
-
Management](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
|
525
|
-
* [Instance Metadata and User Data - Amazon Elastic Compute
|
526
|
-
Cloud](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
|
527
|
-
|
528
|
-
**retries**
|
529
|
-
|
530
|
-
Number of times to retry when retrieving credentials. Default is 5.
|
531
|
-
|
532
|
-
**ip_address**
|
533
|
-
|
534
|
-
Default is 169.254.169.254.
|
535
|
-
|
536
|
-
**port**
|
537
|
-
|
538
|
-
Default is 80.
|
539
|
-
|
540
|
-
**http_open_timeout**
|
541
|
-
|
542
|
-
Default is 5.
|
543
|
-
|
544
|
-
**http_read_timeout**
|
545
|
-
|
546
|
-
Default is 5.
|
547
|
-
|
548
|
-
### shared_credentials
|
549
|
-
|
550
|
-
This loads AWS access credentials from local ini file. This is useful for
|
551
|
-
local developing.
|
552
|
-
|
553
|
-
<match *>
|
554
|
-
@type s3
|
555
|
-
|
556
|
-
<shared_credentials>
|
557
|
-
path PATH
|
558
|
-
profile_name PROFILE_NAME
|
559
|
-
</shared_credentials>
|
560
|
-
</match>
|
561
|
-
|
562
|
-
See also:
|
563
|
-
|
564
|
-
* [Aws::SharedCredentials](http://docs.aws.amazon.com/sdkforruby/api/Aws/SharedCredentials.html)
|
565
|
-
|
566
|
-
**path**
|
567
|
-
|
568
|
-
Path to the shared file. Defaults to "#{Dir.home}/.aws/credentials".
|
569
|
-
|
570
|
-
**profile_name**
|
571
|
-
|
572
|
-
Defaults to 'default' or `[ENV]('AWS_PROFILE')`.
|
573
|
-
|
574
581
|
## Input: Setup
|
575
582
|
|
576
583
|
1. Create new [SQS](https://aws.amazon.com/documentation/sqs/) queue (use same region as S3)
|
@@ -579,7 +586,7 @@ Defaults to 'default' or `[ENV]('AWS_PROFILE')`.
|
|
579
586
|
4. Write configuration file such as fluent.conf
|
580
587
|
5. Run fluentd
|
581
588
|
|
582
|
-
##
|
589
|
+
## Configuration: Input
|
583
590
|
|
584
591
|
<source>
|
585
592
|
@type s3
|
@@ -594,19 +601,6 @@ Defaults to 'default' or `[ENV]('AWS_PROFILE')`.
|
|
594
601
|
</sqs>
|
595
602
|
</source>
|
596
603
|
|
597
|
-
**aws_key_id**
|
598
|
-
|
599
|
-
AWS access key id. This parameter is required when your agent is not running on EC2 instance with an IAM Role.
|
600
|
-
|
601
|
-
**aws_sec_key**
|
602
|
-
|
603
|
-
AWS secret key. This parameter is required when your agent is not running on EC2 instance with an IAM Role.
|
604
|
-
|
605
|
-
**aws_iam_retries**
|
606
|
-
|
607
|
-
The number of attempts to make (with exponential backoff) when loading instance profile credentials from the EC2 metadata
|
608
|
-
service using an IAM role. Defaults to 5 retries.
|
609
|
-
|
610
604
|
**s3_bucket (required)**
|
611
605
|
|
612
606
|
S3 bucket name.
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.1.
|
1
|
+
1.1.7
|
data/lib/fluent/plugin/in_s3.rb
CHANGED
@@ -78,6 +78,8 @@ module Fluent::Plugin
|
|
78
78
|
config_section :sqs, required: true, multi: false do
|
79
79
|
desc "SQS queue name"
|
80
80
|
config_param :queue_name, :string, default: nil
|
81
|
+
desc "SQS Owner Account ID"
|
82
|
+
config_param :queue_owner_aws_account_id, :string, default: nil
|
81
83
|
desc "Use 's3_region' instead"
|
82
84
|
config_param :endpoint, :string, default: nil
|
83
85
|
desc "Skip message deletion"
|
@@ -133,7 +135,7 @@ module Fluent::Plugin
|
|
133
135
|
|
134
136
|
sqs_client = create_sqs_client
|
135
137
|
log.debug("Succeeded to create SQS client")
|
136
|
-
response = sqs_client.get_queue_url(queue_name: @sqs.queue_name)
|
138
|
+
response = sqs_client.get_queue_url(queue_name: @sqs.queue_name, queue_owner_aws_account_id: @sqs.queue_owner_aws_account_id)
|
137
139
|
sqs_queue_url = response.queue_url
|
138
140
|
log.debug("Succeeded to get SQS queue URL")
|
139
141
|
|
@@ -186,6 +188,9 @@ module Fluent::Plugin
|
|
186
188
|
credentials_options[:policy] = c.policy if c.policy
|
187
189
|
credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
|
188
190
|
credentials_options[:external_id] = c.external_id if c.external_id
|
191
|
+
if @s3_region
|
192
|
+
credentials_options[:client] = Aws::STS::Client.new(:region => @s3_region)
|
193
|
+
end
|
189
194
|
options[:credentials] = Aws::AssumeRoleCredentials.new(credentials_options)
|
190
195
|
when @instance_profile_credentials
|
191
196
|
c = @instance_profile_credentials
|
@@ -212,7 +217,7 @@ module Fluent::Plugin
|
|
212
217
|
options[:region] = @s3_region if @s3_region
|
213
218
|
options[:endpoint] = @s3_endpoint if @s3_endpoint
|
214
219
|
options[:force_path_style] = @force_path_style
|
215
|
-
options[:
|
220
|
+
options[:http_proxy] = @proxy_uri if @proxy_uri
|
216
221
|
log.on_trace do
|
217
222
|
options[:http_wire_trace] = true
|
218
223
|
options[:logger] = log
|
@@ -225,6 +230,7 @@ module Fluent::Plugin
|
|
225
230
|
options = setup_credentials
|
226
231
|
options[:region] = @s3_region if @s3_region
|
227
232
|
options[:endpoint] = @sqs.endpoint if @sqs.endpoint
|
233
|
+
options[:http_proxy] = @proxy_uri if @proxy_uri
|
228
234
|
log.on_trace do
|
229
235
|
options[:http_wire_trace] = true
|
230
236
|
options[:logger] = log
|
data/test/test_in_s3.rb
CHANGED
@@ -31,6 +31,7 @@ class S3InputTest < Test::Unit::TestCase
|
|
31
31
|
buffer_type memory
|
32
32
|
<sqs>
|
33
33
|
queue_name test_queue
|
34
|
+
queue_owner_aws_account_id 123456789123
|
34
35
|
</sqs>
|
35
36
|
]
|
36
37
|
|
@@ -162,7 +163,7 @@ EOS
|
|
162
163
|
test_queue_url = "http://example.com/test_queue"
|
163
164
|
@sqs_client = stub(Aws::SQS::Client.new(stub_responses: true))
|
164
165
|
@sqs_response = stub(Struct::StubResponse.new(test_queue_url))
|
165
|
-
@sqs_client.get_queue_url(queue_name: "test_queue"){ @sqs_response }
|
166
|
+
@sqs_client.get_queue_url(queue_name: "test_queue", queue_owner_aws_account_id: "123456789123"){ @sqs_response }
|
166
167
|
mock(Aws::SQS::Client).new(anything).once { @sqs_client }
|
167
168
|
@real_poller = Aws::SQS::QueuePoller.new(test_queue_url, client: @sqs_client)
|
168
169
|
@sqs_poller = stub(@real_poller)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-s3
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sadayuki Furuhashi
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2018-
|
12
|
+
date: 2018-11-15 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: fluentd
|