fluent-plugin-s3 1.8.2 → 1.8.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/linux.yml +1 -1
- data/ChangeLog +4 -0
- data/VERSION +1 -1
- data/lib/fluent/plugin/out_s3.rb +15 -4
- data/test/test_out_s3.rb +86 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a674e172940ab48c2892af28f310ed186d382f34c73da8d9ac01287965691110
|
4
|
+
data.tar.gz: ed90652d734c43c099b58d050214de9d3a033ea38b94dd9b1c9dc0a427dc9de4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 677cc94165eeb960faf1af30fa2f1a31df4cbafa694801758f45eca7101a5370192299207a47c9b7c3fce973a4c87e97aaa53e420fdfc6b76a5ab2d1f9315c88
|
7
|
+
data.tar.gz: 7b974daffad50c509fe40c5574ba63240ec75d86480d74a1ab31a9ff85018356dc3be7573965b8c9245523c2bbc4fd699da8f54a6aeeccda2a8316d57d04d9c6
|
data/.github/workflows/linux.yml
CHANGED
data/ChangeLog
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.8.
|
1
|
+
1.8.3
|
data/lib/fluent/plugin/out_s3.rb
CHANGED
@@ -62,6 +62,10 @@ module Fluent::Plugin
|
|
62
62
|
config_param :duration_seconds, :integer, default: nil
|
63
63
|
desc "The region of the STS endpoint to use."
|
64
64
|
config_param :sts_region, :string, default: nil
|
65
|
+
desc "A http proxy url for requests to aws sts service"
|
66
|
+
config_param :sts_http_proxy, :string, default: nil, secret: true
|
67
|
+
desc "A url for a regional sts api endpoint, the default is global"
|
68
|
+
config_param :sts_endpoint_url, :string, default: nil
|
65
69
|
end
|
66
70
|
config_section :instance_profile_credentials, multi: false do
|
67
71
|
desc "Number of times to retry when retrieving credentials"
|
@@ -540,15 +544,22 @@ module Fluent::Plugin
|
|
540
544
|
options[:secret_access_key] = @aws_sec_key
|
541
545
|
when @web_identity_credentials
|
542
546
|
c = @web_identity_credentials
|
547
|
+
region = c.sts_region || @s3_region
|
543
548
|
credentials_options[:role_arn] = c.role_arn
|
544
549
|
credentials_options[:role_session_name] = c.role_session_name
|
545
550
|
credentials_options[:web_identity_token_file] = c.web_identity_token_file
|
546
551
|
credentials_options[:policy] = c.policy if c.policy
|
547
552
|
credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
|
548
|
-
if c.
|
549
|
-
|
550
|
-
|
551
|
-
credentials_options[:client] = Aws::STS::Client.new(:region
|
553
|
+
credentials_options[:sts_endpoint_url] = c.sts_endpoint_url if c.sts_endpoint_url
|
554
|
+
credentials_options[:sts_http_proxy] = c.sts_http_proxy if c.sts_http_proxy
|
555
|
+
if c.sts_http_proxy && c.sts_endpoint_url
|
556
|
+
credentials_options[:client] = Aws::STS::Client.new(region: region, http_proxy: c.sts_http_proxy, endpoint: c.sts_endpoint_url)
|
557
|
+
elsif c.sts_http_proxy
|
558
|
+
credentials_options[:client] = Aws::STS::Client.new(region: region, http_proxy: c.sts_http_proxy)
|
559
|
+
elsif c.sts_endpoint_url
|
560
|
+
credentials_options[:client] = Aws::STS::Client.new(region: region, endpoint: c.sts_endpoint_url)
|
561
|
+
else
|
562
|
+
credentials_options[:client] = Aws::STS::Client.new(region: region)
|
552
563
|
end
|
553
564
|
options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
|
554
565
|
when @instance_profile_credentials
|
data/test/test_out_s3.rb
CHANGED
@@ -803,6 +803,92 @@ EOC
|
|
803
803
|
assert_equal(expected_credentials, credentials)
|
804
804
|
end
|
805
805
|
|
806
|
+
def test_web_identity_credentials_with_region_and_sts_http_proxy
|
807
|
+
expected_credentials = Aws::Credentials.new("test_key", "test_secret")
|
808
|
+
expected_region = "ap-northeast-1"
|
809
|
+
expected_sts_http_proxy = 'http://example.com'
|
810
|
+
sts_client = Aws::STS::Client.new(region: expected_region, http_proxy: expected_sts_http_proxy)
|
811
|
+
mock(Aws::STS::Client).new(region:expected_region, http_proxy: expected_sts_http_proxy){ sts_client }
|
812
|
+
mock(Aws::AssumeRoleWebIdentityCredentials).new({ role_arn: "test_arn",
|
813
|
+
role_session_name: "test_session",
|
814
|
+
web_identity_token_file: "test_file",
|
815
|
+
client: sts_client,
|
816
|
+
sts_http_proxy: expected_sts_http_proxy }){
|
817
|
+
expected_credentials
|
818
|
+
}
|
819
|
+
config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
|
820
|
+
config += %[
|
821
|
+
s3_region #{expected_region}
|
822
|
+
<web_identity_credentials>
|
823
|
+
role_arn test_arn
|
824
|
+
role_session_name test_session
|
825
|
+
web_identity_token_file test_file
|
826
|
+
sts_http_proxy #{expected_sts_http_proxy}
|
827
|
+
</web_identity_credentials>
|
828
|
+
]
|
829
|
+
d = create_time_sliced_driver(config)
|
830
|
+
assert_nothing_raised { d.run {} }
|
831
|
+
client = d.instance.instance_variable_get(:@s3).client
|
832
|
+
credentials = client.config.credentials
|
833
|
+
assert_equal(expected_credentials, credentials)
|
834
|
+
end
|
835
|
+
|
836
|
+
def test_web_identity_credentials_with_sts_http_proxy
|
837
|
+
expected_credentials = Aws::Credentials.new("test_key", "test_secret")
|
838
|
+
expected_sts_http_proxy = 'http://example.com'
|
839
|
+
sts_client = Aws::STS::Client.new(region: "us-east-1", http_proxy: expected_sts_http_proxy)
|
840
|
+
mock(Aws::STS::Client).new(region: "us-east-1", http_proxy: expected_sts_http_proxy){ sts_client }
|
841
|
+
mock(Aws::AssumeRoleWebIdentityCredentials).new({ role_arn: "test_arn",
|
842
|
+
role_session_name: "test_session",
|
843
|
+
web_identity_token_file: "test_file",
|
844
|
+
client: sts_client,
|
845
|
+
sts_http_proxy: expected_sts_http_proxy }){
|
846
|
+
expected_credentials
|
847
|
+
}
|
848
|
+
config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
|
849
|
+
config += %[
|
850
|
+
<web_identity_credentials>
|
851
|
+
role_arn test_arn
|
852
|
+
role_session_name test_session
|
853
|
+
web_identity_token_file test_file
|
854
|
+
sts_http_proxy #{expected_sts_http_proxy}
|
855
|
+
</web_identity_credentials>
|
856
|
+
]
|
857
|
+
d = create_time_sliced_driver(config)
|
858
|
+
assert_nothing_raised { d.run {} }
|
859
|
+
client = d.instance.instance_variable_get(:@s3).client
|
860
|
+
credentials = client.config.credentials
|
861
|
+
assert_equal(expected_credentials, credentials)
|
862
|
+
end
|
863
|
+
|
864
|
+
def test_web_identity_credentials_with_sts_endpoint_url
|
865
|
+
expected_credentials = Aws::Credentials.new("test_key", "test_secret")
|
866
|
+
expected_sts_endpoint_url = 'http://example.com'
|
867
|
+
sts_client = Aws::STS::Client.new(region: "us-east-1", endpoint: expected_sts_endpoint_url)
|
868
|
+
mock(Aws::STS::Client).new(region: "us-east-1", endpoint: expected_sts_endpoint_url){ sts_client }
|
869
|
+
mock(Aws::AssumeRoleWebIdentityCredentials).new({ role_arn: "test_arn",
|
870
|
+
role_session_name: "test_session",
|
871
|
+
web_identity_token_file: "test_file",
|
872
|
+
client: sts_client,
|
873
|
+
sts_endpoint_url: expected_sts_endpoint_url }){
|
874
|
+
expected_credentials
|
875
|
+
}
|
876
|
+
config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
|
877
|
+
config += %[
|
878
|
+
<web_identity_credentials>
|
879
|
+
role_arn test_arn
|
880
|
+
role_session_name test_session
|
881
|
+
web_identity_token_file test_file
|
882
|
+
sts_endpoint_url #{expected_sts_endpoint_url}
|
883
|
+
</web_identity_credentials>
|
884
|
+
]
|
885
|
+
d = create_time_sliced_driver(config)
|
886
|
+
assert_nothing_raised { d.run {} }
|
887
|
+
client = d.instance.instance_variable_get(:@s3).client
|
888
|
+
credentials = client.config.credentials
|
889
|
+
assert_equal(expected_credentials, credentials)
|
890
|
+
end
|
891
|
+
|
806
892
|
def test_web_identity_credentials_with_sts_region
|
807
893
|
expected_credentials = Aws::Credentials.new("test_key", "test_secret")
|
808
894
|
sts_client = Aws::STS::Client.new(region: 'us-east-1')
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-s3
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.8.
|
4
|
+
version: 1.8.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sadayuki Furuhashi
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2025-02-18 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: fluentd
|