fluent-plugin-s3 1.8.2 → 1.8.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/linux.yml +1 -1
  3. data/ChangeLog +4 -0
  4. data/VERSION +1 -1
  5. data/lib/fluent/plugin/out_s3.rb +15 -4
  6. data/test/test_out_s3.rb +86 -0
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 217eb830b5223b315c3315bfe2eaa0e9ad177ad8b4f9fc90b0575ac6bd30dcfc
4
- data.tar.gz: 77895d2eca5be5449db57d5a8d69e87b7b1e3da8cbee5bdffe2f0afa56d4fcb6
3
+ metadata.gz: a674e172940ab48c2892af28f310ed186d382f34c73da8d9ac01287965691110
4
+ data.tar.gz: ed90652d734c43c099b58d050214de9d3a033ea38b94dd9b1c9dc0a427dc9de4
5
5
  SHA512:
6
- metadata.gz: 04557ccde6e3d9f3a2d3ab4a5cc8c87b7d1dedddc09baa858239be4d59d071b5b4afb43f5cf685c936d09a13208d916683fc298beb89f168f44fdad30a456f8a
7
- data.tar.gz: bcc7742d25f8c7f2108ad77753fb5b864f8fb0d644ad0d832a6fe26143b5b938bd03436695c43181b7b66d0f538421454f87e87fa73aa3c4907fd86979aa6b01
6
+ metadata.gz: 677cc94165eeb960faf1af30fa2f1a31df4cbafa694801758f45eca7101a5370192299207a47c9b7c3fce973a4c87e97aaa53e420fdfc6b76a5ab2d1f9315c88
7
+ data.tar.gz: 7b974daffad50c509fe40c5574ba63240ec75d86480d74a1ab31a9ff85018356dc3be7573965b8c9245523c2bbc4fd699da8f54a6aeeccda2a8316d57d04d9c6
data/.github/workflows/linux.yml CHANGED
@@ -10,7 +10,7 @@ jobs:
10
10
  strategy:
11
11
  fail-fast: false
12
12
  matrix:
13
- ruby: [ '3.2', '3.1', '3.0', '2.7' ]
13
+ ruby: [ '3.4', '3.3', '3.2', '3.1', '3.0', '2.7' ]
14
14
  os:
15
15
  - ubuntu-latest
16
16
  name: Ruby ${{ matrix.ruby }} unit testing on ${{ matrix.os }}
data/ChangeLog CHANGED
@@ -1,3 +1,7 @@
1
+ Release 1.8.3 - 2025/02/18
2
+
3
+ * out_s3: Add `sts_http_proxy` and `sts_endpoint_url` to web_identity_credentials (GitHub: #452)
4
+
1
5
  Release 1.8.2 - 2024/12/18
2
6
 
3
7
  * out_s3: Add more logging to identify unexpected error of Tempfile#close.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.8.2
1
+ 1.8.3
data/lib/fluent/plugin/out_s3.rb CHANGED
@@ -62,6 +62,10 @@ module Fluent::Plugin
62
62
  config_param :duration_seconds, :integer, default: nil
63
63
  desc "The region of the STS endpoint to use."
64
64
  config_param :sts_region, :string, default: nil
65
+ desc "A http proxy url for requests to aws sts service"
66
+ config_param :sts_http_proxy, :string, default: nil, secret: true
67
+ desc "A url for a regional sts api endpoint, the default is global"
68
+ config_param :sts_endpoint_url, :string, default: nil
65
69
  end
66
70
  config_section :instance_profile_credentials, multi: false do
67
71
  desc "Number of times to retry when retrieving credentials"
@@ -540,15 +544,22 @@ module Fluent::Plugin
540
544
  options[:secret_access_key] = @aws_sec_key
541
545
  when @web_identity_credentials
542
546
  c = @web_identity_credentials
547
+ region = c.sts_region || @s3_region
543
548
  credentials_options[:role_arn] = c.role_arn
544
549
  credentials_options[:role_session_name] = c.role_session_name
545
550
  credentials_options[:web_identity_token_file] = c.web_identity_token_file
546
551
  credentials_options[:policy] = c.policy if c.policy
547
552
  credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
548
- if c.sts_region
549
- credentials_options[:client] = Aws::STS::Client.new(:region => c.sts_region)
550
- elsif @s3_region
551
- credentials_options[:client] = Aws::STS::Client.new(:region => @s3_region)
553
+ credentials_options[:sts_endpoint_url] = c.sts_endpoint_url if c.sts_endpoint_url
554
+ credentials_options[:sts_http_proxy] = c.sts_http_proxy if c.sts_http_proxy
555
+ if c.sts_http_proxy && c.sts_endpoint_url
556
+ credentials_options[:client] = Aws::STS::Client.new(region: region, http_proxy: c.sts_http_proxy, endpoint: c.sts_endpoint_url)
557
+ elsif c.sts_http_proxy
558
+ credentials_options[:client] = Aws::STS::Client.new(region: region, http_proxy: c.sts_http_proxy)
559
+ elsif c.sts_endpoint_url
560
+ credentials_options[:client] = Aws::STS::Client.new(region: region, endpoint: c.sts_endpoint_url)
561
+ else
562
+ credentials_options[:client] = Aws::STS::Client.new(region: region)
552
563
  end
553
564
  options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
554
565
  when @instance_profile_credentials
data/test/test_out_s3.rb CHANGED
@@ -803,6 +803,92 @@ EOC
803
803
  assert_equal(expected_credentials, credentials)
804
804
  end
805
805
 
806
+ def test_web_identity_credentials_with_region_and_sts_http_proxy
807
+ expected_credentials = Aws::Credentials.new("test_key", "test_secret")
808
+ expected_region = "ap-northeast-1"
809
+ expected_sts_http_proxy = 'http://example.com'
810
+ sts_client = Aws::STS::Client.new(region: expected_region, http_proxy: expected_sts_http_proxy)
811
+ mock(Aws::STS::Client).new(region:expected_region, http_proxy: expected_sts_http_proxy){ sts_client }
812
+ mock(Aws::AssumeRoleWebIdentityCredentials).new({ role_arn: "test_arn",
813
+ role_session_name: "test_session",
814
+ web_identity_token_file: "test_file",
815
+ client: sts_client,
816
+ sts_http_proxy: expected_sts_http_proxy }){
817
+ expected_credentials
818
+ }
819
+ config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
820
+ config += %[
821
+ s3_region #{expected_region}
822
+ <web_identity_credentials>
823
+ role_arn test_arn
824
+ role_session_name test_session
825
+ web_identity_token_file test_file
826
+ sts_http_proxy #{expected_sts_http_proxy}
827
+ </web_identity_credentials>
828
+ ]
829
+ d = create_time_sliced_driver(config)
830
+ assert_nothing_raised { d.run {} }
831
+ client = d.instance.instance_variable_get(:@s3).client
832
+ credentials = client.config.credentials
833
+ assert_equal(expected_credentials, credentials)
834
+ end
835
+
836
+ def test_web_identity_credentials_with_sts_http_proxy
837
+ expected_credentials = Aws::Credentials.new("test_key", "test_secret")
838
+ expected_sts_http_proxy = 'http://example.com'
839
+ sts_client = Aws::STS::Client.new(region: "us-east-1", http_proxy: expected_sts_http_proxy)
840
+ mock(Aws::STS::Client).new(region: "us-east-1", http_proxy: expected_sts_http_proxy){ sts_client }
841
+ mock(Aws::AssumeRoleWebIdentityCredentials).new({ role_arn: "test_arn",
842
+ role_session_name: "test_session",
843
+ web_identity_token_file: "test_file",
844
+ client: sts_client,
845
+ sts_http_proxy: expected_sts_http_proxy }){
846
+ expected_credentials
847
+ }
848
+ config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
849
+ config += %[
850
+ <web_identity_credentials>
851
+ role_arn test_arn
852
+ role_session_name test_session
853
+ web_identity_token_file test_file
854
+ sts_http_proxy #{expected_sts_http_proxy}
855
+ </web_identity_credentials>
856
+ ]
857
+ d = create_time_sliced_driver(config)
858
+ assert_nothing_raised { d.run {} }
859
+ client = d.instance.instance_variable_get(:@s3).client
860
+ credentials = client.config.credentials
861
+ assert_equal(expected_credentials, credentials)
862
+ end
863
+
864
+ def test_web_identity_credentials_with_sts_endpoint_url
865
+ expected_credentials = Aws::Credentials.new("test_key", "test_secret")
866
+ expected_sts_endpoint_url = 'http://example.com'
867
+ sts_client = Aws::STS::Client.new(region: "us-east-1", endpoint: expected_sts_endpoint_url)
868
+ mock(Aws::STS::Client).new(region: "us-east-1", endpoint: expected_sts_endpoint_url){ sts_client }
869
+ mock(Aws::AssumeRoleWebIdentityCredentials).new({ role_arn: "test_arn",
870
+ role_session_name: "test_session",
871
+ web_identity_token_file: "test_file",
872
+ client: sts_client,
873
+ sts_endpoint_url: expected_sts_endpoint_url }){
874
+ expected_credentials
875
+ }
876
+ config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
877
+ config += %[
878
+ <web_identity_credentials>
879
+ role_arn test_arn
880
+ role_session_name test_session
881
+ web_identity_token_file test_file
882
+ sts_endpoint_url #{expected_sts_endpoint_url}
883
+ </web_identity_credentials>
884
+ ]
885
+ d = create_time_sliced_driver(config)
886
+ assert_nothing_raised { d.run {} }
887
+ client = d.instance.instance_variable_get(:@s3).client
888
+ credentials = client.config.credentials
889
+ assert_equal(expected_credentials, credentials)
890
+ end
891
+
806
892
  def test_web_identity_credentials_with_sts_region
807
893
  expected_credentials = Aws::Credentials.new("test_key", "test_secret")
808
894
  sts_client = Aws::STS::Client.new(region: 'us-east-1')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-s3
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.8.2
4
+ version: 1.8.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sadayuki Furuhashi
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2024-12-18 00:00:00.000000000 Z
12
+ date: 2025-02-18 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: fluentd