RubyGems - fluent-plugin-s3 - Versions diffs - 1.8.2 → 1.8.3 - Mend

fluent-plugin-s3 1.8.2 → 1.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 217eb830b5223b315c3315bfe2eaa0e9ad177ad8b4f9fc90b0575ac6bd30dcfc
-  data.tar.gz: 77895d2eca5be5449db57d5a8d69e87b7b1e3da8cbee5bdffe2f0afa56d4fcb6
+  metadata.gz: a674e172940ab48c2892af28f310ed186d382f34c73da8d9ac01287965691110
+  data.tar.gz: ed90652d734c43c099b58d050214de9d3a033ea38b94dd9b1c9dc0a427dc9de4
 SHA512:
-  metadata.gz: 04557ccde6e3d9f3a2d3ab4a5cc8c87b7d1dedddc09baa858239be4d59d071b5b4afb43f5cf685c936d09a13208d916683fc298beb89f168f44fdad30a456f8a
-  data.tar.gz: bcc7742d25f8c7f2108ad77753fb5b864f8fb0d644ad0d832a6fe26143b5b938bd03436695c43181b7b66d0f538421454f87e87fa73aa3c4907fd86979aa6b01
+  metadata.gz: 677cc94165eeb960faf1af30fa2f1a31df4cbafa694801758f45eca7101a5370192299207a47c9b7c3fce973a4c87e97aaa53e420fdfc6b76a5ab2d1f9315c88
+  data.tar.gz: 7b974daffad50c509fe40c5574ba63240ec75d86480d74a1ab31a9ff85018356dc3be7573965b8c9245523c2bbc4fd699da8f54a6aeeccda2a8316d57d04d9c6

data/.github/workflows/linux.yml CHANGED Viewed

@@ -10,7 +10,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby: [ '3.2', '3.1', '3.0', '2.7' ]
+        ruby: [ '3.4', '3.3', '3.2', '3.1', '3.0', '2.7' ]
         os:
           - ubuntu-latest
     name: Ruby ${{ matrix.ruby }} unit testing on ${{ matrix.os }}

data/ChangeLog CHANGED Viewed

@@ -1,3 +1,7 @@
+Release 1.8.3 - 2025/02/18
+  * out_s3: Add `sts_http_proxy` and `sts_endpoint_url` to web_identity_credentials (GitHub: #452)
 Release 1.8.2 - 2024/12/18
   * out_s3: Add more logging to identify unexpected error of Tempfile#close.

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.8.2
1	+ 1.8.3

data/lib/fluent/plugin/out_s3.rb CHANGED Viewed

@@ -62,6 +62,10 @@ module Fluent::Plugin
       config_param :duration_seconds, :integer, default: nil
       desc "The region of the STS endpoint to use."
       config_param :sts_region, :string, default: nil
+      desc "A http proxy url for requests to aws sts service"
+      config_param :sts_http_proxy, :string, default: nil, secret: true
+      desc "A url for a regional sts api endpoint, the default is global"
+      config_param :sts_endpoint_url, :string, default: nil
     end
     config_section :instance_profile_credentials, multi: false do
       desc "Number of times to retry when retrieving credentials"
@@ -540,15 +544,22 @@ module Fluent::Plugin
         options[:secret_access_key] = @aws_sec_key
       when @web_identity_credentials
         c = @web_identity_credentials
+        region = c.sts_region || @s3_region
         credentials_options[:role_arn] = c.role_arn
         credentials_options[:role_session_name] = c.role_session_name
         credentials_options[:web_identity_token_file] = c.web_identity_token_file
         credentials_options[:policy] = c.policy if c.policy
         credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
-        if c.sts_region
-          credentials_options[:client] = Aws::STS::Client.new(:region => c.sts_region)
-        elsif @s3_region
-          credentials_options[:client] = Aws::STS::Client.new(:region => @s3_region)
+        credentials_options[:sts_endpoint_url] = c.sts_endpoint_url if c.sts_endpoint_url
+        credentials_options[:sts_http_proxy] = c.sts_http_proxy if c.sts_http_proxy
+        if c.sts_http_proxy && c.sts_endpoint_url
+          credentials_options[:client] = Aws::STS::Client.new(region: region, http_proxy: c.sts_http_proxy, endpoint: c.sts_endpoint_url)
+        elsif c.sts_http_proxy
+          credentials_options[:client] = Aws::STS::Client.new(region: region, http_proxy: c.sts_http_proxy)
+        elsif c.sts_endpoint_url
+          credentials_options[:client] = Aws::STS::Client.new(region: region, endpoint: c.sts_endpoint_url)
+        else
+          credentials_options[:client] = Aws::STS::Client.new(region: region)
         end
         options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
       when @instance_profile_credentials

data/test/test_out_s3.rb CHANGED Viewed

@@ -803,6 +803,92 @@ EOC
     assert_equal(expected_credentials, credentials)
   end
+  def test_web_identity_credentials_with_region_and_sts_http_proxy
+    expected_credentials = Aws::Credentials.new("test_key", "test_secret")
+    expected_region = "ap-northeast-1"
+    expected_sts_http_proxy = 'http://example.com'
+    sts_client = Aws::STS::Client.new(region: expected_region, http_proxy: expected_sts_http_proxy)
+    mock(Aws::STS::Client).new(region:expected_region, http_proxy: expected_sts_http_proxy){ sts_client }
+    mock(Aws::AssumeRoleWebIdentityCredentials).new({ role_arn: "test_arn",
+                                           role_session_name: "test_session",
+                                           web_identity_token_file: "test_file",
+                                           client: sts_client,
+                                           sts_http_proxy: expected_sts_http_proxy }){
+      expected_credentials
+    }
+    config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
+    config += %[
+      s3_region #{expected_region}
+      <web_identity_credentials>
+        role_arn test_arn
+        role_session_name test_session
+        web_identity_token_file test_file
+        sts_http_proxy #{expected_sts_http_proxy}
+      </web_identity_credentials>
+    ]
+    d = create_time_sliced_driver(config)
+    assert_nothing_raised { d.run {} }
+    client = d.instance.instance_variable_get(:@s3).client
+    credentials = client.config.credentials
+    assert_equal(expected_credentials, credentials)
+  end
+  def test_web_identity_credentials_with_sts_http_proxy
+    expected_credentials = Aws::Credentials.new("test_key", "test_secret")
+    expected_sts_http_proxy = 'http://example.com'
+    sts_client = Aws::STS::Client.new(region: "us-east-1", http_proxy: expected_sts_http_proxy)
+    mock(Aws::STS::Client).new(region: "us-east-1", http_proxy: expected_sts_http_proxy){ sts_client }
+    mock(Aws::AssumeRoleWebIdentityCredentials).new({ role_arn: "test_arn",
+                                           role_session_name: "test_session",
+                                           web_identity_token_file: "test_file",
+                                           client: sts_client,
+                                           sts_http_proxy: expected_sts_http_proxy }){
+      expected_credentials
+    }
+    config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
+    config += %[
+      <web_identity_credentials>
+        role_arn test_arn
+        role_session_name test_session
+        web_identity_token_file test_file
+        sts_http_proxy #{expected_sts_http_proxy}
+      </web_identity_credentials>
+    ]
+    d = create_time_sliced_driver(config)
+    assert_nothing_raised { d.run {} }
+    client = d.instance.instance_variable_get(:@s3).client
+    credentials = client.config.credentials
+    assert_equal(expected_credentials, credentials)
+  end
+  def test_web_identity_credentials_with_sts_endpoint_url
+    expected_credentials = Aws::Credentials.new("test_key", "test_secret")
+    expected_sts_endpoint_url = 'http://example.com'
+    sts_client = Aws::STS::Client.new(region: "us-east-1", endpoint: expected_sts_endpoint_url)
+    mock(Aws::STS::Client).new(region: "us-east-1", endpoint: expected_sts_endpoint_url){ sts_client }
+    mock(Aws::AssumeRoleWebIdentityCredentials).new({ role_arn: "test_arn",
+                                           role_session_name: "test_session",
+                                           web_identity_token_file: "test_file",
+                                           client: sts_client,
+                                           sts_endpoint_url: expected_sts_endpoint_url }){
+      expected_credentials
+    }
+    config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
+    config += %[
+      <web_identity_credentials>
+        role_arn test_arn
+        role_session_name test_session
+        web_identity_token_file test_file
+        sts_endpoint_url #{expected_sts_endpoint_url}
+      </web_identity_credentials>
+    ]
+    d = create_time_sliced_driver(config)
+    assert_nothing_raised { d.run {} }
+    client = d.instance.instance_variable_get(:@s3).client
+    credentials = client.config.credentials
+    assert_equal(expected_credentials, credentials)
+  end
   def test_web_identity_credentials_with_sts_region
     expected_credentials = Aws::Credentials.new("test_key", "test_secret")
     sts_client = Aws::STS::Client.new(region: 'us-east-1')

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-s3
 version: !ruby/object:Gem::Version
-  version: 1.8.2
+  version: 1.8.3
 platform: ruby
 authors:
 - Sadayuki Furuhashi
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-18 00:00:00.000000000 Z
+date: 2025-02-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd