fluent-plugin-s3 1.8.2 → 1.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 217eb830b5223b315c3315bfe2eaa0e9ad177ad8b4f9fc90b0575ac6bd30dcfc
4
- data.tar.gz: 77895d2eca5be5449db57d5a8d69e87b7b1e3da8cbee5bdffe2f0afa56d4fcb6
3
+ metadata.gz: a674e172940ab48c2892af28f310ed186d382f34c73da8d9ac01287965691110
4
+ data.tar.gz: ed90652d734c43c099b58d050214de9d3a033ea38b94dd9b1c9dc0a427dc9de4
5
5
  SHA512:
6
- metadata.gz: 04557ccde6e3d9f3a2d3ab4a5cc8c87b7d1dedddc09baa858239be4d59d071b5b4afb43f5cf685c936d09a13208d916683fc298beb89f168f44fdad30a456f8a
7
- data.tar.gz: bcc7742d25f8c7f2108ad77753fb5b864f8fb0d644ad0d832a6fe26143b5b938bd03436695c43181b7b66d0f538421454f87e87fa73aa3c4907fd86979aa6b01
6
+ metadata.gz: 677cc94165eeb960faf1af30fa2f1a31df4cbafa694801758f45eca7101a5370192299207a47c9b7c3fce973a4c87e97aaa53e420fdfc6b76a5ab2d1f9315c88
7
+ data.tar.gz: 7b974daffad50c509fe40c5574ba63240ec75d86480d74a1ab31a9ff85018356dc3be7573965b8c9245523c2bbc4fd699da8f54a6aeeccda2a8316d57d04d9c6
@@ -10,7 +10,7 @@ jobs:
10
10
  strategy:
11
11
  fail-fast: false
12
12
  matrix:
13
- ruby: [ '3.2', '3.1', '3.0', '2.7' ]
13
+ ruby: [ '3.4', '3.3', '3.2', '3.1', '3.0', '2.7' ]
14
14
  os:
15
15
  - ubuntu-latest
16
16
  name: Ruby ${{ matrix.ruby }} unit testing on ${{ matrix.os }}
data/ChangeLog CHANGED
@@ -1,3 +1,7 @@
1
+ Release 1.8.3 - 2025/02/18
2
+
3
+ * out_s3: Add `sts_http_proxy` and `sts_endpoint_url` to web_identity_credentials (GitHub: #452)
4
+
1
5
  Release 1.8.2 - 2024/12/18
2
6
 
3
7
  * out_s3: Add more logging to identify unexpected error of Tempfile#close.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.8.2
1
+ 1.8.3
@@ -62,6 +62,10 @@ module Fluent::Plugin
62
62
  config_param :duration_seconds, :integer, default: nil
63
63
  desc "The region of the STS endpoint to use."
64
64
  config_param :sts_region, :string, default: nil
65
+ desc "A http proxy url for requests to aws sts service"
66
+ config_param :sts_http_proxy, :string, default: nil, secret: true
67
+ desc "A url for a regional sts api endpoint, the default is global"
68
+ config_param :sts_endpoint_url, :string, default: nil
65
69
  end
66
70
  config_section :instance_profile_credentials, multi: false do
67
71
  desc "Number of times to retry when retrieving credentials"
@@ -540,15 +544,22 @@ module Fluent::Plugin
540
544
  options[:secret_access_key] = @aws_sec_key
541
545
  when @web_identity_credentials
542
546
  c = @web_identity_credentials
547
+ region = c.sts_region || @s3_region
543
548
  credentials_options[:role_arn] = c.role_arn
544
549
  credentials_options[:role_session_name] = c.role_session_name
545
550
  credentials_options[:web_identity_token_file] = c.web_identity_token_file
546
551
  credentials_options[:policy] = c.policy if c.policy
547
552
  credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
548
- if c.sts_region
549
- credentials_options[:client] = Aws::STS::Client.new(:region => c.sts_region)
550
- elsif @s3_region
551
- credentials_options[:client] = Aws::STS::Client.new(:region => @s3_region)
553
+ credentials_options[:sts_endpoint_url] = c.sts_endpoint_url if c.sts_endpoint_url
554
+ credentials_options[:sts_http_proxy] = c.sts_http_proxy if c.sts_http_proxy
555
+ if c.sts_http_proxy && c.sts_endpoint_url
556
+ credentials_options[:client] = Aws::STS::Client.new(region: region, http_proxy: c.sts_http_proxy, endpoint: c.sts_endpoint_url)
557
+ elsif c.sts_http_proxy
558
+ credentials_options[:client] = Aws::STS::Client.new(region: region, http_proxy: c.sts_http_proxy)
559
+ elsif c.sts_endpoint_url
560
+ credentials_options[:client] = Aws::STS::Client.new(region: region, endpoint: c.sts_endpoint_url)
561
+ else
562
+ credentials_options[:client] = Aws::STS::Client.new(region: region)
552
563
  end
553
564
  options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
554
565
  when @instance_profile_credentials
data/test/test_out_s3.rb CHANGED
@@ -803,6 +803,92 @@ EOC
803
803
  assert_equal(expected_credentials, credentials)
804
804
  end
805
805
 
806
+ def test_web_identity_credentials_with_region_and_sts_http_proxy
807
+ expected_credentials = Aws::Credentials.new("test_key", "test_secret")
808
+ expected_region = "ap-northeast-1"
809
+ expected_sts_http_proxy = 'http://example.com'
810
+ sts_client = Aws::STS::Client.new(region: expected_region, http_proxy: expected_sts_http_proxy)
811
+ mock(Aws::STS::Client).new(region:expected_region, http_proxy: expected_sts_http_proxy){ sts_client }
812
+ mock(Aws::AssumeRoleWebIdentityCredentials).new({ role_arn: "test_arn",
813
+ role_session_name: "test_session",
814
+ web_identity_token_file: "test_file",
815
+ client: sts_client,
816
+ sts_http_proxy: expected_sts_http_proxy }){
817
+ expected_credentials
818
+ }
819
+ config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
820
+ config += %[
821
+ s3_region #{expected_region}
822
+ <web_identity_credentials>
823
+ role_arn test_arn
824
+ role_session_name test_session
825
+ web_identity_token_file test_file
826
+ sts_http_proxy #{expected_sts_http_proxy}
827
+ </web_identity_credentials>
828
+ ]
829
+ d = create_time_sliced_driver(config)
830
+ assert_nothing_raised { d.run {} }
831
+ client = d.instance.instance_variable_get(:@s3).client
832
+ credentials = client.config.credentials
833
+ assert_equal(expected_credentials, credentials)
834
+ end
835
+
836
+ def test_web_identity_credentials_with_sts_http_proxy
837
+ expected_credentials = Aws::Credentials.new("test_key", "test_secret")
838
+ expected_sts_http_proxy = 'http://example.com'
839
+ sts_client = Aws::STS::Client.new(region: "us-east-1", http_proxy: expected_sts_http_proxy)
840
+ mock(Aws::STS::Client).new(region: "us-east-1", http_proxy: expected_sts_http_proxy){ sts_client }
841
+ mock(Aws::AssumeRoleWebIdentityCredentials).new({ role_arn: "test_arn",
842
+ role_session_name: "test_session",
843
+ web_identity_token_file: "test_file",
844
+ client: sts_client,
845
+ sts_http_proxy: expected_sts_http_proxy }){
846
+ expected_credentials
847
+ }
848
+ config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
849
+ config += %[
850
+ <web_identity_credentials>
851
+ role_arn test_arn
852
+ role_session_name test_session
853
+ web_identity_token_file test_file
854
+ sts_http_proxy #{expected_sts_http_proxy}
855
+ </web_identity_credentials>
856
+ ]
857
+ d = create_time_sliced_driver(config)
858
+ assert_nothing_raised { d.run {} }
859
+ client = d.instance.instance_variable_get(:@s3).client
860
+ credentials = client.config.credentials
861
+ assert_equal(expected_credentials, credentials)
862
+ end
863
+
864
+ def test_web_identity_credentials_with_sts_endpoint_url
865
+ expected_credentials = Aws::Credentials.new("test_key", "test_secret")
866
+ expected_sts_endpoint_url = 'http://example.com'
867
+ sts_client = Aws::STS::Client.new(region: "us-east-1", endpoint: expected_sts_endpoint_url)
868
+ mock(Aws::STS::Client).new(region: "us-east-1", endpoint: expected_sts_endpoint_url){ sts_client }
869
+ mock(Aws::AssumeRoleWebIdentityCredentials).new({ role_arn: "test_arn",
870
+ role_session_name: "test_session",
871
+ web_identity_token_file: "test_file",
872
+ client: sts_client,
873
+ sts_endpoint_url: expected_sts_endpoint_url }){
874
+ expected_credentials
875
+ }
876
+ config = CONFIG_TIME_SLICE.split("\n").reject{|x| x =~ /.+aws_.+/}.join("\n")
877
+ config += %[
878
+ <web_identity_credentials>
879
+ role_arn test_arn
880
+ role_session_name test_session
881
+ web_identity_token_file test_file
882
+ sts_endpoint_url #{expected_sts_endpoint_url}
883
+ </web_identity_credentials>
884
+ ]
885
+ d = create_time_sliced_driver(config)
886
+ assert_nothing_raised { d.run {} }
887
+ client = d.instance.instance_variable_get(:@s3).client
888
+ credentials = client.config.credentials
889
+ assert_equal(expected_credentials, credentials)
890
+ end
891
+
806
892
  def test_web_identity_credentials_with_sts_region
807
893
  expected_credentials = Aws::Credentials.new("test_key", "test_secret")
808
894
  sts_client = Aws::STS::Client.new(region: 'us-east-1')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-s3
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.8.2
4
+ version: 1.8.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sadayuki Furuhashi
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2024-12-18 00:00:00.000000000 Z
12
+ date: 2025-02-18 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: fluentd