logstash-input-kinesis 2.0.10-java → 2.0.11-java

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e043e41cda349ab19d8a7d315d12053e85720655957ecdd2bfa14c8004b3f251
4
- data.tar.gz: 7f45606c39c9afe600125b147426fc6187ffccff94a8b202cda6c4e51391393e
3
+ metadata.gz: 8b73933809822a3ae0d3dd18eea38e18cba4e7370092efd22729268d290c3424
4
+ data.tar.gz: 003f5c0a310e31efed2644b53bfccea4ec1b2713a391c434168f1cd507350467
5
5
  SHA512:
6
- metadata.gz: 2a49ae6fee952b540b522dca5cbab79cbdaabf68c2e9e628f1f88fbeea3b89f0bf4f03e8dfea65284d9125d68365e702536ee096dc161bcedb8eb9fe15120ba3
7
- data.tar.gz: 67fa5c368c1924e31d3a47ad4082d06c957ade7c6d36e7d8023e54cd06a113bf1f2bd4de84d426bb68911f3a1f36e7eb5dc1ff73bb14cf5803554b7a5c621b21
6
+ metadata.gz: d60d1dd1700b0d219ae7b5d7c6d59d4b6f4e689a752fb2fe58cc9b218a762a1ba297eb1a91ab9ad2159071263afbac8ed983fbbeaf402836c27960a5c2548eac
7
+ data.tar.gz: c7c65d11674124af023a62763951630b1d3af0d63223c671c75ee44ee13292316a6555b2570f4577d6f4276e9b74b0a1240d27281b5539e97627226a8ecb2d20
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## 2.0.11
2
+ - Added the ability to assume a role [#40](https://github.com/logstash-plugins/logstash-input-kinesis/pull/40)
3
+
1
4
  ## 2.0.10
2
5
  - Added the ability to set additional settings exposed through KinesisClientLibConfiguration [#51](https://github.com/logstash-plugins/logstash-input-kinesis/pull/51)
3
6
 
data/README.md CHANGED
@@ -48,7 +48,13 @@ This are the properties you can configure and what are the default values:
48
48
  * **default value**: `nil`
49
49
  * `profile`: The AWS profile name for authentication. This ensures that the `~/.aws/credentials` AWS auth provider is used. By default this is empty and the default chain will be used.
50
50
  * **required**: false
51
- * **default value**: `""`
51
+ * `role_arn`: The AWS role to assume. This can be used, for example, to access a Kinesis stream in a different AWS
52
+ account. This role will be assumed after the default credentials or profile credentials are created. By default
53
+ this is empty and a role will not be assumed.
54
+ * **required**: false
55
+ * `role_session_name`: Session name to use when assuming an IAM role. This is recorded in CloudTrail logs for example.
56
+ * **required**: false
57
+ * **default value**: `"logstash"`
52
58
  * `initial_position_in_stream`: The value for initialPositionInStream. Accepts "TRIM_HORIZON" or "LATEST".
53
59
  * **required**: false
54
60
  * **default value**: `"TRIM_HORIZON"`
@@ -55,6 +55,14 @@ class LogStash::Inputs::Kinesis < LogStash::Inputs::Base
55
55
  # Select AWS profile for input
56
56
  config :profile, :validate => :string
57
57
 
58
+ # The AWS IAM Role to assume, if any.
59
+ # This is used to generate temporary credentials typically for cross-account access.
60
+ # See https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html for more information.
61
+ config :role_arn, :validate => :string
62
+
63
+ # Session name to use when assuming an IAM role
64
+ config :role_session_name, :validate => :string, :default => "logstash"
65
+
58
66
  # Select initial_position_in_stream. Accepts TRIM_HORIZON or LATEST
59
67
  config :initial_position_in_stream, :validate => ["TRIM_HORIZON", "LATEST"], :default => "TRIM_HORIZON"
60
68
 
@@ -85,6 +93,14 @@ class LogStash::Inputs::Kinesis < LogStash::Inputs::Base
85
93
  else
86
94
  creds = com.amazonaws.auth::DefaultAWSCredentialsProviderChain.new
87
95
  end
96
+
97
+ # If a role ARN is set then assume the role as a new layer over the credentials already created
98
+ unless @role_arn.nil?
99
+ kinesis_creds = com.amazonaws.auth::STSAssumeRoleSessionCredentialsProvider.new(creds, @role_arn, @role_session_name)
100
+ else
101
+ kinesis_creds = creds
102
+ end
103
+
88
104
  initial_position_in_stream = if @initial_position_in_stream == "TRIM_HORIZON"
89
105
  KCL::InitialPositionInStream::TRIM_HORIZON
90
106
  else
@@ -94,7 +110,9 @@ class LogStash::Inputs::Kinesis < LogStash::Inputs::Base
94
110
  @kcl_config = KCL::KinesisClientLibConfiguration.new(
95
111
  @application_name,
96
112
  @kinesis_stream_name,
97
- creds,
113
+ kinesis_creds, # credential provider for accessing the kinesis stream
114
+ creds, # credential provider for creating / accessing the dynamo table
115
+ creds, # credential provider for cloudwatch metrics
98
116
  worker_id).
99
117
  withInitialPositionInStream(initial_position_in_stream).
100
118
  withRegionName(@region)
@@ -2,7 +2,7 @@
2
2
  module Logstash
3
3
  module Input
4
4
  module Kinesis
5
- VERSION = "2.0.10"
5
+ VERSION = "2.0.11"
6
6
  end
7
7
  end
8
8
  end
@@ -24,6 +24,7 @@ Gem::Specification.new do |spec|
24
24
 
25
25
  spec.requirements << "jar 'com.amazonaws:amazon-kinesis-client', '1.9.2'"
26
26
  spec.requirements << "jar 'com.amazonaws:aws-java-sdk-core', '1.11.414'"
27
+ spec.requirements << "jar 'com.amazonaws:aws-java-sdk-sts', '1.11.414'"
27
28
 
28
29
  spec.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
29
30
 
@@ -26,6 +26,17 @@ RSpec.describe "inputs/kinesis" do
26
26
  "profile" => "my-aws-profile"
27
27
  }}
28
28
 
29
+ # Config hash to test assume role provider if role_arn is specified
30
+ let(:config_with_role_arn) {{
31
+ "application_name" => "my-processor",
32
+ "kinesis_stream_name" => "run-specs",
33
+ "codec" => codec,
34
+ "metrics" => metrics,
35
+ "checkpoint_interval_seconds" => 120,
36
+ "region" => "ap-southeast-1",
37
+ "role_arn" => "arn:aws:iam::???????????:role/my-role"
38
+ }}
39
+
29
40
  # other config with LATEST as initial_position_in_stream
30
41
  let(:config_with_latest) {{
31
42
  "application_name" => "my-processor",
@@ -110,6 +121,15 @@ RSpec.describe "inputs/kinesis" do
110
121
  expect(kinesis_with_profile.kcl_config.get_kinesis_credentials_provider.getClass.to_s).to eq("com.amazonaws.auth.profile.ProfileCredentialsProvider")
111
122
  end
112
123
 
124
+ subject!(:kinesis_with_role_arn) { LogStash::Inputs::Kinesis.new(config_with_role_arn) }
125
+
126
+ it "uses STS for accessing the kinesis stream if role_arn is specified" do
127
+ kinesis_with_role_arn.register
128
+ expect(kinesis_with_role_arn.kcl_config.get_kinesis_credentials_provider.getClass.to_s).to eq("com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider")
129
+ expect(kinesis_with_role_arn.kcl_config.get_dynamo_db_credentials_provider.getClass.to_s).to eq("com.amazonaws.auth.DefaultAWSCredentialsProviderChain")
130
+ expect(kinesis_with_role_arn.kcl_config.get_cloud_watch_credentials_provider.getClass.to_s).to eq("com.amazonaws.auth.DefaultAWSCredentialsProviderChain")
131
+ end
132
+
113
133
  subject!(:kinesis_with_latest) { LogStash::Inputs::Kinesis.new(config_with_latest) }
114
134
 
115
135
  it "configures the KCL" do
@@ -2,16 +2,17 @@
2
2
  begin
3
3
  require 'jar_dependencies'
4
4
  rescue LoadError
5
+ require 'com/amazonaws/aws-java-sdk-sts/1.11.414/aws-java-sdk-sts-1.11.414.jar'
5
6
  require 'com/fasterxml/jackson/core/jackson-databind/2.6.7.1/jackson-databind-2.6.7.1.jar'
6
7
  require 'com/fasterxml/jackson/core/jackson-core/2.6.7/jackson-core-2.6.7.jar'
7
8
  require 'com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/2.6.7/jackson-dataformat-cbor-2.6.7.jar'
8
9
  require 'org/apache/httpcomponents/httpclient/4.5.5/httpclient-4.5.5.jar'
9
- require 'com/amazonaws/jmespath-java/1.11.400/jmespath-java-1.11.400.jar'
10
10
  require 'com/amazonaws/aws-java-sdk-s3/1.11.400/aws-java-sdk-s3-1.11.400.jar'
11
11
  require 'com/google/guava/guava/18.0/guava-18.0.jar'
12
12
  require 'commons-lang/commons-lang/2.6/commons-lang-2.6.jar'
13
13
  require 'commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar'
14
14
  require 'joda-time/joda-time/2.8.1/joda-time-2.8.1.jar'
15
+ require 'com/amazonaws/jmespath-java/1.11.414/jmespath-java-1.11.414.jar'
15
16
  require 'software/amazon/ion/ion-java/1.0.2/ion-java-1.0.2.jar'
16
17
  require 'com/amazonaws/amazon-kinesis-client/1.9.2/amazon-kinesis-client-1.9.2.jar'
17
18
  require 'com/amazonaws/aws-java-sdk-kinesis/1.11.400/aws-java-sdk-kinesis-1.11.400.jar'
@@ -26,16 +27,17 @@ rescue LoadError
26
27
  end
27
28
 
28
29
  if defined? Jars
30
+ require_jar 'com.amazonaws', 'aws-java-sdk-sts', '1.11.414'
29
31
  require_jar 'com.fasterxml.jackson.core', 'jackson-databind', '2.6.7.1'
30
32
  require_jar 'com.fasterxml.jackson.core', 'jackson-core', '2.6.7'
31
33
  require_jar 'com.fasterxml.jackson.dataformat', 'jackson-dataformat-cbor', '2.6.7'
32
34
  require_jar 'org.apache.httpcomponents', 'httpclient', '4.5.5'
33
- require_jar 'com.amazonaws', 'jmespath-java', '1.11.400'
34
35
  require_jar 'com.amazonaws', 'aws-java-sdk-s3', '1.11.400'
35
36
  require_jar 'com.google.guava', 'guava', '18.0'
36
37
  require_jar 'commons-lang', 'commons-lang', '2.6'
37
38
  require_jar 'commons-logging', 'commons-logging', '1.1.3'
38
39
  require_jar 'joda-time', 'joda-time', '2.8.1'
40
+ require_jar 'com.amazonaws', 'jmespath-java', '1.11.414'
39
41
  require_jar 'software.amazon.ion', 'ion-java', '1.0.2'
40
42
  require_jar 'com.amazonaws', 'amazon-kinesis-client', '1.9.2'
41
43
  require_jar 'com.amazonaws', 'aws-java-sdk-kinesis', '1.11.400'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-kinesis
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.10
4
+ version: 2.0.11
5
5
  platform: java
6
6
  authors:
7
7
  - Brian Palmer
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-11-06 00:00:00.000000000 Z
11
+ date: 2019-01-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -99,7 +99,8 @@ files:
99
99
  - vendor/jar-dependencies/runtime-jars/com/amazonaws/aws-java-sdk-kinesis/1.11.400/aws-java-sdk-kinesis-1.11.400.jar
100
100
  - vendor/jar-dependencies/runtime-jars/com/amazonaws/aws-java-sdk-kms/1.11.400/aws-java-sdk-kms-1.11.400.jar
101
101
  - vendor/jar-dependencies/runtime-jars/com/amazonaws/aws-java-sdk-s3/1.11.400/aws-java-sdk-s3-1.11.400.jar
102
- - vendor/jar-dependencies/runtime-jars/com/amazonaws/jmespath-java/1.11.400/jmespath-java-1.11.400.jar
102
+ - vendor/jar-dependencies/runtime-jars/com/amazonaws/aws-java-sdk-sts/1.11.414/aws-java-sdk-sts-1.11.414.jar
103
+ - vendor/jar-dependencies/runtime-jars/com/amazonaws/jmespath-java/1.11.414/jmespath-java-1.11.414.jar
103
104
  - vendor/jar-dependencies/runtime-jars/com/fasterxml/jackson/core/jackson-annotations/2.6.0/jackson-annotations-2.6.0.jar
104
105
  - vendor/jar-dependencies/runtime-jars/com/fasterxml/jackson/core/jackson-core/2.6.7/jackson-core-2.6.7.jar
105
106
  - vendor/jar-dependencies/runtime-jars/com/fasterxml/jackson/core/jackson-databind/2.6.7.1/jackson-databind-2.6.7.1.jar
@@ -138,6 +139,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
138
139
  requirements:
139
140
  - jar 'com.amazonaws:amazon-kinesis-client', '1.9.2'
140
141
  - jar 'com.amazonaws:aws-java-sdk-core', '1.11.414'
142
+ - jar 'com.amazonaws:aws-java-sdk-sts', '1.11.414'
141
143
  rubyforge_project:
142
144
  rubygems_version: 2.6.13
143
145
  signing_key: