RubyGems - logstash-input-kinesis - Versions diffs - 2.0.10-java → 2.0.11-java - Mend

logstash-input-kinesis 2.0.10-java → 2.0.11-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e043e41cda349ab19d8a7d315d12053e85720655957ecdd2bfa14c8004b3f251
-  data.tar.gz: 7f45606c39c9afe600125b147426fc6187ffccff94a8b202cda6c4e51391393e
+  metadata.gz: 8b73933809822a3ae0d3dd18eea38e18cba4e7370092efd22729268d290c3424
+  data.tar.gz: 003f5c0a310e31efed2644b53bfccea4ec1b2713a391c434168f1cd507350467
 SHA512:
-  metadata.gz: 2a49ae6fee952b540b522dca5cbab79cbdaabf68c2e9e628f1f88fbeea3b89f0bf4f03e8dfea65284d9125d68365e702536ee096dc161bcedb8eb9fe15120ba3
-  data.tar.gz: 67fa5c368c1924e31d3a47ad4082d06c957ade7c6d36e7d8023e54cd06a113bf1f2bd4de84d426bb68911f3a1f36e7eb5dc1ff73bb14cf5803554b7a5c621b21
+  metadata.gz: d60d1dd1700b0d219ae7b5d7c6d59d4b6f4e689a752fb2fe58cc9b218a762a1ba297eb1a91ab9ad2159071263afbac8ed983fbbeaf402836c27960a5c2548eac
+  data.tar.gz: c7c65d11674124af023a62763951630b1d3af0d63223c671c75ee44ee13292316a6555b2570f4577d6f4276e9b74b0a1240d27281b5539e97627226a8ecb2d20

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,6 @@
+## 2.0.11
+  - Added the ability to assume a role [#40](https://github.com/logstash-plugins/logstash-input-kinesis/pull/40)
 ## 2.0.10
   - Added the ability to set additional settings exposed through KinesisClientLibConfiguration [#51](https://github.com/logstash-plugins/logstash-input-kinesis/pull/51)

data/README.md CHANGED Viewed

@@ -48,7 +48,13 @@ This are the properties you can configure and what are the default values:
     * **default value**: `nil`
 * `profile`: The AWS profile name for authentication. This ensures that the `~/.aws/credentials` AWS auth provider is used. By default this is empty and the default chain will be used.
     * **required**: false
-    * **default value**: `""`
+* `role_arn`: The AWS role to assume. This can be used, for example, to access a Kinesis stream in a different AWS
+account. This role will be assumed after the default credentials or profile credentials are created. By default
+this is empty and a role will not be assumed.
+    * **required**: false
+* `role_session_name`: Session name to use when assuming an IAM role. This is recorded in CloudTrail logs for example.
+    * **required**: false
+    * **default value**: `"logstash"`
 * `initial_position_in_stream`: The value for initialPositionInStream. Accepts "TRIM_HORIZON" or "LATEST".
     * **required**: false
     * **default value**: `"TRIM_HORIZON"`

data/lib/logstash/inputs/kinesis.rb CHANGED Viewed

@@ -55,6 +55,14 @@ class LogStash::Inputs::Kinesis < LogStash::Inputs::Base
   # Select AWS profile for input
   config :profile, :validate => :string
+  # The AWS IAM Role to assume, if any.
+  # This is used to generate temporary credentials typically for cross-account access.
+  # See https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html for more information.
+  config :role_arn, :validate => :string
+  # Session name to use when assuming an IAM role
+  config :role_session_name, :validate => :string, :default => "logstash"
   # Select initial_position_in_stream. Accepts TRIM_HORIZON or LATEST
   config :initial_position_in_stream, :validate => ["TRIM_HORIZON", "LATEST"], :default => "TRIM_HORIZON"
@@ -85,6 +93,14 @@ class LogStash::Inputs::Kinesis < LogStash::Inputs::Base
     else
       creds = com.amazonaws.auth::DefaultAWSCredentialsProviderChain.new
     end
+    # If a role ARN is set then assume the role as a new layer over the credentials already created
+    unless @role_arn.nil?
+      kinesis_creds = com.amazonaws.auth::STSAssumeRoleSessionCredentialsProvider.new(creds, @role_arn, @role_session_name)
+    else
+      kinesis_creds = creds
+    end
     initial_position_in_stream = if @initial_position_in_stream == "TRIM_HORIZON"
       KCL::InitialPositionInStream::TRIM_HORIZON
     else
@@ -94,7 +110,9 @@ class LogStash::Inputs::Kinesis < LogStash::Inputs::Base
     @kcl_config = KCL::KinesisClientLibConfiguration.new(
       @application_name,
       @kinesis_stream_name,
-      creds,
+      kinesis_creds, # credential provider for accessing the kinesis stream
+      creds, # credential provider for creating / accessing the dynamo table
+      creds, # credential provider for cloudwatch metrics
       worker_id).
         withInitialPositionInStream(initial_position_in_stream).
         withRegionName(@region)

data/lib/logstash/inputs/kinesis/version.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Logstash
   module Input
     module Kinesis
-      VERSION = "2.0.10"
+      VERSION = "2.0.11"
     end
   end
 end

data/logstash-input-kinesis.gemspec CHANGED Viewed

@@ -24,6 +24,7 @@ Gem::Specification.new do |spec|
   spec.requirements << "jar 'com.amazonaws:amazon-kinesis-client', '1.9.2'"
   spec.requirements << "jar 'com.amazonaws:aws-java-sdk-core', '1.11.414'"
+  spec.requirements << "jar 'com.amazonaws:aws-java-sdk-sts', '1.11.414'"
   spec.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"

data/spec/inputs/kinesis_spec.rb CHANGED Viewed

@@ -26,6 +26,17 @@ RSpec.describe "inputs/kinesis" do
     "profile" => "my-aws-profile"
   }}
+  # Config hash to test assume role provider if role_arn is specified
+  let(:config_with_role_arn) {{
+    "application_name" => "my-processor",
+    "kinesis_stream_name" => "run-specs",
+    "codec" => codec,
+    "metrics" => metrics,
+    "checkpoint_interval_seconds" => 120,
+    "region" => "ap-southeast-1",
+    "role_arn" => "arn:aws:iam::???????????:role/my-role"
+  }}
   # other config with LATEST as initial_position_in_stream
   let(:config_with_latest) {{
     "application_name" => "my-processor",
@@ -110,6 +121,15 @@ RSpec.describe "inputs/kinesis" do
     expect(kinesis_with_profile.kcl_config.get_kinesis_credentials_provider.getClass.to_s).to eq("com.amazonaws.auth.profile.ProfileCredentialsProvider")
   end
+  subject!(:kinesis_with_role_arn) { LogStash::Inputs::Kinesis.new(config_with_role_arn) }
+  it "uses STS for accessing the kinesis stream if role_arn is specified" do
+    kinesis_with_role_arn.register
+    expect(kinesis_with_role_arn.kcl_config.get_kinesis_credentials_provider.getClass.to_s).to eq("com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider")
+    expect(kinesis_with_role_arn.kcl_config.get_dynamo_db_credentials_provider.getClass.to_s).to eq("com.amazonaws.auth.DefaultAWSCredentialsProviderChain")
+    expect(kinesis_with_role_arn.kcl_config.get_cloud_watch_credentials_provider.getClass.to_s).to eq("com.amazonaws.auth.DefaultAWSCredentialsProviderChain")
+  end
   subject!(:kinesis_with_latest) { LogStash::Inputs::Kinesis.new(config_with_latest) }
   it "configures the KCL" do

data/vendor/jar-dependencies/runtime-jars/com/amazonaws/aws-java-sdk-sts/1.11.414/aws-java-sdk-sts-1.11.414.jar ADDED Viewed

Binary file

data/vendor/jar-dependencies/runtime-jars/com/amazonaws/jmespath-java/{1.11.400/jmespath-java-1.11.400.jar → 1.11.414/jmespath-java-1.11.414.jar} RENAMED Viewed

Binary file

data/vendor/jar-dependencies/runtime-jars/logstash-input-kinesis_jars.rb CHANGED Viewed

@@ -2,16 +2,17 @@
 begin
   require 'jar_dependencies'
 rescue LoadError
+  require 'com/amazonaws/aws-java-sdk-sts/1.11.414/aws-java-sdk-sts-1.11.414.jar'
   require 'com/fasterxml/jackson/core/jackson-databind/2.6.7.1/jackson-databind-2.6.7.1.jar'
   require 'com/fasterxml/jackson/core/jackson-core/2.6.7/jackson-core-2.6.7.jar'
   require 'com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/2.6.7/jackson-dataformat-cbor-2.6.7.jar'
   require 'org/apache/httpcomponents/httpclient/4.5.5/httpclient-4.5.5.jar'
-  require 'com/amazonaws/jmespath-java/1.11.400/jmespath-java-1.11.400.jar'
   require 'com/amazonaws/aws-java-sdk-s3/1.11.400/aws-java-sdk-s3-1.11.400.jar'
   require 'com/google/guava/guava/18.0/guava-18.0.jar'
   require 'commons-lang/commons-lang/2.6/commons-lang-2.6.jar'
   require 'commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar'
   require 'joda-time/joda-time/2.8.1/joda-time-2.8.1.jar'
+  require 'com/amazonaws/jmespath-java/1.11.414/jmespath-java-1.11.414.jar'
   require 'software/amazon/ion/ion-java/1.0.2/ion-java-1.0.2.jar'
   require 'com/amazonaws/amazon-kinesis-client/1.9.2/amazon-kinesis-client-1.9.2.jar'
   require 'com/amazonaws/aws-java-sdk-kinesis/1.11.400/aws-java-sdk-kinesis-1.11.400.jar'
@@ -26,16 +27,17 @@ rescue LoadError
 end
 if defined? Jars
+  require_jar 'com.amazonaws', 'aws-java-sdk-sts', '1.11.414'
   require_jar 'com.fasterxml.jackson.core', 'jackson-databind', '2.6.7.1'
   require_jar 'com.fasterxml.jackson.core', 'jackson-core', '2.6.7'
   require_jar 'com.fasterxml.jackson.dataformat', 'jackson-dataformat-cbor', '2.6.7'
   require_jar 'org.apache.httpcomponents', 'httpclient', '4.5.5'
-  require_jar 'com.amazonaws', 'jmespath-java', '1.11.400'
   require_jar 'com.amazonaws', 'aws-java-sdk-s3', '1.11.400'
   require_jar 'com.google.guava', 'guava', '18.0'
   require_jar 'commons-lang', 'commons-lang', '2.6'
   require_jar 'commons-logging', 'commons-logging', '1.1.3'
   require_jar 'joda-time', 'joda-time', '2.8.1'
+  require_jar 'com.amazonaws', 'jmespath-java', '1.11.414'
   require_jar 'software.amazon.ion', 'ion-java', '1.0.2'
   require_jar 'com.amazonaws', 'amazon-kinesis-client', '1.9.2'
   require_jar 'com.amazonaws', 'aws-java-sdk-kinesis', '1.11.400'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-kinesis
 version: !ruby/object:Gem::Version
-  version: 2.0.10
+  version: 2.0.11
 platform: java
 authors:
 - Brian Palmer
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-11-06 00:00:00.000000000 Z
+date: 2019-01-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -99,7 +99,8 @@ files:
 - vendor/jar-dependencies/runtime-jars/com/amazonaws/aws-java-sdk-kinesis/1.11.400/aws-java-sdk-kinesis-1.11.400.jar
 - vendor/jar-dependencies/runtime-jars/com/amazonaws/aws-java-sdk-kms/1.11.400/aws-java-sdk-kms-1.11.400.jar
 - vendor/jar-dependencies/runtime-jars/com/amazonaws/aws-java-sdk-s3/1.11.400/aws-java-sdk-s3-1.11.400.jar
-- vendor/jar-dependencies/runtime-jars/com/amazonaws/jmespath-java/1.11.400/jmespath-java-1.11.400.jar
+- vendor/jar-dependencies/runtime-jars/com/amazonaws/aws-java-sdk-sts/1.11.414/aws-java-sdk-sts-1.11.414.jar
+- vendor/jar-dependencies/runtime-jars/com/amazonaws/jmespath-java/1.11.414/jmespath-java-1.11.414.jar
 - vendor/jar-dependencies/runtime-jars/com/fasterxml/jackson/core/jackson-annotations/2.6.0/jackson-annotations-2.6.0.jar
 - vendor/jar-dependencies/runtime-jars/com/fasterxml/jackson/core/jackson-core/2.6.7/jackson-core-2.6.7.jar
 - vendor/jar-dependencies/runtime-jars/com/fasterxml/jackson/core/jackson-databind/2.6.7.1/jackson-databind-2.6.7.1.jar
@@ -138,6 +139,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements:
 - jar 'com.amazonaws:amazon-kinesis-client', '1.9.2'
 - jar 'com.amazonaws:aws-java-sdk-core', '1.11.414'
+- jar 'com.amazonaws:aws-java-sdk-sts', '1.11.414'
 rubyforge_project:
 rubygems_version: 2.6.13
 signing_key: