logstash-input-s3-sns-sqs 1.4.6 → 1.4.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/lib/logstash/inputs/s3snssqs.rb +34 -12
  4. data/logstash-input-s3-sns-sqs.gemspec +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b306531064b4c30538ebf2825ad8ccd3cffc1723
4
- data.tar.gz: 3166705bd066e00607cfb5f8f6e0b5d810934ef2
3
+ metadata.gz: c857f29b851808997fb7403a5a1d4e71cd786e89
4
+ data.tar.gz: f2b27edba4192969a5c6e301ac6a19c0fabbeadf
5
5
  SHA512:
6
- metadata.gz: ee7ba71f4ed496dc0cc109ea1834d0da58d112c320fb6c8a80f33ee65ab9a1f0746976be6ad32f934c4f80f9a3c0688f94a64064f44d665bbce3f3d19bb699b0
7
- data.tar.gz: b614c2c3945819b6e95052f1770920d57b83d5afb9300836e6af1375b45c93c15c7117b14fdd33372edbe746cc796e5b967dc75b131b03d9eb0e7ba73cd65797
6
+ metadata.gz: a88ef9c5d505322a0639f5b77b74364ff64a9ea503ee969fad2389b38e82fa4064d9a5de85edd8767d80b0e8e9422a576e620831d63bee1c049da6e61137ab3d
7
+ data.tar.gz: 5a3fbe6296dbaee8a3c95d93ef6ba39f849326f1a138a95b949f351e4f570201b4af9a6db59899e90ef993b900a4a8f5cbc7d9587eb0420ee4df1561b46b766a
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ ## 1.4.8
2
+ - Bufix: CF Metadata events Bug #7
3
+ - Feature: use aws-role for s3 client connection.
4
+ ## 1.4.7
5
+ Remove from rubygems.org
1
6
  ## 1.4.6
2
7
  - BugFix: jRuby > 2 : No return from block
3
8
  - BugFix: No exit on gzip error
data/lib/logstash/inputs/s3snssqs.rb CHANGED
@@ -114,6 +114,12 @@ class LogStash::Inputs::S3SNSSQS < LogStash::Inputs::Threadable
114
114
  # To run in multiple threads use this
115
115
  config :consumer_threads, :validate => :number, :default => 1
116
116
  config :temporary_directory, :validate => :string, :default => File.join(Dir.tmpdir, "logstash")
117
+ # The AWS IAM Role to assume, if any.
118
+ # This is used to generate temporary credentials typically for cross-account access.
119
+ # See https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html for more information.
120
+ config :s3_role_arn, :validate => :string
121
+ # Session name to use when assuming an IAM role
122
+ config :s3_role_session_name, :validate => :string, :default => "logstash"
117
123
 
118
124
 
119
125
  attr_reader :poller
@@ -148,13 +154,7 @@ class LogStash::Inputs::S3SNSSQS < LogStash::Inputs::Threadable
148
154
  aws_sqs_client = Aws::SQS::Client.new(aws_options_hash)
149
155
  queue_url = aws_sqs_client.get_queue_url({ queue_name: @queue, queue_owner_aws_account_id: @queue_owner_aws_account_id})[:queue_url]
150
156
  @poller = Aws::SQS::QueuePoller.new(queue_url, :client => aws_sqs_client)
151
- if s3_access_key_id and s3_secret_access_key
152
- @logger.debug("Using S3 Credentials from config", :ID => aws_options_hash.merge(:access_key_id => s3_access_key_id, :secret_access_key => s3_secret_access_key) )
153
- @s3_client = Aws::S3::Client.new(aws_options_hash.merge(:access_key_id => s3_access_key_id, :secret_access_key => s3_secret_access_key))
154
- else
155
- @s3_client = Aws::S3::Client.new(aws_options_hash)
156
- end
157
-
157
+ get_s3client
158
158
  @s3_resource = get_s3object
159
159
  rescue Aws::SQS::Errors::ServiceError => e
160
160
  @logger.error("Cannot establish connection to Amazon SQS", :error => e)
@@ -277,24 +277,22 @@ class LogStash::Inputs::S3SNSSQS < LogStash::Inputs::Threadable
277
277
  # The line need to go through the codecs to replace
278
278
  # unknown bytes in the log stream before doing a regexp match or
279
279
  # you will get a `Error: invalid byte sequence in UTF-8'
280
- local_decorate(event, key, folder, metadata, bucket)
281
- queue << event
280
+ local_decorate_and_queue(event, queue, key, folder, metadata, bucket)
282
281
  end
283
282
  end
284
283
  @logger.debug("end if file #{filename}")
285
284
  #@logger.info("event pre flush", :event => event)
286
285
  # #ensure any stateful codecs (such as multi-line ) are flushed to the queue
287
286
  instance_codec.flush do |event|
288
- local_decorate(event, key, folder, metadata, bucket)
287
+ local_decorate_and_queue(event, queue, key, folder, metadata, bucket)
289
288
  @logger.debug("We´e to flush an incomplete event...", :event => event)
290
- queue << event
291
289
  end
292
290
 
293
291
  return true
294
292
  end # def process_local_log
295
293
 
296
294
  private
297
- def local_decorate(event, key, folder, metadata, bucket)
295
+ def local_decorate_and_queue(event, queue, key, folder, metadata, bucket)
298
296
  if event_is_metadata?(event)
299
297
  @logger.debug('Event is metadata, updating the current cloudfront metadata', :event => event)
300
298
  update_metadata(metadata, event)
@@ -308,6 +306,7 @@ class LogStash::Inputs::S3SNSSQS < LogStash::Inputs::Threadable
308
306
  event.set("[@metadata][s3]", { "object_key" => key })
309
307
  event.set("[@metadata][s3]", { "bucket_name" => bucket })
310
308
  event.set("[@metadata][s3]", { "object_folder" => folder})
309
+ queue << event
311
310
  end
312
311
  end
313
312
 
@@ -367,11 +366,34 @@ class LogStash::Inputs::S3SNSSQS < LogStash::Inputs::Threadable
367
366
  end
368
367
  end
369
368
 
369
+
370
+ private
371
+ def get_s3client
372
+ if s3_access_key_id and s3_secret_access_key
373
+ @logger.debug("Using S3 Credentials from config", :ID => aws_options_hash.merge(:access_key_id => s3_access_key_id) )
374
+ @s3_client = Aws::S3::Client.new(aws_options_hash.merge(:access_key_id => s3_access_key_id, :secret_access_key => s3_secret_access_key))
375
+ elsif @s3_role_arn
376
+ @s3_client = Aws::S3::Client.new(aws_options_hash.merge!({ :credentials => s3_assume_role }))
377
+ @logger.debug("Using S3 Credentials from role", :s3client => @s3_client.inspect, :options => aws_options_hash.merge!({ :credentials => s3_assume_role }))
378
+ else
379
+ @s3_client = Aws::S3::Client.new(aws_options_hash)
380
+ end
381
+ end
382
+
370
383
  private
371
384
  def get_s3object
372
385
  s3 = Aws::S3::Resource.new(client: @s3_client)
373
386
  end
374
387
 
388
+ private
389
+ def s3_assume_role()
390
+ Aws::AssumeRoleCredentials.new(
391
+ client: Aws::STS::Client.new(region: @region),
392
+ role_arn: @s3_role_arn,
393
+ role_session_name: @s3_role_session_name
394
+ )
395
+ end
396
+
375
397
  private
376
398
  def event_is_metadata?(event)
377
399
  return false unless event.get("message").class == String
data/logstash-input-s3-sns-sqs.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'logstash-input-s3-sns-sqs'
3
- s.version = '1.4.6'
3
+ s.version = '1.4.8'
4
4
  s.licenses = ['Apache License (2.0)']
5
5
  s.summary = "Get logs from AWS s3 buckets as issued by an object-created event via sns -> sqs."
6
6
  s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-s3-sns-sqs
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.6
4
+ version: 1.4.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Christian Herweg
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-03-22 00:00:00.000000000 Z
11
+ date: 2018-03-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement