Skip to content

Add config for sts_credentials_region #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jun 9, 2020
Merged

Add config for sts_credentials_region #65

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
256c739
Add config for sts_credentials_region
csolidum Jun 3, 2020
e36279a
Refactor sts_region code to be more testable
csolidum Jun 9, 2020
03ab399
Update README to include sts_credentials_region
csolidum Jun 9, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ Additionally, you can use an STS assumed role as the authenticating factor and i
region eu-west-1
assume_role_arn arn:aws:sts::ACCOUNT:role/ROLE
assume_role_session_name SESSION_ID # Defaults to fluentd if omitted
sts_credentials_region us-west-2 # Defaults to region if omitted
</endpoint>
```

Expand Down
10 changes: 8 additions & 2 deletions lib/fluent/plugin/out_aws-elasticsearch-service.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ class AwsElasticsearchServiceOutput < ElasticsearchOutput
config_param :ecs_container_credentials_relative_uri, :string, :default => nil #Set with AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable value
config_param :assume_role_session_name, :string, :default => "fluentd"
config_param :assume_role_web_identity_token_file, :string, :default => nil
config_param :sts_credentials_region, :string, :default => nil
Copy link
Collaborator

@cosmo0920 cosmo0920 Jun 9, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add this parameter in README documentation?
https://github.com/atomita/fluent-plugin-aws-elasticsearch-service/blob/master/README.md

Only existing in plugin code, users don't get noticed this.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated an example in the README to include this config option.

end

# here overrides default value of reload_connections to false because
Expand Down Expand Up @@ -86,17 +87,18 @@ def credentials(opts)
}).credentials
end
else

if opts[:assume_role_web_identity_token_file].nil?
credentials = sts_credential_provider({
role_arn: opts[:assume_role_arn],
role_session_name: opts[:assume_role_session_name],
region: opts[:region]
region: sts_credentials_region(opts)
}).credentials
else
credentials = sts_web_identity_credential_provider({
role_arn: opts[:assume_role_arn],
web_identity_token_file: opts[:assume_role_web_identity_token_file],
region: opts[:region]
region: sts_credentials_region(opts)
}).credentials
end
end
Expand All @@ -111,6 +113,10 @@ def calback.inspect
calback
end

def sts_credentials_region(opts)
opts[:sts_credentials_region] || opts[:region]
end

def sts_credential_provider(opts)
# AssumeRoleCredentials is an auto-refreshing credential provider
@sts ||= Aws::AssumeRoleCredentials.new(opts)
Expand Down