Skip to content

upgrade aws-sdk to v3 to support webidentitytoken via service account IAM #195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Sep 1, 2022
Merged

upgrade aws-sdk to v3 to support webidentitytoken via service account IAM #195

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a6f9aec
upgrade aws-sdk to v3 to support ec2 instance profiles (IMDS)
hardproblems Aug 6, 2022
546fc17
fix signing call
hardproblems Aug 9, 2022
b6eba4c
update version to 7.2.0
hardproblems Aug 12, 2022
d3a6672
update README
hardproblems Aug 12, 2022
47d03ce
update to 8.0.0
hardproblems Aug 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 21 additions & 19 deletions lib/logstash/outputs/amazon_es/http_client/manticore_adapter.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,10 +51,10 @@ def initialize(logger, options={})
if options[:proxy]
options[:proxy] = manticore_proxy_hash(options[:proxy])
end

@manticore = ::Manticore::Client.new(options)
end

# Transform the proxy option to a hash. Manticore's support for non-hash
# proxy options is broken. This was fixed in https://github.com/cheald/manticore/commit/34a00cee57a56148629ed0a47c329181e7319af5
# but this is not yet released
Expand Down Expand Up @@ -89,12 +89,12 @@ def perform_request(url, method, path, params={}, body=nil)
params[:body] = body if body

if url.user
params[:auth] = {
params[:auth] = {
:user => CGI.unescape(url.user),
# We have to unescape the password here since manticore won't do it
# for us unless its part of the URL
:password => CGI.unescape(url.password),
:eager => true
:password => CGI.unescape(url.password),
:eager => true
}
end

Expand All @@ -107,16 +107,18 @@ def perform_request(url, method, path, params={}, body=nil)
end


key = Seahorse::Client::Http::Request.new(options={:endpoint=>url, :http_method => method.to_s.upcase,
request = Seahorse::Client::Http::Request.new(options={:endpoint=>url, :http_method => method.to_s.upcase,
:headers => params[:headers],:body => params[:body]})

aws_signer = Aws::Signers::V4.new(@credentials, @service_name, @region )


signed_key = aws_signer.sign(key)
params[:headers] = params[:headers].merge(signed_key.headers)

aws_signer = Aws::Sigv4::Signer.new(service: @service_name, region: @region, credentials_provider: @credentials)

signed_key = aws_signer.sign_request(
http_method: request.http_method,
url: url,
headers: params[:headers],
body: params[:body]
)
params[:headers] = params[:headers].merge(signed_key.headers)

resp = @manticore.send(method.downcase, request_uri.to_s, params)

Expand All @@ -136,27 +138,27 @@ def perform_request(url, method, path, params={}, body=nil)

def format_url(url, path_and_query=nil)
request_uri = url.clone

# We excise auth info from the URL in case manticore itself tries to stick
# sensitive data in a thrown exception or log data
request_uri.user = nil
request_uri.password = nil

return request_uri.to_s if path_and_query.nil?

parsed_path_and_query = java.net.URI.new(path_and_query)

query = request_uri.query
parsed_query = parsed_path_and_query.query

new_query_parts = [request_uri.query, parsed_path_and_query.query].select do |part|
part && !part.empty? # Skip empty nil and ""
end

request_uri.query = new_query_parts.join("&") unless new_query_parts.empty?

request_uri.path = "#{request_uri.path}/#{parsed_path_and_query.path}".gsub(/\/{2,}/, "/")

request_uri
end

Expand Down
4 changes: 2 additions & 2 deletions logstash-output-amazon_es.gemspec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

Gem::Specification.new do |s|
s.name = 'logstash-output-amazon_es'
s.version = '7.1.0'
s.version = '7.1.1'
s.licenses = ['Apache-2.0']
s.summary = "Logstash Output to Amazon Elasticsearch Service"
s.description = "Output events to Amazon Elasticsearch Service with V4 signing"
Expand All @@ -28,7 +28,7 @@ Gem::Specification.new do |s|
s.add_runtime_dependency 'stud', ['>= 0.0.17', '~> 0.0']
s.add_runtime_dependency 'cabin', ['~> 0.6']
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
s.add_runtime_dependency 'aws-sdk', '>= 2.3.22', '~> 2'
s.add_runtime_dependency 'aws-sdk', '~> 3'

s.add_development_dependency 'logstash-codec-plain'
s.add_development_dependency 'logstash-devutils', "~> 1.3", ">= 1.3.1"
Expand Down