-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implements AWS SigV4 for the HTTP output plugin. #4459
Conversation
Signed-off-by: David Venable <dlv@amazon.com>
@dlvenable Thanks so much for this enhancement! |
… as needed for SigV4 authentication. Signed-off-by: David Venable <dlv@amazon.com>
Signed-off-by: David Venable <dlv@amazon.com>
afe7485
to
e4c2044
Compare
Thank you all for the useful feedback. I've pushed changes to address these comments. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I commented on my concerns, but it looks basically good to me.
Thanks so much for this enhancement!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Basically, it looks good to me. I added a comment about XML parsers.
aws-sdk-ruby needs to work with XML parsers to handle XML responses from AWS services.
@daipom , @cosmo0920 , I see that some tests are failing, but they don't appear to be related to http. Are these possibly flaky tests? I'm very interested in getting this PR in to allow us to move forward. Thank you. |
@ashie , It appears that the comment about gems still has this in changes requested. |
Yes. These tests are unstable. We can ignore it. |
These failed tests are flaky tests on macOS and Windows. They should be able to be ignored for now. @daipom @ashie Any ETA for getting merged this PR? In Fluent Bit side, SigV4 signature is set up in the almost HTTP related plugins. So, I'm also interested in to equip the similar functionality as a parity for Fluent Bit. |
It's almost ready for merge. |
Yes. I think we can merge this soon, at least once the concerns pointed out by @ashie are resolved. |
… flexible versions and use a return to invert a conditional. Signed-off-by: David Venable <dlv@amazon.com>
Thanks for your contribution! |
@dlvenable Thanks for your contribution! |
New feature of Fluentd v1.17.0. Related: fluent/fluentd#4459 Signed-off-by: Daijiro Fukuda <fukuda@clear-code.com>
New feature of Fluentd v1.17.0. Related: fluent/fluentd#4459 Signed-off-by: Daijiro Fukuda <fukuda@clear-code.com>
Which issue(s) this PR fixes:
Fixes #4444
What this PR does / why we need it:
This PR adds a new authentication method to the HTTP output plugin for AWS sigV4. We need it so that customers can use Fluentd to send data to Amazon OpenSearch Ingestion which supports the Fluentd output plugin, but requires SigV4 authentication.
Docs Changes:
aws_sigv4
- When this option is specified, Fluentd will sign requests using AWS Signature Version 4.aws_service
- The AWS service to authenticate againstaws_region
- The AWS region to use when authenticatingaws_role_arn
- The AWS role ARN to assume when authenticatingYou can optionally specify an
aws_role_arn
. If you provide it, Fluentd will assume that AWS role and send requests signing from that role. Otherwise, Fluentd will use the credentials found by the credential provider chain as defined in the AWS documentation.Release Note:
The http output plugin supports AWS Signature Version 4 authentication.