logstash-output-s3 icon indicating copy to clipboard operation
logstash-output-s3 copied to clipboard

Published 20 hours ago verified publisher icon logstash-plugins

Provide a way to refresh credentials

Open imriz opened this issue 5 years ago • 1 comments

We're using the external credentials file (aws_credentials_file), with temporary credentials generated using Vault. The problem is that that the uploader thread is started on register, and the plugin will not allow refreshing the credentials. There should be a way to signal the plugin that the credentials were refreshed (maybe watch the file timestamp?).

imriz avatar May 07 '19 16:05 imriz

Currently working around this (less than elegantly...):

#!/bin/bash -e

if [[ -z $1 ]] || [[ ${1:0:1} == '-' ]] ; then
  logstash -r "$@" &
  LOGSTASH_PID=$!
else
  "$@" &
  LOGSTASH_PID=$!
fi

echo "Started logstash as "${LOGSTASH_PID}

CREDS_HASH=$(md5sum ${AWS_CREDENTIALS_FILE})

while true; do
  if [ "${CREDS_HASH}" != "$(md5sum ${AWS_CREDENTIALS_FILE})" ]; then
    echo "Hash has changed, stopping logstash"
    kill ${LOGSTASH_PID}
    logstash "$@" &
    LOGSTASH_PID=$!
    echo "Started logstash as "${LOGSTASH_PID}
    CREDS_HASH=$(md5sum ${AWS_CREDENTIALS_FILE})
  fi
  sleep 1;
done

erickpeirson avatar Oct 09 '19 13:10 erickpeirson