lib/logstash/outputs/s3.rb in logstash-output-s3-4.0.3 vs lib/logstash/outputs/s3.rb in logstash-output-s3-4.0.5

- old
+ new

@@ -125,13 +125,27 @@ # The S3 canned ACL to use when putting the file. Defaults to "private". config :canned_acl, :validate => ["private", "public_read", "public_read_write", "authenticated_read"], :default => "private" - # Specifies wether or not to use S3's AES256 server side encryption. Defaults to false. + # Specifies wether or not to use S3's server side encryption. Defaults to no encryption. config :server_side_encryption, :validate => :boolean, :default => false + # Specifies what type of encryption to use when SSE is enabled. + config :server_side_encryption_algorithm, :validate => ["AES256", "aws:kms"], :default => "AES256" + + # The key to use when specified along with server_side_encryption => aws:kms. + # If server_side_encryption => aws:kms is set but this is not default KMS key is used. + # http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html + config :ssekms_key_id, :validate => :string + + # Specifies what S3 storage class to use when uploading the file. + # More information about the different storage classes can be found: + # http://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html + # Defaults to STANDARD. + config :storage_class, :validate => ["STANDARD", "REDUCED_REDUNDANCY", "STANDARD_IA"], :default => "STANDARD" + # Set the directory where logstash will store the tmp files before sending it to S3 # default to the current OS temporary directory in linux /tmp/logstash config :temporary_directory, :validate => :string, :default => File.join(Dir.tmpdir, "logstash") # Specify a prefix to the uploaded filename, this can simulate directories on S3. Prefix does not require leading slash. @@ -181,11 +195,11 @@ if !WritableDirectoryValidator.valid?(@temporary_directory) raise LogStash::ConfigurationError, "Logstash must have the permissions to write to the temporary directory: #{@temporary_directory}" end - if @validate_credentials_on_root_bucket && !WriteBucketPermissionValidator.valid?(bucket_resource) + if @validate_credentials_on_root_bucket && !WriteBucketPermissionValidator.new(@logger).valid?(bucket_resource) raise LogStash::ConfigurationError, "Logstash must have the privileges to write to root bucket `#{@bucket}`, check you credentials or your permissions." end if @time_file.nil? && @size_file.nil? || @size_file == 0 && @time_file == 0 raise LogStash::ConfigurationError, "The S3 plugin must have at least one of time_file or size_file set to a value greater than 0" @@ -263,10 +277,12 @@ end def upload_options { :acl => @canned_acl, - :server_side_encryption => @server_side_encryption ? :aes256 : nil, + :server_side_encryption => @server_side_encryption ? @server_side_encryption_algorithm : nil, + :ssekms_key_id => @server_side_encryption_algorithm == "aws:kms" ? @ssekms_key_id : nil, + :storage_class => @storage_class, :content_encoding => @encoding == "gzip" ? "gzip" : nil } end private