Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide a way to refresh credentials #205

Open
imriz opened this issue May 7, 2019 · 1 comment
Open

Provide a way to refresh credentials #205

imriz opened this issue May 7, 2019 · 1 comment

Comments

@imriz
Copy link

imriz commented May 7, 2019

We're using the external credentials file (aws_credentials_file), with temporary credentials generated using Vault.
The problem is that that the uploader thread is started on register, and the plugin will not allow refreshing the credentials.
There should be a way to signal the plugin that the credentials were refreshed (maybe watch the file timestamp?).
@erickpeirson
Copy link

Currently working around this (less than elegantly...):

#!/bin/bash -e

if [[ -z $1 ]] || [[ ${1:0:1} == '-' ]] ; then
  logstash -r "$@" &
  LOGSTASH_PID=$!
else
  "$@" &
  LOGSTASH_PID=$!
fi

echo "Started logstash as "${LOGSTASH_PID}

CREDS_HASH=$(md5sum ${AWS_CREDENTIALS_FILE})

while true; do
  if [ "${CREDS_HASH}" != "$(md5sum ${AWS_CREDENTIALS_FILE})" ]; then
    echo "Hash has changed, stopping logstash"
    kill ${LOGSTASH_PID}
    logstash "$@" &
    LOGSTASH_PID=$!
    echo "Started logstash as "${LOGSTASH_PID}
    CREDS_HASH=$(md5sum ${AWS_CREDENTIALS_FILE})
  fi
  sleep 1;
done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@erickpeirson @imriz