diff --git a/include/fluent-bit/flb_aws_credentials.h b/include/fluent-bit/flb_aws_credentials.h index 5bcda676b5b..adde77bf039 100644 --- a/include/fluent-bit/flb_aws_credentials.h +++ b/include/fluent-bit/flb_aws_credentials.h @@ -257,18 +257,28 @@ struct flb_aws_provider *flb_aws_env_provider_create(); * used by host and path. */ struct flb_aws_provider *flb_http_provider_create(struct flb_config *config, - flb_sds_t host, + flb_sds_t endpoint, flb_sds_t path, + flb_sds_t auth_token, struct flb_aws_client_generator *generator); +struct flb_aws_provider *flb_local_http_provider_create(struct flb_config *config, + flb_sds_t endpoint, + flb_sds_t auth_token, + struct + flb_aws_client_generator + *generator); + + + /* - * ECS Provider - * The ECS Provider is just a wrapper around the HTTP Provider - * with the ECS credentials endpoint. + * Container Provider + * The Container Provider is just a wrapper around the HTTP Provider + * with the ECS/EKS credentials endpoint. */ -struct flb_aws_provider *flb_ecs_provider_create(struct flb_config *config, +struct flb_aws_provider *flb_container_provider_create(struct flb_config *config, struct flb_aws_client_generator *generator); diff --git a/src/aws/flb_aws_credentials.c b/src/aws/flb_aws_credentials.c index 824a535d021..d3cb3d1c9e7 100644 --- a/src/aws/flb_aws_credentials.c +++ b/src/aws/flb_aws_credentials.c @@ -581,11 +581,11 @@ static struct flb_aws_provider *standard_chain_create(struct flb_config } } - sub_provider = flb_ecs_provider_create(config, generator); + sub_provider = flb_container_provider_create(config, generator); if (sub_provider) { - /* ECS Provider will fail creation if we are not running in ECS */ + /* HTTP Provider will fail creation if we are not running in ECS/EKS */ mk_list_add(&sub_provider->_head, &implementation->sub_providers); - flb_debug("[aws_credentials] Initialized ECS Provider in standard chain"); + flb_debug("[aws_credentials] Initialized HTTP Provider in standard chain"); } sub_provider = flb_ec2_provider_create(config, generator); diff --git a/src/aws/flb_aws_credentials_http.c b/src/aws/flb_aws_credentials_http.c index d9095935ce6..1c3512a5a1c 100644 --- a/src/aws/flb_aws_credentials_http.c +++ b/src/aws/flb_aws_credentials_http.c @@ -22,6 +22,8 @@ #include #include #include +#include +#include #include #include @@ -34,9 +36,19 @@ #define AWS_HTTP_RESPONSE_TOKEN "Token" #define AWS_CREDENTIAL_RESPONSE_EXPIRATION "Expiration" -#define ECS_CREDENTIALS_HOST "169.254.170.2" -#define ECS_CREDENTIALS_HOST_LEN 13 -#define ECS_CREDENTIALS_PATH_ENV_VAR "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" +#define ECS_CONTAINER_ENDPOINT "http://169.254.170.2" +#define ECS_CONTAINER_ENDPOINT_LEN 20 +#define ECS_CREDENTIALS_HOST "169.254.170.2" +#define ECS_CREDENTIALS_HOST_LEN 13 +#define EKS_CREDENTIALS_HOST "169.254.170.23" +#define EKS_CREDENTIALS_HOST_LEN 14 +#define EKS_CREDENTIALS_HOST_IPV6 "fd00:ec2::23" +#define EKS_CREDENTIALS_HOST_IPV6_LEN 12 + +#define AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE_ENV_VAR "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE" +#define AWS_CONTAINER_AUTHORIZATION_TOKEN_ENV_VAR "AWS_CONTAINER_AUTHORIZATION_TOKEN" +#define AWS_CONTAINER_CREDENTIALS_RELATIVE_URI_ENV_VAR "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" +#define AWS_CONTAINER_CREDENTIALS_FULL_URI_ENV_VAR "AWS_CONTAINER_CREDENTIALS_FULL_URI" /* Declarations */ @@ -44,10 +56,16 @@ struct flb_aws_provider_http; static int http_credentials_request(struct flb_aws_provider_http *implementation); +static struct flb_aws_header authorization_header = { + .key = "Authorization", + .key_len = 13, + .val = "", + .val_len = 0, +}; /* * HTTP Credentials Provider - retrieve credentials from a local http server - * Used to implement the ECS Credentials provider. + * Used to implement the Container Credentials provider. * Equivalent to: * https://github.com/aws/aws-sdk-go/tree/master/aws/credentials/endpointcreds */ @@ -58,9 +76,13 @@ struct flb_aws_provider_http { struct flb_aws_client *client; - /* Host and Path to request credentials */ - flb_sds_t host; + /* Endpoint to request credentials */ + flb_sds_t endpoint; flb_sds_t path; + + /* Auth token */ + flb_sds_t auth_token; + flb_sds_t auth_token_file; }; @@ -136,6 +158,35 @@ struct flb_aws_credentials *get_credentials_fn_http(struct flb_aws_provider return NULL; } +static int flb_aws_allowed_ip(char *ip_address) { + if (strcmp(ip_address, ECS_CREDENTIALS_HOST) == 0) { + return FLB_TRUE; // ECS container host + } else if (strcmp(ip_address, EKS_CREDENTIALS_HOST) == 0 || + strcmp(ip_address, EKS_CREDENTIALS_HOST_IPV6) == 0) { + return FLB_TRUE; // EKS container host + } + + // Loopback + // IPv4 + if (strncmp(ip_address, "127.0.0.", 8) == 0 && + strlen(ip_address) > 8 && + strlen(ip_address) <= 11) { + ip_address += 8; + if (atoi(ip_address) > 255) { + return FLB_FALSE; + } + return FLB_TRUE; + } + + // IPv6 + if (strcmp(ip_address, "::1") == 0 || + strcmp(ip_address, "0:0:0:0:0:0:0:1") == 0) { + return FLB_TRUE; + } + + return FLB_FALSE; +} + int refresh_fn_http(struct flb_aws_provider *provider) { struct flb_aws_provider_http *implementation = provider->implementation; int ret = -1; @@ -204,14 +255,22 @@ void destroy_fn_http(struct flb_aws_provider *provider) { flb_aws_client_destroy(implementation->client); } - if (implementation->host) { - flb_sds_destroy(implementation->host); + if (implementation->endpoint) { + flb_sds_destroy(implementation->endpoint); } if (implementation->path) { flb_sds_destroy(implementation->path); } + if (implementation->auth_token) { + flb_sds_destroy(implementation->auth_token); + } + + if (implementation->auth_token_file) { + flb_sds_destroy(implementation->auth_token_file); + } + flb_free(implementation); provider->implementation = NULL; } @@ -230,18 +289,20 @@ static struct flb_aws_provider_vtable http_provider_vtable = { }; struct flb_aws_provider *flb_http_provider_create(struct flb_config *config, - flb_sds_t host, + flb_sds_t endpoint, flb_sds_t path, + flb_sds_t auth_token, struct flb_aws_client_generator *generator) { + char *auth_token_file = NULL; struct flb_aws_provider_http *implementation = NULL; struct flb_aws_provider *provider = NULL; struct flb_upstream *upstream = NULL; - flb_debug("[aws_credentials] Configuring HTTP provider with %s:80%s", - host, path); + flb_debug("[aws_credentials] Configuring HTTP provider with %s", + endpoint); provider = flb_calloc(1, sizeof(struct flb_aws_provider)); @@ -263,10 +324,21 @@ struct flb_aws_provider *flb_http_provider_create(struct flb_config *config, provider->provider_vtable = &http_provider_vtable; provider->implementation = implementation; - implementation->host = host; + auth_token_file = getenv(AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE_ENV_VAR); + if (auth_token_file) { + implementation->auth_token_file = flb_sds_create(auth_token_file); + if (!implementation->auth_token_file) { + flb_aws_provider_destroy(provider); + flb_errno(); + return NULL; + } + } + + implementation->auth_token = auth_token; + implementation->endpoint = endpoint; implementation->path = path; - upstream = flb_upstream_create(config, host, 80, FLB_IO_TCP, NULL); + upstream = flb_upstream_create_url(config, endpoint, FLB_IO_TCP, NULL); if (!upstream) { flb_aws_provider_destroy(provider); @@ -289,7 +361,6 @@ struct flb_aws_provider *flb_http_provider_create(struct flb_config *config, implementation->client->provider = NULL; implementation->client->region = NULL; implementation->client->service = NULL; - implementation->client->port = 80; implementation->client->flags = 0; implementation->client->proxy = NULL; implementation->client->upstream = upstream; @@ -297,41 +368,139 @@ struct flb_aws_provider *flb_http_provider_create(struct flb_config *config, return provider; } +struct flb_aws_provider *flb_local_http_provider_create(struct flb_config *config, + flb_sds_t endpoint, + flb_sds_t auth_token, + struct + flb_aws_client_generator + *generator) +{ + int ret; + char *prot = NULL; + char *host = NULL; + char *port = NULL; + char *uri = NULL; + flb_sds_t path = NULL; + struct flb_aws_provider *p = NULL; + + ret = flb_utils_url_split(endpoint, &prot, &host, &port, &uri); + if (ret == -1) { + flb_error("[aws_credentials] HTTP Provider: invalid URL: %s", endpoint); + return NULL; + } + + if (strlen(host) == 0) { + flb_error("[aws_credentials] HTTP Provider: " + "unable to parse host from local HTTP cred provider URL"); + goto out; + } + + if (strncmp(prot, "http", 4) == 0) { + if (!flb_aws_allowed_ip(host)) { + flb_error("[aws_credentials] HTTP Provider: " + "invalid endpoint host, %s, only loopback/ecs/eks hosts are allowed", + host); + goto out; + } + } + + if (strlen(uri) > 0) { + path = flb_sds_create(uri); + if (!path) { + flb_error("[aws_credentials] HTTP Provider: " + "unable to get path for provider"); + goto out; + } + } + + p = flb_http_provider_create(config, endpoint, path, auth_token, generator); + + out: + if (prot) { + flb_free(prot); + } + if (host) { + flb_free(host); + } + if (port) { + flb_free(port); + } + if (uri) { + flb_free(uri); + } + + return p; +} + /* - * ECS Provider - * The ECS Provider is just a wrapper around the HTTP Provider - * with the ECS credentials endpoint. + * Container Provider + * The Container Provider is just a wrapper around the HTTP Provider + * with the ECS/EKS credentials endpoint. */ - struct flb_aws_provider *flb_ecs_provider_create(struct flb_config *config, + struct flb_aws_provider *flb_container_provider_create(struct flb_config *config, struct flb_aws_client_generator *generator) { - flb_sds_t host = NULL; + flb_sds_t endpoint = NULL; flb_sds_t path = NULL; + flb_sds_t token = NULL; + char *endpoint_var = NULL; char *path_var = NULL; + char *token_var = NULL; - host = flb_sds_create_len(ECS_CREDENTIALS_HOST, ECS_CREDENTIALS_HOST_LEN); - if (!host) { - flb_errno(); - return NULL; + token_var = getenv(AWS_CONTAINER_AUTHORIZATION_TOKEN_ENV_VAR); + if (token_var && strlen(token_var) > 0) { + token = flb_sds_create(token_var); + if (!token) { + flb_errno(); + return NULL; + } } - path_var = getenv(ECS_CREDENTIALS_PATH_ENV_VAR); + endpoint_var = getenv(AWS_CONTAINER_CREDENTIALS_FULL_URI_ENV_VAR); + if (endpoint_var && strlen(endpoint_var) > 0) { + endpoint = flb_sds_create(endpoint_var); + if (!endpoint) { + flb_errno(); + if (token) { + flb_sds_destroy(token); + } + return NULL; + } + + return flb_local_http_provider_create(config, endpoint, token, generator); + } + + path_var = getenv(AWS_CONTAINER_CREDENTIALS_RELATIVE_URI_ENV_VAR); if (path_var && strlen(path_var) > 0) { path = flb_sds_create(path_var); if (!path) { flb_errno(); - flb_free(host); + if (token) { + flb_sds_destroy(token); + } + return NULL; + } + + endpoint = flb_sds_create_len(ECS_CONTAINER_ENDPOINT, ECS_CONTAINER_ENDPOINT_LEN); + if (!endpoint) { + flb_errno(); + flb_sds_destroy(path); + if (token) { + flb_sds_destroy(token); + } return NULL; } - return flb_http_provider_create(config, host, path, generator); + return flb_http_provider_create(config, endpoint, path, token, generator); } else { - flb_debug("[aws_credentials] Not initializing ECS Provider because" - " %s is not set", ECS_CREDENTIALS_PATH_ENV_VAR); - flb_sds_destroy(host); + flb_debug("[aws_credentials] Not initializing HTTP Provider because" + " %s is not set", AWS_CONTAINER_CREDENTIALS_RELATIVE_URI_ENV_VAR); + if (token) { + flb_sds_destroy(token); + } return NULL; } @@ -340,22 +509,60 @@ struct flb_aws_provider *flb_http_provider_create(struct flb_config *config, static int http_credentials_request(struct flb_aws_provider_http *implementation) { + int ret; + int headers_len = 0; char *response = NULL; + char *auth_token = NULL; + size_t auth_token_size; size_t response_len; time_t expiration; struct flb_aws_credentials *creds = NULL; struct flb_aws_client *client = implementation->client; + struct flb_aws_header *headers = NULL; struct flb_http_client *c = NULL; + if (implementation->auth_token_file) { + flb_debug("[aws_credentials] loading auth token file"); + ret = flb_read_file(implementation->auth_token_file, &auth_token, + &auth_token_size); + if (ret < 0) { + flb_debug("[aws_credentials] failed to retrieve token file"); + flb_errno(); + return -1; + } + } else if (implementation->auth_token) { + auth_token_size = flb_sds_len(implementation->auth_token); + auth_token = flb_strndup(implementation->auth_token, auth_token_size); + } + + if (auth_token) { + headers = flb_calloc(1, sizeof(struct flb_aws_header)); + if (headers == NULL) { + flb_errno(); + flb_free(auth_token); + return -1; + } + + headers[0] = authorization_header; + headers[0].val = auth_token; + headers[0].val_len = auth_token_size; + headers_len = 1; + } + c = client->client_vtable->request(client, FLB_HTTP_GET, implementation->path, NULL, 0, - NULL, 0); + headers, headers_len); + + flb_free(headers); if (!c || c->resp.status != 200) { flb_debug("[aws_credentials] http credentials request failed"); if (c) { flb_http_client_destroy(c); } + if (auth_token) { + flb_free(auth_token); + } return -1; } @@ -365,6 +572,9 @@ static int http_credentials_request(struct flb_aws_provider_http creds = flb_parse_http_credentials(response, response_len, &expiration); if (!creds) { flb_http_client_destroy(c); + if (auth_token) { + flb_free(auth_token); + } return -1; } @@ -375,6 +585,11 @@ static int http_credentials_request(struct flb_aws_provider_http implementation->creds = creds; implementation->next_refresh = expiration - FLB_AWS_REFRESH_WINDOW; flb_http_client_destroy(c); + + if (auth_token) { + flb_free(auth_token); + } + return 0; } diff --git a/src/aws/flb_aws_util.c b/src/aws/flb_aws_util.c index 48cf8b3d89e..0c4f6ffcb87 100644 --- a/src/aws/flb_aws_util.c +++ b/src/aws/flb_aws_util.c @@ -343,6 +343,12 @@ struct flb_http_client *request_do(struct flb_aws_client *aws_client, goto error; } + /* Remove port from host header, EKS Pod Identities breaks without this */ + ret = flb_http_strip_port_from_host(c); + if (ret != 0) { + flb_warn("[aws_http_client] failed to remove port from Host header"); + } + /* Increase the maximum HTTP response buffer size to fit large responses from AWS services */ ret = flb_http_buffer_size(c, FLB_MAX_AWS_RESP_BUFFER_SIZE); if (ret != 0) { diff --git a/tests/internal/aws_credentials_http.c b/tests/internal/aws_credentials_http.c index 55912da3a60..971dc691d7f 100644 --- a/tests/internal/aws_credentials_http.c +++ b/tests/internal/aws_credentials_http.c @@ -16,6 +16,10 @@ #define SECRET_KEY_HTTP "http_skid" #define TOKEN_HTTP "http_token" +#define TOKEN_FILE_ENV_VAR "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE" +#define HTTP_TOKEN_FILE FLB_TESTS_DATA_PATH "/data/aws_credentials/\ +http_token_file.txt" + #define HTTP_CREDENTIALS_RESPONSE "{\n\ \"AccessKeyId\": \"http_akid\",\n\ \"Expiration\": \"2025-10-24T23:00:23Z\",\n\ @@ -68,6 +72,38 @@ struct flb_http_client *request_happy_case(struct flb_aws_client *aws_client, return c; } +struct flb_http_client *request_auth_token_case(struct flb_aws_client *aws_client, + int method, const char *uri, + struct flb_aws_header *dynamic_headers, + size_t dynamic_headers_len) +{ + struct flb_http_client *c = NULL; + + TEST_CHECK(method == FLB_HTTP_GET); + + TEST_CHECK(strstr(uri, "auth-token") != NULL); + + TEST_CHECK(dynamic_headers_len == 1); + + TEST_CHECK(strstr(dynamic_headers[0].key, "Authorization") != NULL); + + TEST_CHECK(strstr(dynamic_headers[0].val, "this-is-a-fake-http-jwt") != NULL); + + /* create an http client so that we can set the response */ + c = flb_calloc(1, sizeof(struct flb_http_client)); + if (!c) { + flb_errno(); + return NULL; + } + mk_list_init(&c->headers); + + c->resp.status = 200; + c->resp.payload = HTTP_CREDENTIALS_RESPONSE; + c->resp.payload_size = strlen(HTTP_CREDENTIALS_RESPONSE); + + return c; +} + /* unexpected output test- see description for HTTP_RESPONSE_MALFORMED */ struct flb_http_client *request_malformed(struct flb_aws_client *aws_client, int method, const char *uri) @@ -130,6 +166,10 @@ struct flb_http_client *test_http_client_request(struct flb_aws_client *aws_clie */ if (strstr(uri, "happy-case") != NULL) { return request_happy_case(aws_client, method, uri); + } else if (strstr(uri, "auth-token") != NULL) { + return request_auth_token_case(aws_client, method, uri, + dynamic_headers, + dynamic_headers_len); } else if (strstr(uri, "error-case") != NULL) { return request_error_case(aws_client, method, uri); } else if (strstr(uri, "malformed") != NULL) { @@ -169,14 +209,14 @@ struct flb_aws_client_generator *generator_in_test() return &test_generator; } -/* http and ecs providers */ +/* http and container providers */ static void test_http_provider() { struct flb_aws_provider *provider; struct flb_aws_credentials *creds; int ret; struct flb_config *config; - flb_sds_t host; + flb_sds_t endpoint; flb_sds_t path; g_request_count = 0; @@ -187,8 +227,8 @@ static void test_http_provider() return; } - host = flb_sds_create("127.0.0.1"); - if (!host) { + endpoint = flb_sds_create("http://127.0.0.1"); + if (!endpoint) { flb_errno(); flb_config_exit(config); return; @@ -200,7 +240,7 @@ static void test_http_provider() return; } - provider = flb_http_provider_create(config, host, path, + provider = flb_http_provider_create(config, endpoint, path, NULL, generator_in_test()); if (!provider) { @@ -249,13 +289,181 @@ static void test_http_provider() flb_config_exit(config); } +static void test_http_provider_auth_token() +{ + struct flb_aws_provider *provider; + struct flb_aws_credentials *creds; + int ret; + struct flb_config *config; + flb_sds_t endpoint; + flb_sds_t path; + flb_sds_t auth_token; + + g_request_count = 0; + + config = flb_config_init(); + + if (config == NULL) { + return; + } + + endpoint = flb_sds_create("http://127.0.0.1"); + if (!endpoint) { + flb_errno(); + flb_config_exit(config); + return; + } + path = flb_sds_create("/auth-token"); + if (!path) { + flb_errno(); + flb_config_exit(config); + return; + } + auth_token = flb_sds_create("this-is-a-fake-http-jwt"); + if (!auth_token) { + flb_errno(); + flb_config_exit(config); + return; + } + + provider = flb_http_provider_create(config, endpoint, path, auth_token, + generator_in_test()); + + if (!provider) { + flb_errno(); + flb_config_exit(config); + return; + } + + /* repeated calls to get credentials should return the same set */ + creds = provider->provider_vtable->get_credentials(provider); + if (!creds) { + flb_errno(); + flb_config_exit(config); + return; + } + TEST_CHECK(strcmp(ACCESS_KEY_HTTP, creds->access_key_id) == 0); + TEST_CHECK(strcmp(SECRET_KEY_HTTP, creds->secret_access_key) == 0); + TEST_CHECK(strcmp(TOKEN_HTTP, creds->session_token) == 0); + + flb_aws_credentials_destroy(creds); + + creds = provider->provider_vtable->get_credentials(provider); + if (!creds) { + flb_errno(); + flb_config_exit(config); + return; + } + TEST_CHECK(strcmp(ACCESS_KEY_HTTP, creds->access_key_id) == 0); + TEST_CHECK(strcmp(SECRET_KEY_HTTP, creds->secret_access_key) == 0); + TEST_CHECK(strcmp(TOKEN_HTTP, creds->session_token) == 0); + + flb_aws_credentials_destroy(creds); + + /* refresh should return 0 (success) */ + ret = provider->provider_vtable->refresh(provider); + TEST_CHECK(ret == 0); + + /* + * Request count should be 2: + * - One for the first call to get_credentials (2nd should hit cred cache) + * - One for the call to refresh + */ + TEST_CHECK(g_request_count == 2); + + flb_aws_provider_destroy(provider); + flb_config_exit(config); +} + +static void test_local_http_provider() +{ + struct flb_aws_provider *provider; + struct flb_aws_credentials *creds; + int ret; + struct flb_config *config; + flb_sds_t endpoint; + flb_sds_t auth_token; + + g_request_count = 0; + + config = flb_config_init(); + + if (config == NULL) { + return; + } + + endpoint = flb_sds_create("http://127.0.0.1/auth-token"); + if (!endpoint) { + flb_errno(); + flb_config_exit(config); + return; + } + /* tests that the token file takes precedence */ + auth_token = flb_sds_create("this-is-the-wrong-jwt"); + if (!auth_token) { + flb_errno(); + flb_config_exit(config); + return; + } + setenv(TOKEN_FILE_ENV_VAR, HTTP_TOKEN_FILE, 1); + + provider = flb_local_http_provider_create(config, endpoint, auth_token, + generator_in_test()); + + if (!provider) { + flb_errno(); + flb_config_exit(config); + return; + } + + /* repeated calls to get credentials should return the same set */ + creds = provider->provider_vtable->get_credentials(provider); + if (!creds) { + flb_errno(); + flb_config_exit(config); + return; + } + TEST_CHECK(strcmp(ACCESS_KEY_HTTP, creds->access_key_id) == 0); + TEST_CHECK(strcmp(SECRET_KEY_HTTP, creds->secret_access_key) == 0); + TEST_CHECK(strcmp(TOKEN_HTTP, creds->session_token) == 0); + + flb_aws_credentials_destroy(creds); + + creds = provider->provider_vtable->get_credentials(provider); + if (!creds) { + flb_errno(); + flb_config_exit(config); + return; + } + TEST_CHECK(strcmp(ACCESS_KEY_HTTP, creds->access_key_id) == 0); + TEST_CHECK(strcmp(SECRET_KEY_HTTP, creds->secret_access_key) == 0); + TEST_CHECK(strcmp(TOKEN_HTTP, creds->session_token) == 0); + + flb_aws_credentials_destroy(creds); + + /* refresh should return 0 (success) */ + ret = provider->provider_vtable->refresh(provider); + TEST_CHECK(ret == 0); + + /* + * Request count should be 2: + * - One for the first call to get_credentials (2nd should hit cred cache) + * - One for the call to refresh + */ + TEST_CHECK(g_request_count == 2); + + unsetenv(TOKEN_FILE_ENV_VAR); + flb_aws_provider_destroy(provider); + flb_config_exit(config); +} + static void test_http_provider_error_case() { struct flb_aws_provider *provider; struct flb_aws_credentials *creds; int ret; struct flb_config *config; - flb_sds_t host; + flb_sds_t endpoint; flb_sds_t path; g_request_count = 0; @@ -266,8 +474,8 @@ static void test_http_provider_error_case() return; } - host = flb_sds_create("127.0.0.1"); - if (!host) { + endpoint = flb_sds_create("http://127.0.0.1"); + if (!endpoint) { flb_errno(); flb_config_exit(config); return; @@ -276,10 +484,12 @@ static void test_http_provider_error_case() if (!path) { flb_errno(); flb_config_exit(config); - return; + return; if (path) { + flb_sds_destroy(path); + } } - provider = flb_http_provider_create(config, host, path, + provider = flb_http_provider_create(config, endpoint, path, NULL, generator_in_test()); if (!provider) { @@ -316,7 +526,7 @@ static void test_http_provider_malformed_response() struct flb_aws_credentials *creds; int ret; struct flb_config *config; - flb_sds_t host; + flb_sds_t endpoint; flb_sds_t path; g_request_count = 0; @@ -329,8 +539,8 @@ static void test_http_provider_malformed_response() mk_list_init(&config->upstreams); - host = flb_sds_create("127.0.0.1"); - if (!host) { + endpoint = flb_sds_create("http://127.0.0.1"); + if (!endpoint) { flb_errno(); flb_config_exit(config); return; @@ -342,7 +552,7 @@ static void test_http_provider_malformed_response() return; } - provider = flb_http_provider_create(config, host, path, + provider = flb_http_provider_create(config, endpoint, path, NULL, generator_in_test()); if (!provider) { @@ -375,6 +585,8 @@ static void test_http_provider_malformed_response() TEST_LIST = { { "test_http_provider" , test_http_provider}, + { "test_http_provider_auth_token" , test_http_provider_auth_token}, + { "test_local_http_provider" , test_local_http_provider}, { "test_http_provider_error_case" , test_http_provider_error_case}, { "test_http_provider_malformed_response" , test_http_provider_malformed_response}, diff --git a/tests/internal/data/aws_credentials/http_token_file.txt b/tests/internal/data/aws_credentials/http_token_file.txt new file mode 100644 index 00000000000..a6884e3eacf --- /dev/null +++ b/tests/internal/data/aws_credentials/http_token_file.txt @@ -0,0 +1 @@ +this-is-a-fake-http-jwt \ No newline at end of file