From 78097dd3102217d9e430761eddfbd05836bf0b6a Mon Sep 17 00:00:00 2001 From: Eduardo Silva Date: Sun, 26 May 2024 07:55:44 -0600 Subject: [PATCH] out_splunk: fix metadata hec_token bug that overrides default splunk_token behavior (fix #8867) In the previous Splunk metadata fix, I introduced an issue where the metadata auth header was always set even if the metadata was not there, the code was generating an emptry string which leads to skip the classic splunk_token auth mechanism. This patch corrects the recent bug by validating first and returning a proper NULL when metadata auth header (hec_token) is not there. Signed-off-by: Eduardo Silva --- plugins/out_splunk/splunk.c | 14 ++++++++++++-- plugins/out_splunk/splunk_conf.c | 1 + 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/plugins/out_splunk/splunk.c b/plugins/out_splunk/splunk.c index c392b83687a..4ec93aff477 100644 --- a/plugins/out_splunk/splunk.c +++ b/plugins/out_splunk/splunk.c @@ -400,7 +400,11 @@ static flb_sds_t get_metadata_auth_header(struct flb_splunk *ctx) flb_sds_t auth_header = NULL; pthread_mutex_lock(&ctx->mutex_hec_token); - auth_header = flb_sds_create(ctx->metadata_auth_header); + + if (ctx->metadata_auth_header) { + auth_header = flb_sds_create(ctx->metadata_auth_header); + } + pthread_mutex_unlock(&ctx->mutex_hec_token); return auth_header; @@ -717,7 +721,13 @@ static void cb_splunk_flush(struct flb_event_chunk *event_chunk, /* HTTP Client */ flb_http_add_header(c, "User-Agent", 10, "Fluent-Bit", 10); - /* Try to use http_user and http_passwd if not, fallback to auth_header */ + /* + * Authentication mechanism & order: + * + * 1. use the configure `http_user` and `http_passwd` + * 2. use metadata 'hec_token', if the records are generated by Splunk input plugin, this will be set. + * 3. use the configured `splunk_token` (if set). + */ if (ctx->http_user && ctx->http_passwd) { flb_http_basic_auth(c, ctx->http_user, ctx->http_passwd); } diff --git a/plugins/out_splunk/splunk_conf.c b/plugins/out_splunk/splunk_conf.c index d15d2edc0ec..43ccdc1879c 100644 --- a/plugins/out_splunk/splunk_conf.c +++ b/plugins/out_splunk/splunk_conf.c @@ -241,6 +241,7 @@ struct flb_splunk *flb_splunk_conf_create(struct flb_output_instance *ins, } ctx->metadata_auth_header = NULL; + /* No http_user is set, fallback to splunk_token, if splunk_token is unset, fail. */ if (!ctx->http_user) { /* Splunk Auth Token */