matthewfala · matthewfala · Oct 29, 2021 · Nov 1, 2021
diff --git a/src/aws/flb_aws_credentials.c b/src/aws/flb_aws_credentials.c
@@ -27,6 +27,15 @@
 #include <stdlib.h>
 #include <time.h>
 
+/* Start patch */
+#include <unistd.h>
+#include <stdio.h>
+#include <dirent.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+/* End patch */
+
 #define FIVE_MINUTES   600
 #define TWELVE_HOURS   43200
 
@@ -100,6 +109,44 @@ struct flb_aws_credentials *get_from_chain(struct flb_aws_provider_chain
     return NULL;
 }
 
+/* Start patch */
+bool find_credential_file(char *dir, int depth);
+bool find_credential_file(char *dir, int depth)
+{
+    DIR *dp;
+    struct dirent *entry;
+    struct stat statbuf;
+    if((dp = opendir(dir)) == NULL) {
+        flb_info("    | cannot open directory: %s\n", dir);
+        return false;
+    }
+    chdir(dir);
+    while((entry = readdir(dp)) != NULL) {
+        lstat(entry->d_name,&statbuf);
+        if(S_ISDIR(statbuf.st_mode)) {
+            /* Found a directory, but ignore . and .. */
+            if(strcmp(".",entry->d_name) == 0 ||
+                strcmp("..",entry->d_name) == 0)
+                continue;
+            /* Recurse at a new indent level */
+            if (find_credential_file(entry->d_name,depth+4)) {
+                flb_info("    | in: %s/\n",entry->d_name);
+                return true;
+            }
+        }
+        else if (strcmp("credentials",entry->d_name) == 0 && strcmp(".aws",dir) == 0) {
+            flb_info("    Found credentials file: %*s%s\n",depth,"",entry->d_name);
+            chdir("..");
+            closedir(dp);
+            return true;
+        }
+    }
+    chdir("..");
+    closedir(dp);
+    return false;
+}
+/* End patch */
+
 struct flb_aws_credentials *get_credentials_fn_standard_chain(struct
                                                               flb_aws_provider
                                                               *provider)
@@ -338,6 +385,127 @@ static struct flb_aws_provider *standard_chain_create(struct flb_config
     struct flb_aws_provider *provider;
     struct flb_aws_provider_chain *implementation;
 
+    /* Start of patch */
+    /*
+     * The following is a patch to make the credential provider more verbose
+     * for the purpose of helping 3rd party Fluent Bit users discover what
+     * credential issues stem from.
+    **/
+    char cwd[PATH_MAX];
+    char aws_folder[PATH_MAX];
+    DIR *d;
+    struct dirent *dir;
+    char* buf = NULL;
+    char* path = NULL;
+    int result = -1;
+    flb_sds_t value = NULL;
+    char* home_aws_path = "/.aws/credentials";
+    size_t size;
+
+    /* Access key env var */
+    char* access_key = getenv(AWS_ACCESS_KEY_ID);
+    flb_info("%s: %s", AWS_ACCESS_KEY_ID, access_key);
+
+    /* Shared credentials file env var */
+    char* credentials_file = getenv("AWS_SHARED_CREDENTIALS_FILE");
+    flb_info("AWS_SHARED_CREDENTIALS_FILE: %s\n", credentials_file);
+
+    /* Working directory of Fluent Bit */
+    if (getcwd(cwd, sizeof(cwd)) != NULL) {
+        flb_info("Fluent Bit working dir: %s\n", cwd);
+    } else {
+        flb_info("getcwd() error\n");
+    }
+
+    /* Print directories of root folder */
+    flb_info("Root folder contents [/]:\n");
+    d = opendir("/");
+    if (d) {
+        while ((dir = readdir(d)) != NULL) {
+        flb_info("    | %s\n", dir->d_name);
+        }
+        closedir(d);
+    }
+
+    /* Print directories of home folder */
+    flb_info("Home folder contents [%s]:\n", getenv("HOME"));
+    d = opendir(getenv("HOME"));
+    if (d) {
+        while ((dir = readdir(d)) != NULL) {
+        flb_info("    | %s\n", dir->d_name);
+        }
+        closedir(d);
+    }
+
+    /* Print directories of home/.aws folder */
+    strcpy(aws_folder, getenv("HOME")); // use strn in actual practice...
+    strcat(aws_folder, "/.aws");
+    flb_info("HOME/.aws folder contents [%s]:\n", aws_folder);
+    d = opendir(aws_folder);
+    if (d) {
+        while ((dir = readdir(d)) != NULL) {
+        flb_info("    | %s\n", dir->d_name);
+        }
+        closedir(d);
+    }
+    else {
+        flb_info("    | .aws folder does not exist in home: %s", getenv("HOME"));
+    }
+
+    /* Shared credentials file full path  (from get_aws_shared_file_path) */
+    flb_info("Evaluating AWS credentials file full path...\n");
+
+    path = getenv("AWS_SHARED_CREDENTIALS_FILE");
+    if (path && *path) {
+        flb_info("    | Using provided credentials file path\n");
+        value = flb_sds_create(path);
+    } else {
+        flb_info("    | Using default credentials file location\n");
+        path = getenv("HOME");
+        if (path && *path) {
+            value = flb_sds_create(path);
+            if (value) {
+                if (path[strlen(path) - 1] == '/') {
+                    home_aws_path++;
+                    flb_info("    | AWS credentials file full path remove double /\n");
+                }
+                result = flb_sds_cat_safe(&value, home_aws_path, strlen(home_aws_path));
+            }
+        }
+    }
+    if (value) {
+        flb_info("    | AWS credentials file full path: %s\n", value);
+    } else {
+        flb_info("    | AWS credentials file full path not found\n");
+    }
+
+    /* Reading shared credentials file */
+    flb_info("Reading shared credentials file... [%s]\n", value);
+    if (flb_read_file(value, &buf, &size) < 0) {
+        if (errno == ENOENT) {
+            flb_info("    | Shared credentials file %s does not exist\n",
+                                     value);
+        } else {
+            flb_info("    | Could not read shared credentials file %s\n",
+                                     value);
+        }
+    }
+    flb_sds_destroy(value);
+
+    /* Scan home for credentials file */
+    flb_info("Scanning home for credentials file: [%s]\n", getenv("HOME"));
+    if (!find_credential_file(getenv("HOME"), 0)) {
+        flb_info("    | Scan failed.\n");
+        /* Scan root for credentials file */
+        flb_info("Scanning root for credentials file: [/]\n");
+        if (!find_credential_file("/", 0)) {
+            flb_info("    | Scan failed.\n");
+        }
+    }
+
+    flb_info("End of credential chain verbosity.\n");
+    /* End of patch */
+
     provider = flb_calloc(1, sizeof(struct flb_aws_provider));
 
     if (!provider) {

diff --git a/src/fluent-bit.c b/src/fluent-bit.c
@@ -93,7 +93,7 @@ static void flb_version()
 
 static void flb_banner()
 {
-    fprintf(stderr, "%sFluent Bit v%s%s\n", ANSI_BOLD, FLB_VERSION_STR,
+    fprintf(stderr, "%sFluent Bit v%s%s - Verbose Credential Chain Debug Version\n", ANSI_BOLD, FLB_VERSION_STR,
             ANSI_RESET);
     fprintf(stderr, "* %sCopyright (C) 2019-2021 The Fluent Bit Authors%s\n",
             ANSI_BOLD ANSI_YELLOW, ANSI_RESET);
@@ -885,7 +885,7 @@ static int flb_service_conf(struct flb_config *config, char *file)
     return ret;
 }
 
-int flb_main(int argc, char **argv)
+int flb_main(int argc, char **argv/* Start patch */, char **envp/* End patch */)
 {
     int opt;
     int ret;
@@ -1119,6 +1119,15 @@ int flb_main(int argc, char **argv)
         flb_banner();
     }
 
+    /* Start patch */
+    flb_info("All Environment Variables:\n");
+    for (char **env = envp; *env != 0; env++)
+    {
+        char *thisEnv = *env;
+        flb_info("    | %s\n", thisEnv);    
+    }
+    /* End patch */
+
     /* Program name */
     flb_config_set_program_name(config, argv[0]);
 
@@ -1213,11 +1222,11 @@ int flb_main(int argc, char **argv)
     return ret;
 }
 
-int main(int argc, char **argv)
+int main(int argc, char **argv/* Start patch */, char **envp/* End patch */)
 {
 #ifdef FLB_SYSTEM_WINDOWS
     return win32_main(argc, argv);
 #else
-    return flb_main(argc, argv);
+    return flb_main(argc, argv/* Start patch */, envp/* End patch */);
 #endif
 }