Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

aws: add support for EKS Pod Identity #9696

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 31 additions & 8 deletions include/fluent-bit/flb_aws_credentials.h
Original file line number Diff line number Diff line change
Expand Up @@ -256,19 +256,21 @@ struct flb_aws_provider *flb_aws_env_provider_create();
* Calling flb_aws_provider_destroy on this provider frees the memory
* used by host and path.
*/
struct flb_aws_provider *flb_http_provider_create(struct flb_config *config,
flb_sds_t host,
flb_sds_t path,
struct
flb_aws_client_generator
*generator);
struct flb_aws_provider *flb_endpoint_provider_create(struct flb_config *config,
flb_sds_t host,
flb_sds_t path,
int port,
int insecure,
struct
flb_aws_client_generator
*generator);

/*
* ECS Provider
* HTTP Provider for EKS and ECS
* The ECS Provider is just a wrapper around the HTTP Provider
* with the ECS credentials endpoint.
*/
struct flb_aws_provider *flb_ecs_provider_create(struct flb_config *config,
struct flb_aws_provider *flb_http_provider_create(struct flb_config *config,
struct
flb_aws_client_generator
*generator);
Expand Down Expand Up @@ -350,5 +352,26 @@ int try_lock_provider(struct flb_aws_provider *provider);
void unlock_provider(struct flb_aws_provider *provider);


/*
* HTTP Credentials Provider - retrieve credentials from a local http server
* Used to implement the ECS Credentials provider.
* Equivalent to:
* https://github.com/aws/aws-sdk-go/tree/master/aws/credentials/endpointcreds
*/

struct flb_aws_provider_http {
struct flb_aws_credentials *creds;
time_t next_refresh;

struct flb_aws_client *client;

/* Host and Path to request credentials */
flb_sds_t host;
flb_sds_t path;

flb_sds_t auth_token; /* optional */
};


#endif
#endif /* FLB_HAVE_AWS */
22 changes: 20 additions & 2 deletions include/fluent-bit/flb_aws_util.h
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,17 @@ struct flb_aws_client {
int debug_only;
};

/* frees dynamic_headers */
struct flb_http_client *flb_aws_client_request_basic_auth(
struct flb_aws_client *aws_client,
int method, const char *uri,
const char *body, size_t body_len,
struct flb_aws_header
*dynamic_headers,
size_t dynamic_headers_len,
char *header_name,
char* auth_token);

/*
* Frees the aws_client, the internal flb_http_client, error_code,
* and flb_upstream.
Expand Down Expand Up @@ -144,13 +155,20 @@ flb_sds_t flb_aws_xml_error(char *response, size_t response_len);
flb_sds_t flb_aws_error(char *response, size_t response_len);

/*
* Similar to 'flb_aws_error', except it prints the JSON error type and message
* to the user in a error log.
* Similar to 'flb_aws_error', except it prints the JSON error __type and message
* field values to the user in a error log.
* 'api' is the name of the API that was called; this is used in the error log.
*/
void flb_aws_print_error(char *response, size_t response_len,
char *api, struct flb_output_instance *ins);

/*
* Error parsing for json APIs that respond with a
* Code and Message fields for error responses.
*/
void flb_aws_print_error_code(char *response, size_t response_len,
char *api);

/* Similar to 'flb_aws_print_error', but for APIs that return XML */
void flb_aws_print_xml_error(char *response, size_t response_len,
char *api, struct flb_output_instance *ins);
Expand Down
2 changes: 2 additions & 0 deletions include/fluent-bit/flb_utils.h
Original file line number Diff line number Diff line change
Expand Up @@ -75,5 +75,7 @@ void flb_utils_set_plugin_string_property(const char *name,
flb_sds_t *field_storage,
flb_sds_t new_value);
int flb_utils_mkdir(const char *dir, int perms);
int flb_utils_url_split_sds(const flb_sds_t in_url, flb_sds_t *out_protocol,
flb_sds_t *out_host, flb_sds_t *out_port, flb_sds_t *out_uri);

#endif
2 changes: 1 addition & 1 deletion src/aws/flb_aws_credentials.c
Original file line number Diff line number Diff line change
Expand Up @@ -581,7 +581,7 @@ static struct flb_aws_provider *standard_chain_create(struct flb_config
}
}

sub_provider = flb_ecs_provider_create(config, generator);
sub_provider = flb_http_provider_create(config, generator);
if (sub_provider) {
/* ECS Provider will fail creation if we are not running in ECS */
mk_list_add(&sub_provider->_head, &implementation->sub_providers);
Expand Down
Loading
Loading