filter_kubernetes: improve container hash handling (#1731)

* filter_kubernetes: fix container hash lookup (#1691) This fixes containerID and imageID hash lookup. There was error in processing/extracting hash from containerID or imageID if strings do not begin with docker:https:// or docker-pullable:https:// Implication of this would be that kubernetes metadata structure is "null" at output. In some cases imageID comes also as empty string from kubernetes api. Example cases: * "imageID": "" * "imageID": "sha256:eb516548c180f8a6e0235034ccee2428027896af16a509786da13022fe95fe8c" * "imageID": "docker:https://sha256:2b424891d78a4704aa9d763b274f1be6752766d24463b9e3b5411a7bac2207ca" * "imageID": "docker.io/library/debian@sha256:41f76363fd83982e14f7644486e1fb04812b3894aa4e396137c3435eaf05de88" * "imageID": "docker-pullable:https://redis@sha256:4be7fdb131e76a6c6231e820c60b8b12938cf1ff3d437da4871b9b2440f4e385" * "imageID": "docker-pullable:https://k8s.gcr.io/event-exporter@sha256:16ca66e2b5dc7a1ce6a5aafcb21d0885828b75cdfc08135430480f7ad2364adc" * "imageID": "docker-pullable:https://kubedb/operator@sha256:063a92a47de7c4b25e3bc382d878513564c65c5313b347bdbcfc60959d082b22" * "imageID": "docker-pullable:https://quay.io/jetstack/cert-manager-controller@sha256:66eb65ac8ff3505310e850e0486c4dd82b26e6cfdc7afd7456e0fab753b57855" * "containerID": "docker:https://e8d482336de6b610b9084e9e74b0213c5cc7d399053016448319a4970a16324e" * "containerID": "containerd:https://1ed452c3d02d8114e5739375e1d67405fa40c2f78797ec2d8e5bd13740424273" * "containerID": "cri-o:https://fc9f90e123ca14e4d000c9d4c854bb54d43ce96b1624d51bb4b97afd1c728229" Obviously value of containerID is dependent on container runtime used by kubernetes cluster. This patch tries to find relative positions of last ":" and "/" to the end of the string. Therefore only hash is extracted and everything preceding it, is discarded. Signed-off-by: kantica <[email protected]> * filter_kubernetes: fix container hash lookup (#1691) This commit reworks last patch for this issue and rebases to current master with patch from @edsiper for the same issue. Rework avoids double usage of memrchr() for same string for matching "/" from 5844b9f. Signed-off-by: kantica <[email protected]>
fluent · Nov 20, 2019 · 5282838 · 5282838
1 parent 3104b4c
commit 5282838
Showing 1 changed file with 55 additions and 25 deletions.
diff --git a/plugins/filter_kubernetes/kube_meta.c b/plugins/filter_kubernetes/kube_meta.c
@@ -42,12 +42,6 @@
 #define FLB_KUBE_META_INIT_CONTAINER_STATUSES_KEY "initContainerStatuses"
 #define FLB_KUBE_META_INIT_CONTAINER_STATUSES_KEY_LEN \
  (sizeof(FLB_KUBE_META_INIT_CONTAINER_STATUSES_KEY) - 1)
-#define FLB_KUBE_META_CONTAINER_ID_PREFIX "docker:https://"
-#define FLB_KUBE_META_CONTAINER_ID_PREFIX_LEN \
- (sizeof(FLB_KUBE_META_CONTAINER_ID_PREFIX) - 1)
-#define FLB_KUBE_META_IMAGE_ID_PREFIX "docker-pullable:https://"
-#define FLB_KUBE_META_IMAGE_ID_PREFIX_LEN \
- (sizeof(FLB_KUBE_META_IMAGE_ID_PREFIX) - 1)
 
 static int file_to_buffer(const char *path,
  char **out_buf, size_t *out_size)
@@ -316,6 +310,51 @@ static void cb_results(const char *name, const char *value,
  return;
 }
 
+static int extract_hash(const char * im, int sz, const char ** out, int * outsz)
+{
+ char * colon = NULL;
+ char * slash = NULL;
+
+ *out = NULL;
+ *outsz = 0;
+
+ if (sz <= 1) {
+ return -1;
+ }
+
+ colon = memrchr(im, ':', sz);
+
+ if (colon == NULL) {
+ return -1;
+ } else {
+ slash = colon;
+ while ((im + sz - slash + 1) > 0 && *(slash + 1) == '/') {
+ slash++;
+ }
+ if (slash == colon) {
+ slash = NULL;
+ }
+ }
+
+ if (slash == NULL && (im + sz - colon) > 0) {
+ *out = colon + 1;
+ }
+
+ if (slash != NULL) {
+ if ((colon - slash) < 0 && (im + sz - slash) > 0) {
+ *out = slash + 1;
+ } else if ((colon - slash) > 0 && (im + sz - colon) > 0) {
+ *out = colon + 1;
+ }
+ }
+
+ if (*out) {
+ *outsz = im + sz - *out;
+ return 0;
+ }
+ return -1;
+}
+
 /*
  * As per Kubernetes Pod spec,
  * https://kubernetes.io/docs/concepts/workloads/pods/pod/, we look
@@ -338,11 +377,12 @@ static void extract_container_hash(struct flb_kube_meta *meta,
  int name_found = FLB_FALSE;
  int docker_id_len = 0;
  int container_hash_len = 0;
- int pos;
- char *p;
  const char *container_hash;
  const char *docker_id;
  msgpack_object k, v;
+ const char *tmp;
+ int tmp_len = 0;
+ int name_found = FLB_FALSE;
 
  /* Process status/containerStatus map for docker_id, container_hash */
  for (i = 0;
@@ -389,28 +429,18 @@ static void extract_container_hash(struct flb_kube_meta *meta,
  !strncmp(k2.via.str.ptr,
  "containerID",
  k2.via.str.size)) {
- /* Strip "docker-pullable:https://" prefix */
- docker_id = v2.ptr + FLB_KUBE_META_CONTAINER_ID_PREFIX_LEN;
- docker_id_len = v2.size - FLB_KUBE_META_CONTAINER_ID_PREFIX_LEN;
+ if (extract_hash(v2.ptr, v2.size, &tmp, &tmp_len) == 0) {
+ docker_id = tmp;
+ docker_id_len = tmp_len;
+ }
  }
  else if (k2.via.str.size == sizeof("imageID") - 1 &&
  !strncmp(k2.via.str.ptr,
  "imageID",
  k2.via.str.size)) {
- /* Strip "docker-pullable:https://" prefix */
- container_hash = v2.ptr + FLB_KUBE_META_IMAGE_ID_PREFIX_LEN;
- container_hash_len = v2.size - FLB_KUBE_META_IMAGE_ID_PREFIX_LEN;
- }
- else if (k2.via.str.size > 3) {
- /*
- * Last workaround, find the separator ':https://' and use the
- * the remaining content.
- */
- pos = mk_string_search_n(v2.ptr, ":https://", MK_FALSE, v2.size);
- if (pos > 0) {
- p = (char *) v2.ptr + pos;
- container_hash = p + 3;
- container_hash_len = v2.size - (p - v2.ptr);
+ if (extract_hash(v2.ptr, v2.size, &tmp, &tmp_len) == 0) {
+ container_hash = tmp;
+ container_hash_len = tmp_len;
  }
  }
  }