in_splunk: Process strict check for credentials #9094

cosmo0920 · 2024-07-16T08:30:23Z

We should process struct checking for credentials.
Adding length comparisons would be better to proceed the credential authentication.
Plus, spaces around commas will be trimmed. So, the attached configurations are valid even if including spaces around the comma.

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

Example configuration file for the change

[INPUT]
    Name splunk
    Tag splunk.test.ingest
    Port 8090
    Splunk_Token 7bba8847-4aee-4e62-ba7b-08c6139e42b9 , 4e63c0c9-c3b5-4a0a-bf4d-bfd5bc0d0070
    store_token_in_metadata Off
    Buffer_Max_Size 10M
    http2 Off
    tls On
    tls.verify Off
    tls.crt_file ./cert/ca_cert.pem
    tls.key_file ./cert/ca_key.pem
    tls.key_passwd fluentd

[OUTPUT]
    Name stdout
    Match *

Or,

[INPUT]
    Name splunk
    Tag splunk.test.ingest
    Port 8090
    Splunk_Token 7bba8847-4aee-4e62-ba7b-08c6139e42b9 , 4e63c0c9-c3b5-4a0a-bf4d-bfd5bc0d0070
    store_token_in_metadata Off
    Buffer_Max_Size 10M
    http2 Off
    tls Off
    tls.verify Off
    tls.crt_file ./cert/ca_cert.pem
    tls.key_file ./cert/ca_key.pem
    tls.key_passwd fluentd

[OUTPUT]
    Name stdout
    Match *

Debug log output from testing the change

Fluent Bit v3.1.3
* Copyright (C) 2015-2024 The Fluent Bit Authors
* Fluent Bit is a CNCF sub-project under the umbrella of Fluentd
* https://fluentbit.io

______ _                  _    ______ _ _           _____  __  
|  ___| |                | |   | ___ (_) |         |____ |/  | 
| |_  | |_   _  ___ _ __ | |_  | |_/ /_| |_  __   __   / /`| | 
|  _| | | | | |/ _ \ '_ \| __| | ___ \ | __| \ \ / /   \ \ | | 
| |   | | |_| |  __/ | | | |_  | |_/ / | |_   \ V /.___/ /_| |_
\_|   |_|\__,_|\___|_| |_|\__| \____/|_|\__|   \_/ \____(_)___/

[2024/07/16 17:29:03] [ info] Configuration:
[2024/07/16 17:29:03] [ info]  flush time     | 1.000000 seconds
[2024/07/16 17:29:03] [ info]  grace          | 5 seconds
[2024/07/16 17:29:03] [ info]  daemon         | 0
[2024/07/16 17:29:03] [ info] ___________
[2024/07/16 17:29:03] [ info]  inputs:
[2024/07/16 17:29:03] [ info]      splunk
[2024/07/16 17:29:03] [ info] ___________
[2024/07/16 17:29:03] [ info]  filters:
[2024/07/16 17:29:03] [ info] ___________
[2024/07/16 17:29:03] [ info]  outputs:
[2024/07/16 17:29:03] [ info]      stdout.0
[2024/07/16 17:29:03] [ info] ___________
[2024/07/16 17:29:03] [ info]  collectors:
[2024/07/16 17:29:03] [ info] [fluent bit] version=3.1.3, commit=8b4d95e3c8, pid=3019829
[2024/07/16 17:29:03] [debug] [engine] coroutine stack size: 24576 bytes (24.0K)
[2024/07/16 17:29:03] [ info] [storage] ver=1.1.6, type=memory, sync=normal, checksum=off, max_chunks_up=128
[2024/07/16 17:29:03] [ info] [cmetrics] version=0.9.1
[2024/07/16 17:29:03] [ info] [ctraces ] version=0.5.1
[2024/07/16 17:29:03] [ info] [input:splunk:splunk.0] initializing
[2024/07/16 17:29:03] [ info] [input:splunk:splunk.0] storage_strategy='memory' (memory only)
[2024/07/16 17:29:03] [debug] [splunk:splunk.0] created event channels: read=21 write=22
[2024/07/16 17:29:03] [debug] [downstream] listening on 0.0.0.0:8090
[2024/07/16 17:29:03] [debug] [stdout:stdout.0] created event channels: read=24 write=25
[2024/07/16 17:29:03] [ info] [sp] stream processor started
[2024/07/16 17:29:03] [ info] [output:stdout:stdout.0] worker #0 started
[2024/07/16 17:29:05] [debug] [input:splunk:splunk.0] Mark as unknown type for ingested payloads
[2024/07/16 17:29:05] [debug] [socket] could not validate socket status for #40 (don't worry)
[2024/07/16 17:29:05] [debug] [task] created task=0x61b2490 id=0 OK
[2024/07/16 17:29:05] [debug] [output:stdout:stdout.0] task_id=0 assigned to thread #0
[0] splunk.test.ingest: [[1721118545.322137895, {}], {"event"=>"Pony 1 has left the barn", "@splunk_token"=>"Splunk 7bba8847-4aee-4e62-ba7b-08c6139e42b9"}]
[1] splunk.test.ingest: [[1721118545.322137895, {}], {"event"=>"Pony 2 has left the barn", "@splunk_token"=>"Splunk 7bba8847-4aee-4e62-ba7b-08c6139e42b9"}]
[2] splunk.test.ingest: [[1721118545.322137895, {}], {"event"=>"Pony 3 has left the barn", "nested"=>{"key1"=>"value1"}, "@splunk_token"=>"Splunk 7bba8847-4aee-4e62-ba7b-08c6139e42b9"}]
[2024/07/16 17:29:05] [debug] [out flush] cb_destroy coro_id=0
[2024/07/16 17:29:05] [debug] [task] destroy task=0x61b2490 (task_id=0)
^C[2024/07/16 17:29:06] [engine] caught signal (SIGINT)
[2024/07/16 17:29:06] [ warn] [engine] service will shutdown in max 5 seconds
[2024/07/16 17:29:06] [ info] [input] pausing splunk.0
[2024/07/16 17:29:07] [ info] [engine] service has stopped (0 pending tasks)
[2024/07/16 17:29:07] [ info] [input] pausing splunk.0
[2024/07/16 17:29:07] [ info] [output:stdout:stdout.0] thread worker #0 stopping...
[2024/07/16 17:29:07] [ info] [output:stdout:stdout.0] thread worker #0 stopped

Or,

Fluent Bit v3.1.3
* Copyright (C) 2015-2024 The Fluent Bit Authors
* Fluent Bit is a CNCF sub-project under the umbrella of Fluentd
* https://fluentbit.io

______ _                  _    ______ _ _           _____  __  
|  ___| |                | |   | ___ (_) |         |____ |/  | 
| |_  | |_   _  ___ _ __ | |_  | |_/ /_| |_  __   __   / /`| | 
|  _| | | | | |/ _ \ '_ \| __| | ___ \ | __| \ \ / /   \ \ | | 
| |   | | |_| |  __/ | | | |_  | |_/ / | |_   \ V /.___/ /_| |_
\_|   |_|\__,_|\___|_| |_|\__| \____/|_|\__|   \_/ \____(_)___/

[2024/07/16 17:28:22] [ info] Configuration:
[2024/07/16 17:28:22] [ info]  flush time     | 1.000000 seconds
[2024/07/16 17:28:22] [ info]  grace          | 5 seconds
[2024/07/16 17:28:22] [ info]  daemon         | 0
[2024/07/16 17:28:22] [ info] ___________
[2024/07/16 17:28:22] [ info]  inputs:
[2024/07/16 17:28:22] [ info]      splunk
[2024/07/16 17:28:22] [ info] ___________
[2024/07/16 17:28:22] [ info]  filters:
[2024/07/16 17:28:22] [ info] ___________
[2024/07/16 17:28:22] [ info]  outputs:
[2024/07/16 17:28:22] [ info]      stdout.0
[2024/07/16 17:28:22] [ info] ___________
[2024/07/16 17:28:22] [ info]  collectors:
[2024/07/16 17:28:22] [ info] [fluent bit] version=3.1.3, commit=8b4d95e3c8, pid=3019675
[2024/07/16 17:28:22] [debug] [engine] coroutine stack size: 24576 bytes (24.0K)
[2024/07/16 17:28:22] [ info] [storage] ver=1.1.6, type=memory, sync=normal, checksum=off, max_chunks_up=128
[2024/07/16 17:28:22] [ info] [cmetrics] version=0.9.1
[2024/07/16 17:28:22] [ info] [ctraces ] version=0.5.1
[2024/07/16 17:28:22] [ info] [input:splunk:splunk.0] initializing
[2024/07/16 17:28:22] [ info] [input:splunk:splunk.0] storage_strategy='memory' (memory only)
[2024/07/16 17:28:22] [debug] [splunk:splunk.0] created event channels: read=21 write=22
[2024/07/16 17:28:22] [debug] [downstream] listening on 0.0.0.0:8090
[2024/07/16 17:28:22] [ info] [output:stdout:stdout.0] worker #0 started
[2024/07/16 17:28:22] [debug] [stdout:stdout.0] created event channels: read=24 write=25
[2024/07/16 17:28:22] [ info] [sp] stream processor started
[2024/07/16 17:28:24] [debug] [input:splunk:splunk.0] Mark as unknown type for ingested payloads
[2024/07/16 17:28:24] [debug] [socket] could not validate socket status for #40 (don't worry)
[2024/07/16 17:28:25] [debug] [task] created task=0x61b86b0 id=0 OK
[0] splunk.test.ingest: [[1721118504.774888159, {}], {"event"=>"Pony 1 has left the barn", "@splunk_token"=>"Splunk 7bba8847-4aee-4e62-ba7b-08c6139e42b9"}]
[1] splunk.test.ingest: [[1721118504.774888159, {}], {"event"=>"Pony 2 has left the barn", "@splunk_token"=>"Splunk 7bba8847-4aee-4e62-ba7b-08c6139e42b9"}]
[2] splunk.test.ingest: [[1721118504.774888159, {}], {"event"=>"Pony 3 has left the barn", "nested"=>{"key1"=>"value1"}, "@splunk_token"=>"Splunk 7bba8847-4aee-4e62-ba7b-08c6139e42b9"}]
[2024/07/16 17:28:25] [debug] [output:stdout:stdout.0] task_id=0 assigned to thread #0
[2024/07/16 17:28:25] [debug] [out flush] cb_destroy coro_id=0
[2024/07/16 17:28:25] [debug] [task] destroy task=0x61b86b0 (task_id=0)
^C[2024/07/16 17:28:26] [engine] caught signal (SIGINT)
[2024/07/16 17:28:26] [ warn] [engine] service will shutdown in max 5 seconds
[2024/07/16 17:28:26] [ info] [input] pausing splunk.0
[2024/07/16 17:28:26] [ info] [engine] service has stopped (0 pending tasks)
[2024/07/16 17:28:26] [ info] [input] pausing splunk.0
[2024/07/16 17:28:26] [ info] [output:stdout:stdout.0] thread worker #0 stopping...
[2024/07/16 17:28:26] [ info] [output:stdout:stdout.0] thread worker #0 stopped

curl requests

$ curl -k "https://localhost:8090/services/collector" \
    -H "Authorization: Splunk 7bba8847-4aee-4e62-ba7b-08c6139e42b9" -H "application/json" \
    -d '{"event": "Pony 1 has left the barn"}{"event": "Pony 2 has left the barn"}{"event": "Pony 3 has left the barn", "nested": {"key1": "value1"}}' -vvv
$ curl -k "https://localhost:8090/services/collector" \
    -H "Authorization: Splunk 4e63c0c9-c3b5-4a0a-bf4d-bfd5bc0d0070" -H "application/json" \
    -d '{"event": "Pony 1 has left the barn"}{"event": "Pony 2 has left the barn"}{"event": "Pony 3 has left the barn", "nested": {"key1": "value1"}}' -vvv

Attached Valgrind output that shows no leaks or memory corruption was found

==3019829== 
==3019829== HEAP SUMMARY:
==3019829==     in use at exit: 0 bytes in 0 blocks
==3019829==   total heap usage: 17,443 allocs, 17,443 frees, 2,611,669 bytes allocated
==3019829== 
==3019829== All heap blocks were freed -- no leaks are possible
==3019829== 
==3019829== For lists of detected and suppressed errors, rerun with: -s
==3019829== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

And

==3019675== 
==3019675== HEAP SUMMARY:
==3019675==     in use at exit: 0 bytes in 0 blocks
==3019675==   total heap usage: 17,444 allocs, 17,444 frees, 2,611,935 bytes allocated
==3019675== 
==3019675== All heap blocks were freed -- no leaks are possible
==3019675== 
==3019675== For lists of detected and suppressed errors, rerun with: -s
==3019675== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

Run local packaging test showing all targets (including any new ones) build.
Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

Documentation required for this feature

Backporting

Backport to latest stable release.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Signed-off-by: Hiroshi Hatake <[email protected]>

cosmo0920 added 3 commits July 16, 2024 15:24

in_splunk: Strict check for length of credentials

c664ead

Signed-off-by: Hiroshi Hatake <[email protected]>

in_splunk: Add length checking for storing credentials strictly

24a0c46

Signed-off-by: Hiroshi Hatake <[email protected]>

in_splunk: Trim spaces for the credentials

e55fa3b

Signed-off-by: Hiroshi Hatake <[email protected]>

cosmo0920 requested review from edsiper, leonardo-albertovich, fujimotos and koleini as code owners July 16, 2024 08:30

github-actions bot added the docs-required label Jul 16, 2024

cosmo0920 temporarily deployed to pr July 16, 2024 08:30 — with GitHub Actions Inactive

cosmo0920 changed the title ~~Cosmo0920 strict check for credentials~~ in_splunk: Process strict check for credentials Jul 16, 2024

cosmo0920 temporarily deployed to pr July 16, 2024 08:50 — with GitHub Actions Inactive

edsiper merged commit b1af4a1 into master Jul 16, 2024
46 of 48 checks passed

edsiper deleted the cosmo0920-strict-check-for-credentials branch July 16, 2024 16:35

edsiper added this to the Fluent Bit v3.1.3 milestone Jul 16, 2024

BrewTestBot mentioned this pull request Jul 17, 2024

fluent-bit 3.1.3 Homebrew/homebrew-core#177616

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

in_splunk: Process strict check for credentials #9094

in_splunk: Process strict check for credentials #9094

cosmo0920 commented Jul 16, 2024 •

edited

Loading

in_splunk: Process strict check for credentials #9094

in_splunk: Process strict check for credentials #9094

Conversation

cosmo0920 commented Jul 16, 2024 • edited Loading

cosmo0920 commented Jul 16, 2024 •

edited

Loading