in_splunk: return Splunk HEC auth status codes#12043
Conversation
Signed-off-by: lecaros <lecaros@chronosphere.io>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe Splunk HEC input plugin now returns distinct JSON error responses for missing credentials, malformed authorization headers, and unknown tokens, including 401 and 403 status codes. Integration coverage was added for these auth cases. ChangesSplunk HEC auth response differentiation
Estimated code review effort: 3 (Moderate) | ~25 minutes Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d0612246fe
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Signed-off-by: lecaros <lecaros@chronosphere.io>
d061224 to
35c0fff
Compare
Signed-off-by: lecaros <lecaros@chronosphere.io>
Align
in_splunkHEC authentication failures with Splunk's documented HTTP status codes and JSON error bodies.Previously, every auth failure returned 401 with plain text
error: unauthorized\n. That breaks clients (e.g. Adobe Cloud onboarding prechecks) that expect Splunk's documented behavior:AuthorizationheadersAuthorization: Splunk <token>where the token is unknownThis change classifies auth failures in
validate_auth_header_ng()and returns Splunk-compatible JSON responses fromsplunk_prot_handle_ng().Authorization: Splunk <configured>{"text":"Success","code":0}Authorization{"text":"Token is required","code":2}Authorization: <token>(noSplunkprefix){"text":"Invalid authorization","code":3}Authorization: Splunk <wrong>{"text":"Invalid token","code":4}Auth is enforced only when
splunk_tokenis configured. Behavior without a configured token is unchanged.Fixes #12036
Testing
Before we can approve your change; please submit the following in a comment:
config
Debug log
valgrind
Backporting
Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.
Summary by CodeRabbit