[out_oracle_log_analytics] feat: Implement IMDS authentication, chunking

    - Added Oracle Instance Metadata Service (IMDS) authentication, certificate, and key retrieval

    - Implemented log chunking for efficient data handling and transmission

    - Added timezone support for accurate timestamp processing

    - Enhanced credential parsing and metadata extraction

    - Improved error handling and debug logging

Signed-off-by: rghouzra <[email protected]>

fixx size parameter in hash table addition

Signed-off-by: reda ghouzraf <[email protected]>

fix: improve error handling and cleanup

Signed-off-by: rghouzra <[email protected]>

replace cjson with jsmn

Signed-off-by: reda ghouzraf <[email protected]>

replace cjson include with jsmn

Signed-off-by: reda ghouzraf <[email protected]>

fix centos jobs failure

Signed-off-by: rghouzra <[email protected]>

update base64 encoding and improve error handling

Signed-off-by: rghouzra <[email protected]>

enhance openssl compatibility

Signed-off-by: rghouzra <[email protected]>

enhance openssl comptability

Signed-off-by: rghouzra <[email protected]>

 improve error handling in federation handling

Signed-off-by: rghouzra <[email protected]>

refactor of ocid extraction logic

Signed-off-by: rghouzra <[email protected]>

feat: Add tests for oracle logan output plugin

Signed-off-by: rghouzra <[email protected]>

[out_oracle_log_analytics] update tenancy extraction in test mode

Signed-off-by: rghouzra <[email protected]>

[out_oracle_log_analytics] enhance test mode

Signed-off-by: rghouzra <[email protected]>

fix:improve error handling in test

Signed-off-by: rghouzra <[email protected]>

fix: enhance resource cleanup

Signed-off-by: rghouzra <[email protected]>

fix: add resource cleanup for leaf certificate

Signed-off-by: rghouzra <[email protected]>

fix: improve code formatting

Signed-off-by: rghouzra <[email protected]>

[out_oracle_log_analytics] refactor OCI_logan plugin code for clarity and consistency

Signed-off-by: rghouzra <[email protected]>

improve code formatting and line break

Signed-off-by: rghouzra <[email protected]>

Author: rghouzra

plugins/out_oracle_log_analytics/CMakeLists.txt

@@ -1,6 +1,7 @@
 set(src
-   oci_logan.c
-   oci_logan_conf.c
-   )
+ oci_logan.c
+ oci_logan_conf.c
+ oci_logan_helper.c
+ )
 
 FLB_PLUGIN(out_oracle_log_analytics "${src}" "")

plugins/out_oracle_log_analytics/oci_logan.c

@@ -78,6 +78,12 @@
 #define FLB_OCI_MATCH_PREFIX "oci_match_"
 #define FLB_OCI_MATCH_PREFIX_SIZE sizeof(FLB_OCI_MATCH_PREFIX)-1
 
+#define FLB_OCI_LOG_TIMEZONE_KEY "oci_la_timezone"
+#define FLB_OCI_LOG_TIMEZONE_KEY_SIZE sizeof(FLB_OCI_LOG_TIMEZONE_KEY) - 1
+
+#define FLB_OCI_LOG_TIMEZONE "timezone"
+#define FLB_OCI_LOG_TIMEZONE_SIZE sizeof(FLB_OCI_LOG_TIMEZONE) - 1
+
 #ifdef FLB_HAVE_REGEX
 #define FLB_OCI_MATCH_REGEX_PREFIX "oci_match_regex_"
 #define FLB_OCI_MATCH_REGEX_PREFIX_SIZE sizeof(FLB_OCI_MATCH_REGEX_PREFIX)-1
@@ -97,7 +103,7 @@
 #define FLB_OCI_PARAM_INCLUDE_COLLECT_TIME "include_collect_time"
 #define FLB_OCI_PARAM_INCLUDE_COLLECT_TIME_SIZE sizeof(FLB_OCI_PARAM_INCLUDE_COLLECT_TIME)-1
 
-#define FLB_OCI_MATCH_ID_MAX 1000 // TO avoid too large memory allocation
+#define FLB_OCI_MATCH_ID_MAX 1000       // TO avoid too large memory allocation
 
 #define FLB_OCI_DEFAULT_COLLECT_TIME       "oci_collect_time"
 #define FLB_OCI_DEFAULT_COLLECT_TIME_SIZE sizeof(FLB_OCI_DEFAULT_COLLECT_TIME)-1
@@ -150,13 +156,53 @@
 #define FLB_OCI_ERROR_CODE_TOO_MANY_REQUESTS               "TooManyRequests"
 #define FLB_OCI_ERROR_CODE_INTERNAL_SERVER_ERROR           "InternalServerError"
 
+/* for imds request*/
+#define ORACLE_IMDS_HOST "169.254.169.254"
+#define ORACLE_IMDS_BASE_URL "/opc/v2"
+#define ORACLE_IMDS_REGION_PATH "/instance/region"
+#define ORACLE_IMDS_LEAF_CERT_PATH "/identity/cert.pem"
+#define ORACLE_IMDS_LEAF_KEY_PATH "/identity/key.pem"
+#define ORACLE_IMDS_INTERMEDIATE_CERT_PATH "/identity/intermediate.pem"
+#define ORACLE_AUTH_HEADER "Authorization: Bearer Oracle"
+#define ORACLE_IMDS_TOKEN_PATH "/opc/v2/instancePrincipal/token"
+
+
+#define COUNT_OF_REGION (sizeof(region_mappings) / sizeof(region_mappings[0]) - 1)
+
+/* for chunking */
+#define MAX_PAYLOAD_SIZE_BYTES (3800000)        // 3.8 mb
+
 #include <fluent-bit/flb_upstream.h>
 #include <fluent-bit/flb_sds.h>
 #include <fluent-bit/flb_record_accessor.h>
 #include <fluent-bit/flb_hash_table.h>
+#include <fluent-bit/flb_output_plugin.h>
+#include <fluent-bit/flb_upstream.h>
+#include <fluent-bit/flb_upstream_conn.h>
+#include <fluent-bit/flb_http_client.h>
+#include <fluent-bit/flb_log_event_decoder.h>
+#include <fluent-bit/flb_hash_table.h>
+#include <fluent-bit/flb_pack.h>
+#include <fluent-bit/flb_crypto.h>
+#include <fluent-bit/flb_base64.h>
+#include <fluent-bit/flb_hash.h>
+#include <fluent-bit/flb_sds.h>
 #include <monkey/mk_core/mk_list.h>
-
-struct metadata_obj {
+#include <fluent-bit/flb_jsmn.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/bio.h>
+#include <openssl/buffer.h>
+#include <openssl/opensslv.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+#include <msgpack.h>
+#include <string.h>
+
+struct metadata_obj
+{
     flb_sds_t key;
     flb_sds_t val;
     struct mk_list _head;
@@ -165,23 +211,65 @@ struct metadata_obj {
 
 struct flb_oci_error_response
 {
-  flb_sds_t code;
-  flb_sds_t message;
+    flb_sds_t code;
+    flb_sds_t message;
+};
+
+struct flb_oracle_imds
+{
+    flb_sds_t region;
+    flb_sds_t leaf_cert;
+    flb_sds_t leaf_key;
+    flb_sds_t intermediate_cert;
+    flb_sds_t tenancy_ocid;
+    flb_sds_t fingerprint;
+    flb_sds_t session_pubkey;
+    flb_sds_t session_privkey;
+    struct flb_upstream *upstream;
+    struct flb_output_instance *ins;
 };
 
-struct flb_oci_logan {
+struct oci_security_token
+{
+    flb_sds_t token;
+    time_t expires_at;
+    flb_sds_t session_privkey;
+};
+
+typedef struct
+{
+    const char *region;
+    const char *realm;
+} region_realm_mapping_t;
+
+typedef struct
+{
+    const char *short_name;
+    const char *long_name;
+} region_mapping_t;
+
+typedef struct
+{
+    const char *realm_code;
+    const char *domain_suffix;
+} realm_mapping_t;
+
+struct flb_oci_logan
+{
     flb_sds_t namespace;
     flb_sds_t config_file_location;
     flb_sds_t profile_name;
     int oci_config_in_record;
     flb_sds_t uri;
 
+    char *domain_suffix;
     struct flb_upstream *u;
     flb_sds_t proxy;
     char *proxy_host;
     int proxy_port;
 
     // oci_la_* configs
+
     flb_sds_t oci_la_entity_id;
 
     flb_sds_t oci_la_entity_type;
@@ -194,22 +282,37 @@ struct flb_oci_logan {
 
     flb_sds_t oci_la_log_set_id;
 
+    flb_sds_t oci_la_timezone;
+
     struct mk_list *oci_la_global_metadata;
     struct mk_list global_metadata_fields;
     struct mk_list *oci_la_metadata;
     struct mk_list log_event_metadata_fields;
 
-  // config_file
+    // config_file
     flb_sds_t user;
     flb_sds_t region;
     flb_sds_t tenancy;
     flb_sds_t key_fingerprint;
     flb_sds_t key_file;
     /* For OCI signing */
-    flb_sds_t key_id; // tenancy/user/key_fingerprint
+    flb_sds_t key_id;           // tenancy/user/key_fingerprint
     flb_sds_t private_key;
-
     struct flb_output_instance *ins;
 
+    // instance prinicipal auth
+    struct flb_oracle_imds imds;
+    EVP_PKEY *session_key_pair;
+    struct oci_security_token security_token;
+    char *auth_type;
+
+    // dump payload
+    char *payload_files_location;
+    bool dump_payload_file;
 };
+
+int is_valid_timezone(const char *log_timezone);
+const char *get_domain_suffix_for_realm(const char *realm);
+const char *determine_realm_from_region(const char *region);
+const char *long_region_name(char *short_region_name);
 #endif