diff --git a/tests/internal/aws_credentials_sts.c b/tests/internal/aws_credentials_sts.c
index 146d937e794..d342e158aed 100644
--- a/tests/internal/aws_credentials_sts.c
+++ b/tests/internal/aws_credentials_sts.c
@@ -32,50 +32,6 @@
#define WEB_TOKEN_FILE FLB_TESTS_DATA_PATH "/data/aws_credentials/\
web_identity_token_file.txt"
-#define STS_RESPONSE_EKS "\n\
- \n\
- amzn1.account.AF6RHO7KZU5XRVQJGXK6HB56KR2A\n\
-\n\
- client.5498841531868486423.1548@apps.example.com\n\
- \n\
- arn:aws:sts::123456789012:assumed-role/WebIdentityRole/app1\n\
- AROACLKWSDQRAOEXAMPLE:app1\n\
- \n\
- \n\
- eks_token\n\
- eks_skid\n\
- 2025-10-24T23:00:23Z\n\
- eks_akid\n\
- \n\
- www.amazon.com\n\
- \n\
- \n\
- ad4156e9-bce1-11e2-82e6-6b6efEXAMPLE\n\
- \n\
-"
-
-#define STS_RESPONSE_ASSUME_ROLE "\n\
- \n\
- \n\
- arn:aws:sts::123456789012:assumed-role/demo/TestAR\n\
- ARO123EXAMPLE123:TestAR\n\
- \n\
- \n\
- sts_akid\n\
- sts_skid\n\
- sts_token\n\
- 2025-11-09T13:34:41Z\n\
- \n\
- 6\n\
- \n\
- \n\
- c6104cbe-af31-11e0-8154-cbc7ccf896c7\n\
- \n\
-"
-
/*
* Unexpected/invalid STS response. The goal of this is not to test anything
* that might happen in production, but rather to test the error handling
@@ -96,6 +52,119 @@ response would have"
*/
int g_request_count;
+static char *build_eks_response_with_ttl_calloc(time_t ttl_secs, size_t *out_len)
+{
+ time_t exp = time(NULL) + ttl_secs;
+ struct tm gm;
+ char expbuf[32];
+ const char *tmpl;
+ size_t need = 0;
+ char *buf = 0;
+
+ gmtime_r(&exp, &gm);
+ strftime(expbuf, sizeof(expbuf), "%Y-%m-%dT%H:%M:%SZ", &gm);
+
+ tmpl =
+ "\n"
+ " \n"
+ " amzn1.account.AF6RHO7KZU5XRVQJGXK6HB56KR2A\n"
+ "\n"
+ " client.5498841531868486423.1548@apps.example.com\n"
+ " \n"
+ " arn:aws:sts::123456789012:assumed-role/WebIdentityRole/app1\n"
+ " AROACLKWSDQRAOEXAMPLE:app1\n"
+ " \n"
+ " \n"
+ " eks_token\n"
+ " eks_skid\n"
+ " %s\n"
+ " eks_akid\n"
+ " \n"
+ " www.amazon.com\n"
+ " \n"
+ " \n"
+ " ad4156e9-bce1-11e2-82e6-6b6efEXAMPLE\n"
+ " \n"
+ "";
+
+ need = (size_t)snprintf(NULL, 0, tmpl, expbuf) + 1;
+ buf = flb_calloc(1, need);
+ if (!buf) {
+ flb_errno();
+ return NULL;
+ }
+ snprintf(buf, need, tmpl, expbuf);
+ if (out_len) {
+ *out_len = need - 1;
+ }
+ return buf;
+}
+
+static char *build_sts_response_with_ttl_calloc(time_t ttl_secs, size_t *out_len)
+{
+ time_t exp = time(NULL) + ttl_secs;
+ struct tm gm;
+ char expbuf[32];
+ const char *tmpl;
+ size_t need = 0;
+ char *buf = 0;
+
+ gmtime_r(&exp, &gm);
+ strftime(expbuf, sizeof(expbuf), "%Y-%m-%dT%H:%M:%SZ", &gm);
+
+ tmpl =
+ "\n\
+ \n\
+ \n\
+ arn:aws:sts::123456789012:assumed-role/demo/TestAR\n\
+ ARO123EXAMPLE123:TestAR\n\
+ \n\
+ \n\
+ sts_akid\n\
+ sts_skid\n\
+ sts_token\n\
+ %s\n\
+ \n\
+ 6\n\
+ \n\
+ \n\
+ c6104cbe-af31-11e0-8154-cbc7ccf896c7\n\
+ \n\
+ ";
+
+ need = (size_t)snprintf(NULL, 0, tmpl, expbuf) + 1;
+ buf = flb_calloc(1, need);
+ if (!buf) {
+ flb_errno();
+ return NULL;
+ }
+ snprintf(buf, need, tmpl, expbuf);
+ if (out_len) {
+ *out_len = need - 1;
+ }
+ return buf;
+}
+
+static void http_test_attach_owned_payload(struct flb_http_client *c,
+ char *buf, size_t len)
+{
+ c->resp.status = 200;
+ c->resp.data = buf;
+ c->resp.data_len = len;
+ c->resp.data_size = len + 1;
+ c->resp.data_size_max = c->resp.data_size;
+
+ c->resp.headers_end = c->resp.data;
+ c->resp.payload = buf;
+ c->resp.payload_size = len;
+
+ c->resp.content_length = -1;
+ c->resp.chunked_encoding = FLB_FALSE;
+ c->resp.connection_close = -1;
+}
+
/* Each test case has its own request function */
/* unexpected output test- see description for STS_RESPONSE_MALFORMED */
@@ -124,6 +193,8 @@ struct flb_http_client *request_eks_test1(struct flb_aws_client *aws_client,
int method, const char *uri)
{
struct flb_http_client *c;
+ char *payload = NULL;
+ size_t payload_len = 0;
TEST_CHECK(method == FLB_HTTP_GET);
TEST_CHECK(strstr(uri, "Action=AssumeRoleWithWebIdentity") != NULL);
@@ -139,10 +210,13 @@ struct flb_http_client *request_eks_test1(struct flb_aws_client *aws_client,
return NULL;
}
mk_list_init(&c->headers);
+ payload = build_eks_response_with_ttl_calloc(3600, &payload_len);
+ TEST_CHECK(payload != NULL);
+ if (!payload) {
+ return NULL;
+ }
- c->resp.status = 200;
- c->resp.payload = STS_RESPONSE_EKS;
- c->resp.payload_size = strlen(STS_RESPONSE_EKS);
+ http_test_attach_owned_payload(c, payload, payload_len);
return c;
}
@@ -153,6 +227,8 @@ struct flb_http_client *request_eks_flb_sts_session_name(struct flb_aws_client
const char *uri)
{
struct flb_http_client *c;
+ char *payload = NULL;
+ size_t payload_len = 0;
TEST_CHECK(method == FLB_HTTP_GET);
TEST_CHECK(strstr(uri, "Action=AssumeRoleWithWebIdentity") != NULL);
@@ -171,10 +247,13 @@ struct flb_http_client *request_eks_flb_sts_session_name(struct flb_aws_client
return NULL;
}
mk_list_init(&c->headers);
+ payload = build_eks_response_with_ttl_calloc(3600, &payload_len);
+ TEST_CHECK(payload != NULL);
+ if (!payload) {
+ return NULL;
+ }
- c->resp.status = 200;
- c->resp.payload = STS_RESPONSE_EKS;
- c->resp.payload_size = strlen(STS_RESPONSE_EKS);
+ http_test_attach_owned_payload(c, payload, payload_len);
return c;
}
@@ -213,6 +292,8 @@ struct flb_http_client *request_sts_test1(struct flb_aws_client *aws_client,
int method, const char *uri)
{
struct flb_http_client *c;
+ char *payload = NULL;
+ size_t payload_len = 0;
TEST_CHECK(method == FLB_HTTP_GET);
TEST_CHECK(strstr(uri, "Action=AssumeRole") != NULL);
@@ -228,10 +309,13 @@ struct flb_http_client *request_sts_test1(struct flb_aws_client *aws_client,
return NULL;
}
mk_list_init(&c->headers);
+ payload = build_sts_response_with_ttl_calloc(3600, &payload_len);
+ TEST_CHECK(payload != NULL);
+ if (!payload) {
+ return NULL;
+ }
- c->resp.status = 200;
- c->resp.payload = STS_RESPONSE_ASSUME_ROLE;
- c->resp.payload_size = strlen(STS_RESPONSE_ASSUME_ROLE);
+ http_test_attach_owned_payload(c, payload, payload_len);
return c;
}
@@ -384,19 +468,28 @@ static void test_process_sts_response()
struct flb_aws_credentials *creds;
struct flb_config *config;
time_t expiration;
+ char *payload = NULL;
+ size_t payload_len = 0;
config = flb_config_init();
if (config == NULL) {
return;
}
- creds = flb_parse_sts_resp(STS_RESPONSE_EKS, &expiration);
+ payload = build_eks_response_with_ttl_calloc(3600, &payload_len);
+ TEST_CHECK(payload != NULL);
+ if (!payload) {
+ return;
+ }
+
+ creds = flb_parse_sts_resp(payload, &expiration);
TEST_CHECK(strcmp(EKS_ACCESS_KEY, creds->access_key_id) == 0);
TEST_CHECK(strcmp(EKS_SECRET_KEY, creds->secret_access_key) == 0);
TEST_CHECK(strcmp(EKS_TOKEN, creds->session_token) == 0);
flb_aws_credentials_destroy(creds);
+ flb_free(payload);
flb_config_exit(config);
}