aws: add a 10s response timeout to http client

[sylr]

Fixes #10051

---

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

• Example configuration file for the change
• Debug log output from testing the change

• Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

• Run local packaging test showing all targets (including any new ones) build.
• Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

• Documentation required for this feature

Backporting

• Backport to latest stable release.

---

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Summary by CodeRabbit

• Bug Fixes
  • Enforced a 10-second response timeout for outgoing HTTP requests to avoid indefinite waits.
  • Improves stability and predictability by failing faster when remote services are slow or unresponsive.
  • Users will see quicker error feedback under poor network conditions, enabling faster retries or fallback behavior.

[coderabbitai]

Walkthrough

Adds a 10-second HTTP response timeout macro and applies it to the per-request HTTP client in src/aws/flb_aws_util.c by calling flb_http_set_response_timeout(...) in request_do immediately after the client is created and validated.

Changes

Cohort / File(s)	Summary
AWS HTTP client timeout src/aws/flb_aws_util.c	Add FLB_MAX_AWS_RESP_TIMEOUT = 10 and call flb_http_set_response_timeout(c, FLB_MAX_AWS_RESP_TIMEOUT) after HTTP client creation in request_do; replace hard-coded literal with macro.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Caller
    participant AWSUtil as flb_aws_util.c:request_do
    participant HTTP as HTTP Client

    Caller->>AWSUtil: request_do(...)
    AWSUtil->>HTTP: create HTTP client
    Note right of AWSUtil #e6f7ff: set response timeout = 10s
    AWSUtil->>HTTP: flb_http_set_response_timeout(10)
    AWSUtil->>HTTP: flb_http_buffer_size(...)
    HTTP-->>AWSUtil: response / error
    alt Response within 10s
        AWSUtil-->>Caller: return response
    else Timeout after 10s
        AWSUtil-->>Caller: return timeout error
    end

Loading

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Assessment against linked issues

Objective	Addressed	Explanation
Add timeouts to IMDSv2-related HTTP calls [#10051]	✅

Possibly related PRs

• http_client: add response and read idle timeouts #10801 — Uses flb_http_set_response_timeout; closely related API usage.

Suggested reviewers

• koleini

"I nibble bytes where timeouts grow,
A ten-second hop, then watch logs flow.
No endless pause, no silent night,
I thump my foot and set things right.
Logs leap forth, the meadow bright." 🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b638d1b and 3ff0010.

📒 Files selected for processing (1)

• src/aws/flb_aws_util.c (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• src/aws/flb_aws_util.c

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (29)

• GitHub Check: pr-windows-build / call-build-windows-package (Windows 64bit (Arm64), amd64_arm64, -DCMAKE_SYSTEM_NAME=Windows -DCMA...
• GitHub Check: pr-windows-build / call-build-windows-package (Windows 64bit, x64, x64-windows-static, 3.31.6)
• GitHub Check: pr-windows-build / call-build-windows-package (Windows 32bit, x86, x86-windows-static, 3.31.6)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=Off, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_ARROW=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_THREAD=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_COVERAGE=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=Off, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_UNDEFINED=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_THREAD=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_UNDEFINED=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_MEMORY=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_ADDRESS=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_MEMORY=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_ADDRESS=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=Off, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SMALL=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=Off, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SMALL=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=On, 3.31.6, clang, clang++)
• GitHub Check: pr-compile-system-libs (-DFLB_PREFER_SYSTEM_LIBS=On, 3.31.6, clang, clang++, ubuntu-22.04, clang-12)
• GitHub Check: pr-compile-system-libs (-DFLB_PREFER_SYSTEM_LIBS=On, 3.31.6, clang, clang++, ubuntu-24.04, clang-14)
• GitHub Check: pr-compile-system-libs (-DFLB_PREFER_SYSTEM_LIBS=On, 3.31.6, gcc, g++, ubuntu-22.04, clang-12)
• GitHub Check: pr-compile-centos-7
• GitHub Check: pr-compile-system-libs (-DFLB_PREFER_SYSTEM_LIBS=On, 3.31.6, gcc, g++, ubuntu-24.04, clang-14)
• GitHub Check: PR - fuzzing test

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/aws/flb_aws_util.c (1)

374-381: Fix potential NULL dereference: move timeout after the NULL check

flb_http_set_response_timeout(c, 10); is called before validating c. If flb_http_client(...) returns NULL, this dereferences NULL and can crash. Move the timeout call to immediately after the if (!c) { ... goto error; } block.

Apply:

     c = flb_http_client(u_conn, method, uri,
                         body, body_len,
                         aws_client->host, aws_client->port,
                         aws_client->proxy, aws_client->flags);
-    flb_http_set_response_timeout(c, 10);

-    if (!c) {
+    if (!c) {
         if (aws_client->debug_only == FLB_TRUE) {
             flb_debug("[aws_client] could not initialize request");
         }
         else {
             flb_error("[aws_client] could not initialize request");
         }
         goto error;
     }
+
+    /* 10s response timeout to avoid indefinite waits (e.g., IMDSv2 drops) */
+    flb_http_set_response_timeout(c, 10);

🧹 Nitpick comments (2)

src/aws/flb_aws_util.c (2)

374-381: Avoid magic number; define a named constant and document units

Make the timeout value self-descriptive and easier to tune.

Apply:

 #define FLB_MAX_AWS_RESP_BUFFER_SIZE 0 /* 0 means unlimited capacity as per requirement */
+/* Seconds */
+#define FLB_AWS_HTTP_RESPONSE_TIMEOUT_SEC 10

And use it:

-    flb_http_set_response_timeout(c, 10);
+    flb_http_set_response_timeout(c, FLB_AWS_HTTP_RESPONSE_TIMEOUT_SEC);

---

374-381: Confirm 10s is sufficient across all AWS calls using this path

request_do backs many AWS integrations (STS, S3, IMDS, etc.). A 10s response-timeout is likely fine, but please sanity-check long-tail environments (slow proxies, throttled networks) and IMDSv2 failure mode to ensure this neither times out legitimate calls nor remains too lenient.

Would you like a follow-up change to make this configurable via env/instance config (e.g., FLB_AWS_HTTP_RESPONSE_TIMEOUT_SEC) or per-client field?

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 070e761 and b638d1b.

📒 Files selected for processing (1)

• src/aws/flb_aws_util.c (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/aws/flb_aws_util.c (1)

src/flb_http_client.c (1)

• flb_http_set_response_timeout (1162-1166)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (29)

• GitHub Check: pr-windows-build / call-build-windows-package (Windows 32bit, x86, x86-windows-static, 3.31.6)
• GitHub Check: pr-windows-build / call-build-windows-package (Windows 64bit (Arm64), amd64_arm64, -DCMAKE_SYSTEM_NAME=Windows -DCMA...
• GitHub Check: pr-windows-build / call-build-windows-package (Windows 64bit, x64, x64-windows-static, 3.31.6)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_ADDRESS=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_ARROW=On, 3.31.6, gcc, g++)
• GitHub Check: pr-compile-system-libs (-DFLB_PREFER_SYSTEM_LIBS=On, 3.31.6, clang, clang++, ubuntu-24.04, clang-14)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=Off, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_MEMORY=On, 3.31.6, gcc, g++)
• GitHub Check: pr-compile-system-libs (-DFLB_PREFER_SYSTEM_LIBS=On, 3.31.6, clang, clang++, ubuntu-22.04, clang-12)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_THREAD=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=Off, 3.31.6, gcc, g++)
• GitHub Check: pr-compile-system-libs (-DFLB_PREFER_SYSTEM_LIBS=On, 3.31.6, gcc, g++, ubuntu-22.04, clang-12)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_UNDEFINED=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_COVERAGE=On, 3.31.6, gcc, g++)
• GitHub Check: pr-compile-centos-7
• GitHub Check: pr-compile-system-libs (-DFLB_PREFER_SYSTEM_LIBS=On, 3.31.6, gcc, g++, ubuntu-24.04, clang-14)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_THREAD=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_UNDEFINED=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_MEMORY=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SMALL=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_ADDRESS=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SMALL=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=Off, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=Off, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=On, 3.31.6, clang, clang++)
• GitHub Check: PR - fuzzing test