1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
//! HTTP sink executor.
use crate::config::{HttpBatchMode, HttpSinkAuth, HttpSinkConfig};
use async_trait::async_trait;
use faucet_core::util::{DEFAULT_ERROR_BODY_MAX_LEN, check_http_response};
use faucet_core::{AuthSpec, Credential, FaucetError, SharedAuthProvider};
use futures::stream::{FuturesUnordered, StreamExt};
use serde_json::Value;
use std::collections::HashMap;
/// Map a [`Credential`] from a shared provider onto the [`HttpSinkAuth`]
/// representation so the existing header-application path can be reused.
fn credential_to_auth(cred: Credential) -> HttpSinkAuth {
match cred {
Credential::Bearer(token) => HttpSinkAuth::Bearer { token },
Credential::Token(token) => HttpSinkAuth::Custom {
headers: HashMap::from([("Authorization".to_string(), token)]),
},
Credential::Basic { username, password } => HttpSinkAuth::Basic { username, password },
Credential::Header { name, value } => HttpSinkAuth::Custom {
headers: HashMap::from([(name, value)]),
},
}
}
/// An HTTP sink that sends records to an HTTP endpoint.
pub struct HttpSink {
config: HttpSinkConfig,
client: reqwest::Client,
/// Optional shared auth provider. When set, it takes precedence over inline
/// auth. Set via [`HttpSink::with_auth_provider`].
auth_provider: Option<SharedAuthProvider>,
}
impl HttpSink {
/// Create a new HTTP sink from the given configuration.
pub fn new(config: HttpSinkConfig) -> Self {
Self {
config,
client: reqwest::Client::new(),
auth_provider: None,
}
}
/// Attach a shared [`AuthProvider`](faucet_core::AuthProvider). When set,
/// the provider supplies the credential for every request (taking
/// precedence over inline auth), so several sinks can share one token with
/// single-flight refresh. Used by the CLI to resolve `auth: { ref }`, and
/// by library callers who construct one provider and inject it into many
/// sinks.
pub fn with_auth_provider(mut self, provider: SharedAuthProvider) -> Self {
self.auth_provider = Some(provider);
self
}
/// Resolve the effective auth for the current batch. The provider (if any)
/// takes precedence; otherwise inline auth is used. A bare
/// `AuthSpec::Reference` with no provider is an error.
async fn resolve_auth(&self) -> Result<HttpSinkAuth, FaucetError> {
if let Some(provider) = &self.auth_provider {
Ok(credential_to_auth(provider.credential().await?))
} else {
match &self.config.auth {
AuthSpec::Inline(a) => Ok(a.clone()),
AuthSpec::Reference(r) => Err(FaucetError::Auth(format!(
"auth references provider '{}' but no provider was supplied; \
set one via the CLI `auth:` catalog or `with_auth_provider`",
r.name
))),
}
}
}
/// Build an HTTP request with auth and headers applied.
fn apply_auth(
&self,
mut req: reqwest::RequestBuilder,
auth: &HttpSinkAuth,
) -> Result<reqwest::RequestBuilder, FaucetError> {
match auth {
HttpSinkAuth::None => {}
HttpSinkAuth::Bearer { token } => {
req = req.bearer_auth(token);
}
HttpSinkAuth::Basic { username, password } => {
req = req.basic_auth(username, Some(password));
}
HttpSinkAuth::Custom { headers } => {
let mut hm = reqwest::header::HeaderMap::new();
for (name, value) in headers {
let n =
reqwest::header::HeaderName::from_bytes(name.as_bytes()).map_err(|e| {
FaucetError::Auth(format!("invalid custom header name {name:?}: {e}"))
})?;
let v = reqwest::header::HeaderValue::from_str(value).map_err(|e| {
FaucetError::Auth(format!("invalid custom header value for {name:?}: {e}"))
})?;
hm.insert(n, v);
}
req = req.headers(hm);
}
}
Ok(req)
}
/// Build an HTTP request with the given pre-resolved auth and body.
fn build_request_with_auth(
&self,
body: &Value,
auth: &HttpSinkAuth,
) -> Result<reqwest::RequestBuilder, FaucetError> {
let req = self
.client
.request(self.config.method.clone(), &self.config.url)
.headers(self.config.headers.clone())
.json(body);
self.apply_auth(req, auth)
}
/// Send a single request with retry logic, using the pre-resolved `auth`.
async fn send_with_retry(&self, body: &Value, auth: &HttpSinkAuth) -> Result<(), FaucetError> {
let mut last_error = None;
for attempt in 0..=self.config.max_retries {
let req = self.build_request_with_auth(body, auth)?;
match req.send().await {
Ok(resp) => match check_http_response(resp, DEFAULT_ERROR_BODY_MAX_LEN).await {
Ok(_) => return Ok(()),
Err(e) => {
if attempt < self.config.max_retries && e.is_retriable() {
tracing::warn!(
attempt = attempt + 1,
max_retries = self.config.max_retries,
error = %e,
"retrying request"
);
last_error = Some(e);
continue;
}
return Err(e);
}
},
Err(e) => {
let faucet_err = FaucetError::Http(e);
if attempt < self.config.max_retries && faucet_err.is_retriable() {
tracing::warn!(
attempt = attempt + 1,
max_retries = self.config.max_retries,
error = %faucet_err,
"retrying request"
);
last_error = Some(faucet_err);
continue;
}
return Err(faucet_err);
}
}
}
Err(last_error.unwrap_or_else(|| FaucetError::Sink("max retries exhausted".into())))
}
}
#[async_trait]
impl faucet_core::Sink for HttpSink {
fn config_schema(&self) -> serde_json::Value {
serde_json::to_value(faucet_core::schema_for!(HttpSinkConfig))
.expect("schema serialization")
}
/// Non-mutating preflight probe (probe name `"network"`).
///
/// Issues a lightweight `HEAD` request to the configured endpoint over the
/// existing reqwest client. We only care that the host is reachable — that
/// DNS, TCP, TLS and the server all work — so **any** HTTP response (2xx,
/// 4xx including `405 Method Not Allowed`, or 5xx) counts as a pass. Only a
/// transport/connection error (no response at all) is a failure.
async fn check(
&self,
ctx: &faucet_core::check::CheckContext,
) -> Result<faucet_core::check::CheckReport, FaucetError> {
use faucet_core::check::{CheckReport, Probe};
// Resolve auth so authenticated endpoints don't reject the connection
// before we learn the host is reachable. An unresolvable auth ref is a
// configuration failure surfaced on this probe.
let auth = match self.resolve_auth().await {
Ok(a) => a,
Err(e) => {
return Ok(CheckReport::single(Probe::fail_hint(
"network",
std::time::Duration::ZERO,
e.to_string(),
"check the configured auth / that a shared auth provider is wired up",
)));
}
};
let started = std::time::Instant::now();
let hint = "check the url / DNS / TLS / that the host is reachable";
let req = self
.client
.head(&self.config.url)
.headers(self.config.headers.clone());
let req = match self.apply_auth(req, &auth) {
Ok(r) => r,
Err(e) => {
return Ok(CheckReport::single(Probe::fail_hint(
"network",
started.elapsed(),
e.to_string(),
hint,
)));
}
};
let probe = match tokio::time::timeout(ctx.timeout, req.send()).await {
// Any HTTP response means DNS + TCP + TLS + the host all work.
Ok(Ok(_)) => Probe::pass("network", started.elapsed()),
// Transport/connection error: no response received.
Ok(Err(e)) => Probe::fail_hint("network", started.elapsed(), e.to_string(), hint),
Err(_) => Probe::fail_hint("network", started.elapsed(), "timed out", hint),
};
Ok(CheckReport::single(probe))
}
async fn write_batch(&self, records: &[Value]) -> Result<usize, FaucetError> {
if records.is_empty() {
return Ok(0);
}
// Resolve auth once per batch (provider-first, then inline).
let auth = self.resolve_auth().await?;
match &self.config.batch_mode {
HttpBatchMode::Individual => {
// Run `send_with_retry` for every record with at most
// `concurrency` in-flight at once. We drive a
// `FuturesUnordered` directly, refilling it as each future
// completes, instead of acquiring permits up-front the way
// the previous semaphore-based code did — that approach
// deadlocked because permits were acquired sequentially in
// a loop before any future actually ran, so after
// `concurrency` iterations the next `acquire_owned().await`
// would block forever (closes #59).
let concurrency = self.config.concurrency.max(1);
let mut in_flight = FuturesUnordered::new();
let mut iter = records.iter();
for record in iter.by_ref().take(concurrency) {
in_flight.push(self.send_with_retry(record, &auth));
}
while let Some(result) = in_flight.next().await {
result?;
if let Some(record) = iter.next() {
in_flight.push(self.send_with_retry(record, &auth));
}
}
tracing::debug!(records = records.len(), "HTTP individual batch written");
Ok(records.len())
}
HttpBatchMode::Array => {
// `batch_size = 0` is the "no batching" sentinel: forward
// whatever upstream handed us as a single JSON-array POST,
// preserving `StreamPage` framing. Otherwise re-chunk into
// `batch_size` slices and issue one POST per chunk.
let effective_chunk = if self.config.batch_size == 0 {
records.len()
} else {
self.config.batch_size
};
let mut total = 0;
for chunk in records.chunks(effective_chunk) {
let array = Value::Array(chunk.to_vec());
self.send_with_retry(&array, &auth).await?;
total += chunk.len();
}
tracing::debug!(
records = total,
batch_size = self.config.batch_size,
"HTTP array batch written"
);
Ok(total)
}
}
}
/// Report per-row outcomes so the DLQ router dead-letters only the records
/// that genuinely failed.
///
/// In **Individual** mode every record is an independent POST, so each
/// record's success/failure is attributable: we attempt *all* of them
/// (unlike `write_batch`, whose `?` short-circuits on the first failure)
/// and return one `Ok`/`Err` per record. Without this
/// override the default impl would surface the first error as an outer
/// `Err`, and under `on_batch_error: dlq_all` the pipeline would route the
/// *entire* batch to the DLQ — duplicating the already-delivered rows
/// against a non-idempotent endpoint (#146 M14).
///
/// In **Array** mode a single array POST cannot attribute a failure to
/// specific rows, so it stays all-or-nothing (matches the default trait
/// impl): the whole batch surfaces as an outer `Err` and the router's
/// `on_batch_error` policy decides whether to abort or dead-letter it.
async fn write_batch_partial(
&self,
records: &[Value],
) -> Result<Vec<faucet_core::RowOutcome>, FaucetError> {
if records.is_empty() {
return Ok(Vec::new());
}
let auth = self.resolve_auth().await?;
match &self.config.batch_mode {
HttpBatchMode::Individual => {
let concurrency = self.config.concurrency.max(1);
let auth = &auth;
// Attempt every record (failures don't short-circuit the
// siblings) with at most `concurrency` POSTs in flight. Tag each
// outcome with its index so we can restore record order after
// the unordered completion. The per-record futures are built
// eagerly (lazy, not yet polled) so `buffer_unordered` drives a
// single concrete future type.
let pending: Vec<_> =
records
.iter()
.enumerate()
.map(|(idx, record)| async move {
(idx, self.send_with_retry(record, auth).await)
})
.collect();
let mut indexed: Vec<(usize, faucet_core::RowOutcome)> =
futures::stream::iter(pending)
.buffer_unordered(concurrency)
.collect()
.await;
indexed.sort_by_key(|(idx, _)| *idx);
tracing::debug!(
records = records.len(),
"HTTP individual partial batch written"
);
Ok(indexed.into_iter().map(|(_, outcome)| outcome).collect())
}
HttpBatchMode::Array => {
self.write_batch(records).await?;
Ok(records.iter().map(|_| Ok(())).collect())
}
}
}
}
#[cfg(test)]
mod tests {
use super::*;
use crate::config::HttpSinkConfig;
#[test]
fn creates_sink() {
let config = HttpSinkConfig::new("https://api.example.com/ingest");
let _sink = HttpSink::new(config);
}
#[test]
fn build_request_applies_bearer_auth() {
let auth = HttpSinkAuth::Bearer {
token: "my-token".into(),
};
let config = HttpSinkConfig::new("https://api.example.com/ingest").auth(auth.clone());
let sink = HttpSink::new(config);
let req = sink
.build_request_with_auth(&serde_json::json!({"test": true}), &auth)
.unwrap()
.build()
.unwrap();
let auth_header = req
.headers()
.get("authorization")
.unwrap()
.to_str()
.unwrap();
assert!(auth_header.starts_with("Bearer "));
assert!(auth_header.contains("my-token"));
}
#[test]
fn build_request_applies_basic_auth() {
let auth = HttpSinkAuth::Basic {
username: "user".into(),
password: "pass".into(),
};
let config = HttpSinkConfig::new("https://api.example.com/ingest").auth(auth.clone());
let sink = HttpSink::new(config);
let req = sink
.build_request_with_auth(&serde_json::json!({"test": true}), &auth)
.unwrap()
.build()
.unwrap();
let auth_header = req
.headers()
.get("authorization")
.unwrap()
.to_str()
.unwrap();
assert!(auth_header.starts_with("Basic "));
}
#[test]
fn build_request_uses_configured_method() {
let config =
HttpSinkConfig::new("https://api.example.com/ingest").method(reqwest::Method::PUT);
let sink = HttpSink::new(config);
let req = sink
.build_request_with_auth(&serde_json::json!({"test": true}), &HttpSinkAuth::None)
.unwrap()
.build()
.unwrap();
assert_eq!(req.method(), reqwest::Method::PUT);
}
}