Passing http request headers in the event metadata for http source

[divbok]

Description

Adds a new metadata_headers configuration option to the HTTP source plugin that allows users to extract HTTP request headers and attach them as event metadata. This enables downstream processors and sinks to route, filter, or enrich events based on HTTP headers.

How it works

• Whitelist mode: Configure specific header names to extract:

  metadata_headers: ["X-Tenant-Id", "X-Region"]

• Disabled (default): When metadata_headers is not set or null, no headers are extracted.

Header key normalization

• All header keys are lowercased in event metadata regardless of how they were sent by the client or configured in the YAML. This is because Armeria (the underlying HTTP server) normalizes all header names to lowercase per the HTTP/2 specification. For example, a header sent as X-Tenant-Id is stored in metadata as x-tenant-id.
• Sensitive header filtering
  A hardcoded blocklist of sensitive headers is always filtered out, regardless of configuration. This includes authorization, cookie, x-api-key, x-amz-security-token, x-amz-credential, and others.
• Multi-value headers
  Headers with multiple values (e.g., X-Forwarded-For appearing twice) are stored as a List. Single-value headers are stored as a plain String.
• Current limitations
  This feature is currently only supported for the in-memory buffer (BlockingBuffer). The byte buffer / Kafka buffer path does not propagate metadata headers yet.

Example pipeline

log-pipeline:
source:
  http:
    port: 2021
    path: "/log/ingest"
    metadata_headers: ["X-Tenant-Id", "X-Region"]
route:
  - tenant_alpha: 'getMetadata("headers/x-tenant-id") == "team-alpha"'
  - us_west: 'getMetadata("headers/x-region") == "us-west-2"'
sink:
  - file:
      path: "/tmp/alpha.log"
      routes: ["tenant_alpha"]
  - file:
      path: "/tmp/us_west.log"
      routes: ["us_west"]

curl -X POST http://localhost:2021/log/ingest \
  -H "Content-Type: application/json" \
  -H "X-Tenant-Id: team-alpha" \
  -H "X-Region: us-west-2" \
  -d '[{"message": "hello"}]'

Issues Resolved

Resolves #6239

Check List

• New functionality includes testing.
• New functionality has a documentation issue. Please link to it in this PR.
  • New functionality has javadoc added
• Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[dlvenable]

Thanks @divbok for this contribution!

[dlvenable]

I'm not sure about supporting * without supporting regex in general. I think if we wanted this, we should add metadata_headers_regex instead. This would be consistent with other processors that support literals and regex.

[divbok]

I will add the regex config in a follow up PR

[dlvenable]

I think we don't need any logging here. Maybe a TRACE if you want.

[dlvenable]

Put this in its own class and test it there.

[dlvenable]

Use a mocked Buffer instead. Then you don't need to use read. Verify that it is called and use an ArgumentCaptor.

[dlvenable]

I tend to think that this should go into it's own class. You can unit test this more easily. Then verify an interaction with the mock in the unit tests for LogHTTPService.

[dlvenable]

This approach will put all the headers as metadata in the root of the metadata. I wonder if it would make more sense to have these under headers in the metadata. Do we support nested metadata? If not, then I guess this is the approach we should take.

[github-actions]

✅ License Header Check Passed

All newly added files have proper license headers. Great work! 🎉

[oeyh]

Suggest using empty list as default. Otherwise it's null by default and will need null check wherever it's used.

Suggested change

	private List<String> metadataHeaders;
	private List<String> metadataHeaders = Collections.emptyList();

[oeyh]

All records in a batch share the exact same extractedHeaders map instance in their metadata. If a processor downstream somehow mutates the map, it will affect other records in the batch, might cause a surprise. We can wrap extractedHeaders in Collections.unmodifiableMap() to prevents accidental in-place mutation.

[dlvenable]

I believe this is causing the failure:

HTTPSourceConfigTest > testDefault() FAILED
    org.opentest4j.AssertionFailedError: expected: <null> but was: <[]>

This is now an empty collection by default which is good.

[dlvenable]

How can we consolidate this block with line 138? We seem to have a split in how we create records that could result in discrepancies.

[dlvenable]

Did you mean to remove this?

[divbok]

Added it back.

[dlvenable]

You should use an empty collection for consistency. new HttpHeaderExtractor() or new HttpHeaderExtractor(Collections.emptySet())

[dlvenable]

Require this to be non-null.

[divbok]

Done

[dlvenable]

Remove metadataHeaders == null after other changes I suggested.

[dlvenable]

This can be Collection<String> You don't require ordering.

[dlvenable]

Thank you for the contribution @divbok !