Skip to content

out_stackdriver: add trust_payload_local_resource_id option#12027

Draft
erain wants to merge 4 commits into
fluent:masterfrom
erain:pr-c-attribution
Draft

out_stackdriver: add trust_payload_local_resource_id option#12027
erain wants to merge 4 commits into
fluent:masterfrom
erain:pr-c-attribution

Conversation

@erain

@erain erain commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds a trust_payload_local_resource_id option (default: true, existing behavior unchanged) to the Stackdriver output.

The plugin reads logging.googleapis.com/local_resource_id from the log payload to derive the k8s_container / k8s_pod / k8s_node monitored-resource labels. In multi-tenant pipelines the payload is workload-controlled: a compromised or malicious workload can forge this field and attribute its log entries to another namespace/pod/container across trust boundaries (log-injection/forgery). The Go-based logging agent addressed the same issue in GoogleCloudPlatform/k8s-stackdriver#1186.

With trust_payload_local_resource_id false:

  • the payload local_resource_id is ignored; resource labels are derived only from trusted sources — the tag (tag_prefix + regex), configured resource_labels, or a payload monitored-resource map;
  • when none of those sources is available, entries fall back to the cluster-scoped k8s_cluster resource (project/location/cluster labels from plugin config) rather than packing workload-scoped labels forged from the payload.

This is defense-in-depth for pipelines that currently trust the payload value; pipelines where the tag regex always resolves (e.g. standard tail + kubernetes setups) see no behavioral difference other than the forged value being ignored.

Note: stacked on #12023 (the first two commits belong to that PR); marked draft until it merges. Will rebase to just the two trust_payload_local_resource_id commits afterwards.

Testing

  • New runtime tests:
    • resource_k8s_container_untrusted: payload-supplied local_resource_id with a non-matching tag falls back to k8s_cluster with no workload labels.
    • resource_k8s_container_untrusted_tag_wins: a tag matching the default regex still resolves the full k8s_container resource; the untrusted payload value is ignored.
  • ctest -R flb-rt-out_stackdriver passes (full suite, including the multi-worker concurrency test).
  • Valgrind memcheck on the new tests: 0 errors, no leaks.

Documentation

  • Docs PR for the new config option to follow in fluent/fluent-bit-docs once the option name/semantics are settled in review.

Backporting

  • [N/A] New optional feature, no backport needed.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

erain and others added 4 commits June 30, 2026 19:33
When the output runs with workers >= 2, multiple flush threads call
stackdriver_format() concurrently on the shared plugin context and overwrite
the same ctx->pod_name / namespace_name / container_name / node_name /
local_resource_id strings (flb_sds_destroy + flb_sds_create), causing
use-after-free / double-free crashes (SIGSEGV) under load.

Move these per-flush fields into a stack-local struct stackdriver_format_ctx
owned by stackdriver_format(), thread the resource helpers through it, and
release them in a single cleanup path. The shared context no longer holds
mutable per-record resource state, so the format path is safe for any worker
count without locking.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Yu Yi <yiyu@google.com>
Add resource_k8s_container_concurrency: two output workers across five input
streams formatting k8s_container records concurrently, exercising the
thread-local format context and guarding against the resource-string data race.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Yu Yi <yiyu@google.com>
The logging.googleapis.com/local_resource_id field is read from the log
payload to derive the k8s_container/k8s_pod/k8s_node monitored resource
labels. In multi-tenant pipelines the payload is workload-controlled, so
a compromised or malicious workload can forge this field and attribute
its log entries to another namespace/pod/container across trust
boundaries.

Add a trust_payload_local_resource_id option (default: true, preserving
existing behavior). When set to false:

- the payload local_resource_id is ignored; resource labels are only
  derived from the tag (via tag_prefix + regex), configured
  resource_labels, or a payload monitored resource map.
- when none of those trusted sources is available, entries fall back to
  the cluster scoped k8s_cluster resource instead of packing workload
  labels forged from the payload.

This mirrors the hardening previously applied to the Go based logging
agent in GoogleCloudPlatform/k8s-stackdriver#1186.

Signed-off-by: Yu Yi <yiyu@google.com>
Cover the trust_payload_local_resource_id=false behavior:

- resource_k8s_container_untrusted: a payload supplied local_resource_id
  with a non-matching tag falls back to the cluster scoped k8s_cluster
  resource and packs no workload labels.
- resource_k8s_container_untrusted_tag_wins: a tag matching the default
  regex still resolves the full k8s_container resource; the untrusted
  payload value is ignored.

Signed-off-by: Yu Yi <yiyu@google.com>
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5ce9f5f2-d98f-4006-98a6-49d2b83f5e00

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant