out_stackdriver: add trust_payload_local_resource_id option#12027
Draft
erain wants to merge 4 commits into
Draft
out_stackdriver: add trust_payload_local_resource_id option#12027erain wants to merge 4 commits into
erain wants to merge 4 commits into
Conversation
When the output runs with workers >= 2, multiple flush threads call stackdriver_format() concurrently on the shared plugin context and overwrite the same ctx->pod_name / namespace_name / container_name / node_name / local_resource_id strings (flb_sds_destroy + flb_sds_create), causing use-after-free / double-free crashes (SIGSEGV) under load. Move these per-flush fields into a stack-local struct stackdriver_format_ctx owned by stackdriver_format(), thread the resource helpers through it, and release them in a single cleanup path. The shared context no longer holds mutable per-record resource state, so the format path is safe for any worker count without locking. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Yu Yi <yiyu@google.com>
Add resource_k8s_container_concurrency: two output workers across five input streams formatting k8s_container records concurrently, exercising the thread-local format context and guarding against the resource-string data race. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Yu Yi <yiyu@google.com>
The logging.googleapis.com/local_resource_id field is read from the log payload to derive the k8s_container/k8s_pod/k8s_node monitored resource labels. In multi-tenant pipelines the payload is workload-controlled, so a compromised or malicious workload can forge this field and attribute its log entries to another namespace/pod/container across trust boundaries. Add a trust_payload_local_resource_id option (default: true, preserving existing behavior). When set to false: - the payload local_resource_id is ignored; resource labels are only derived from the tag (via tag_prefix + regex), configured resource_labels, or a payload monitored resource map. - when none of those trusted sources is available, entries fall back to the cluster scoped k8s_cluster resource instead of packing workload labels forged from the payload. This mirrors the hardening previously applied to the Go based logging agent in GoogleCloudPlatform/k8s-stackdriver#1186. Signed-off-by: Yu Yi <yiyu@google.com>
Cover the trust_payload_local_resource_id=false behavior: - resource_k8s_container_untrusted: a payload supplied local_resource_id with a non-matching tag falls back to the cluster scoped k8s_cluster resource and packs no workload labels. - resource_k8s_container_untrusted_tag_wins: a tag matching the default regex still resolves the full k8s_container resource; the untrusted payload value is ignored. Signed-off-by: Yu Yi <yiyu@google.com>
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a
trust_payload_local_resource_idoption (default:true, existing behavior unchanged) to the Stackdriver output.The plugin reads
logging.googleapis.com/local_resource_idfrom the log payload to derive thek8s_container/k8s_pod/k8s_nodemonitored-resource labels. In multi-tenant pipelines the payload is workload-controlled: a compromised or malicious workload can forge this field and attribute its log entries to another namespace/pod/container across trust boundaries (log-injection/forgery). The Go-based logging agent addressed the same issue in GoogleCloudPlatform/k8s-stackdriver#1186.With
trust_payload_local_resource_id false:local_resource_idis ignored; resource labels are derived only from trusted sources — the tag (tag_prefix+ regex), configuredresource_labels, or a payload monitored-resource map;k8s_clusterresource (project/location/cluster labels from plugin config) rather than packing workload-scoped labels forged from the payload.This is defense-in-depth for pipelines that currently trust the payload value; pipelines where the tag regex always resolves (e.g. standard
tail+ kubernetes setups) see no behavioral difference other than the forged value being ignored.Testing
resource_k8s_container_untrusted: payload-suppliedlocal_resource_idwith a non-matching tag falls back tok8s_clusterwith no workload labels.resource_k8s_container_untrusted_tag_wins: a tag matching the default regex still resolves the fullk8s_containerresource; the untrusted payload value is ignored.ctest -R flb-rt-out_stackdriverpasses (full suite, including the multi-worker concurrency test).Documentation
Backporting
Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.