Skip to content

out_splunk: change http_passwd default value from "" to NULL #11314

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
CrashLaker wants to merge 1 commit into
base: master
Choose a base branch
from
Open

out_splunk: change http_passwd default value from "" to NULL #11314

CrashLaker wants to merge 1 commit into from
+1 −1

Conversation

@CrashLaker
Copy link

@CrashLaker CrashLaker commented Dec 24, 2025
edited by coderabbitai bot
Loading

addresses #11301

from FLB_CONFIG_MAP_STR, "http_passwd", "",

to FLB_CONFIG_MAP_STR, "http_passwd", NULL,

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

  • Example configuration file for the change
  • Debug log output from testing the change

example run:
image

conf

[INPUT]
  name splunk
  listen 0.0.0.0
  port 8088
  tls off
  tls.verify off
  store_token_in_metadata true

[OUTPUT]
  name stdout
  match *

[OUTPUT]
  name splunk
  match *
  host localhost
  port 8888
  tls off
  tls.verify off
  http_user ZZZ

conf2

[INPUT]
  name dummy

[OUTPUT]
  name splunk
  host localhost
  port 8088
  tls off
  tls.verify off
  Splunk_Token AAA

conf3

[INPUT]
  name dummy

[OUTPUT]
  name splunk
  host localhost
  port 8088
  tls off
  tls.verify off
  Splunk_Token BBB

start print

Fluent Bit v4.2.2
* Copyright (C) 2015-2025 The Fluent Bit Authors
* Fluent Bit is a CNCF graduated project under the Fluent organization
* https://fluentbit.io

______ _                  _    ______ _ _             ___   _____ 
|  ___| |                | |   | ___ (_) |           /   | / __  \
| |_  | |_   _  ___ _ __ | |_  | |_/ /_| |_  __   __/ /| | `' / /'
|  _| | | | | |/ _ \ '_ \| __| | ___ \ | __| \ \ / / /_| |   / /  
| |   | | |_| |  __/ | | | |_  | |_/ / | |_   \ V /\___  |_./ /___
\_|   |_|\__,_|\___|_| |_|\__| \____/|_|\__|   \_/     |_(_)_____/
                                                                  
             Fluent Bit v4.2 – Direct Routes Ahead
         Celebrating 10 Years of Open, Fluent Innovation!

[2025/12/24 21:24:51.95145216] [ info] [fluent bit] version=4.2.2, commit=ddfef360d7, pid=63145
[2025/12/24 21:24:51.95213048] [ info] [storage] ver=1.5.4, type=memory, sync=normal, checksum=off, max_chunks_up=128
[2025/12/24 21:24:51.95229948] [ info] [simd    ] disabled
[2025/12/24 21:24:51.95235329] [ info] [cmetrics] version=1.0.6
[2025/12/24 21:24:51.95244089] [ info] [ctraces ] version=0.6.6
[2025/12/24 21:24:51.95322881] [ info] [input:splunk:splunk.0] initializing
[2025/12/24 21:24:51.95335211] [ info] [input:splunk:splunk.0] storage_strategy='memory' (memory only)
[2025/12/24 21:24:51.95441444] [ info] [input:splunk:splunk.0] listening on 0.0.0.0:8088
[2025/12/24 21:24:51.95757213] [ info] [output:stdout:stdout.0] worker #0 started
[2025/12/24 21:24:51.95979679] [ info] [output:splunk:splunk.1] worker #0 started
[2025/12/24 21:24:51.96092022] [ info] [sp] stream processor started
[2025/12/24 21:24:51.96123483] [ info] [output:splunk:splunk.1] worker #1 started
[2025/12/24 21:24:51.96148123] [ info] [engine] Shutdown Grace Period=5, Shutdown Input Grace Period=2
[0] splunk.0: [[1766611491.302205969, {"hec_token"=>"Splunk BBB"}], {"time"=>1766611480.299107, "event"=>{"message"=>"dummy"}}]
[1] splunk.0: [[1766611491.302364073, {"hec_token"=>"Splunk BBB"}], {"time"=>1766611484.299124, "event"=>{"message"=>"dummy"}}]
[2] splunk.0: [[1766611491.302420675, {"hec_token"=>"Splunk AAA"}], {"time"=>1766611479.299183, "event"=>{"message"=>"dummy"}}]

flask app

from flask import Flask, request
app = Flask(__name__)

@app.route('/services/collector/event', methods=['POST'])
def hello_world():
    print(request.headers)
    return 'Hello, World!'

if __name__ == '__main__':
    app.run(host="0.0.0.0", port="8888", debug=True)

flask application to get headers
image

Please refer to the Developer Guide for instructions on building Fluent Bit with Valgrind support:
https://github.com/fluent/fluent-bit/blob/master/DEVELOPER_GUIDE.md#valgrind
Invoke Fluent Bit and Valgrind as: $ valgrind --leak-check=full ./bin/fluent-bit

valgrind run
valgrind ./fluent-bit -c conf

ending

[2025/12/24 21:23:27.304159569] [ info] [output:stdout:stdout.0] thread worker #0 stopping...
[2025/12/24 21:23:27.310661178] [ info] [output:stdout:stdout.0] thread worker #0 stopped
[2025/12/24 21:23:27.344923999] [ info] [output:splunk:splunk.1] thread worker #0 stopping...
[2025/12/24 21:23:27.346641964] [ info] [output:splunk:splunk.1] thread worker #0 stopped
[2025/12/24 21:23:27.348299827] [ info] [output:splunk:splunk.1] thread worker #1 stopping...
[2025/12/24 21:23:27.348608595] [ info] [output:splunk:splunk.1] thread worker #1 stopped
==63061== 
==63061== HEAP SUMMARY:
==63061==     in use at exit: 0 bytes in 0 blocks
==63061==   total heap usage: 13,061 allocs, 13,061 frees, 12,303,089 bytes allocated
==63061== 
==63061== All heap blocks were freed -- no leaks are possible
==63061== 
==63061== Use --track-origins=yes to see where uninitialised values come from
==63061== For lists of detected and suppressed errors, rerun with: -s
==63061== ERROR SUMMARY: 325184 errors from 1000 contexts (suppressed: 0 from 0)

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Summary by CodeRabbit

  • Bug Fixes
    • Updated Splunk plugin password default handling so missing credentials are recognized and validated consistently, preventing unintended empty-string behavior and improving credential validation and error handling.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link

coderabbitai bot commented Dec 24, 2025
edited
Loading

📝 Walkthrough

Walkthrough

The Splunk output plugin's config map now initializes the http_passwd field to NULL instead of an empty string, changing how absent HTTP password credentials are represented in the plugin context.

Changes

Cohort / File(s) Summary
Splunk plugin config default
plugins/out_splunk/splunk.c		 Changed default for http_passwd in the plugin config map from "" (empty string) to NULL, altering initial credential state.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested reviewers

  • edsiper
  • fujimotos

Poem

I nibble on lines of config neat,
A quiet swap, a tiny feat,
From empty string to NULL I bound,
A softer state where gaps are found,
Hop on, the code is tidy now 🐇✨

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and specifically describes the main change: modifying the http_passwd default value from an empty string to NULL in the out_splunk plugin, which matches the core change in the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings
📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8cd1b3a and 4c0370b.

📒 Files selected for processing (1)
  • plugins/out_splunk/splunk.c
🔇 Additional comments (1)
plugins/out_splunk/splunk.c (1)

1074-1078: Good fix for authentication logic.

Changing the default from "" to NULL correctly fixes the authentication behavior. With an empty string, the condition at line 964 if (ctx->http_user && ctx->http_passwd) would evaluate to true even when no password was configured, potentially causing unintended basic auth attempts. With NULL, the condition correctly evaluates to false, allowing proper fallback to auth_header or metadata_auth_header.

NULL handling is safe. The context is initialized via flb_calloc (which zeros memory) and the config_map framework automatically populates struct fields using the configured defaults. The codebase already uses NULL checks elsewhere (e.g., line 246), confirming framework support.

Configuration pairing is implicitly validated. The dual condition if (ctx->http_user && ctx->http_passwd) ensures basic auth only activates when both are set. If http_user is configured without http_passwd (now NULL), basic auth is correctly skipped in favor of fallback methods.

Note: Other plugins (prometheus_remote_write, opensearch, loki, influxdb, http, es) still use empty string "" as the default for http_passwd. This change creates minor inconsistency across the codebase, though each plugin's authentication logic handles it correctly.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@cosmo0920 cosmo0920 changed the title change http_passwd default value from "" to NULL out_splunk: change http_passwd default value from "" to NULL Jan 6, 2026
cosmo0920
cosmo0920 requested changes Jan 6, 2026
View reviewed changes
Copy link
Contributor

@cosmo0920 cosmo0920 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The patch is good but we need to follow the guideline for commit message.
Plus, our linter of commit messages complains like:

❌ Commit 8cd1b3accd failed:
Missing prefix in commit subject: 'change http_passwd default value from "" to NULL'


Commit prefix validation failed.

@CrashLaker
Copy link
Author

CrashLaker commented Jan 7, 2026
edited
Loading

hi @cosmo0920
thank you for reviewing the PR
i'm afraid i don't know how to add a new commit to an existing PR. could you please help me?

if I just add a new commit to the branch in my account CrashLaker:out_splunk-http_passwd-NULL-default2 will it appear here?

edit:
just rewrote the commit message with git commit --amend

regards,c

@CrashLaker CrashLaker force-pushed the out_splunk-http_passwd-NULL-default2 branch from 8cd1b3a to 4c0370b Compare January 7, 2026 16:06
@cosmo0920
Copy link
Contributor

cosmo0920 commented Jan 9, 2026

We need to use out_splunk: prefix in a commit message like:

out_splunk: change http_passwd default value to NULL

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cosmo0920 cosmo0920 cosmo0920 requested changes

@edsiper edsiper Awaiting requested review from edsiper edsiper is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

docs-required

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CrashLaker @cosmo0920