out_azure_kusto: fix SIGSEGV crashes, resource handle leaks, and HTTP buffer sizing

[tanmaya-panda1]

this PR fixes several stability and reliability fixes for the out_azure_kusto plugin:

• Defer close old resource handles in next cycle — prevents use-after-free by deferring destruction of old resource handles to the next rotation cycle
• Add comments & logs for cleanup — improved logging and documentation for resource cleanup paths
• Close OAuth handles in case of failure — proper cleanup of OAuth handles on error paths to prevent handle leaks
• Add comments — additional code documentation for clarity
• Fix SIGSEGV crashes from concurrent resource rotation and shutdown — fixes segfault caused by concurrent access during resource rotation and plugin shutdown
• Increased HTTP buffer size configuration — allows HTTP response buffer to grow as needed for MSI auth and workload identity token endpoints

---

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

• Example configuration file for the change
• Debug log output from testing the change

• Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

• Run local packaging test showing all targets (including any new ones) build.
• Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

• Documentation required for this feature

Backporting

• Backport to latest stable release.

---

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Summary by CodeRabbit

• Bug Fixes
  • Enhanced authentication error logging for improved troubleshooting of MSI and OAuth2 token failures with clearer context
  • Strengthened resource cleanup during initialization to prevent resource leaks
  • Added protection against concurrent resource reloading conflicts to improve stability
  • Optimized HTTP client buffer sizing for more reliable Azure ingestion operations
  • Improved error handling in token retrieval and mutex management

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 375896ba-6bc4-40cb-a08b-d2affa005295

📥 Commits

Reviewing files that changed from the base of the PR and between 51e1721 and 8398a10.

📒 Files selected for processing (5)

• plugins/out_azure_kusto/azure_kusto.c
• plugins/out_azure_kusto/azure_kusto.h
• plugins/out_azure_kusto/azure_kusto_conf.c
• plugins/out_azure_kusto/azure_kusto_ingest.c
• plugins/out_azure_kusto/azure_msiauth.c

---

📝 Walkthrough

Walkthrough

This pull request enhances the Azure Kusto output plugin with improved error handling, defensive coding patterns, and resource lifecycle management. Changes include strengthened token error logging, mutex-protected resource reloading with deferred cleanup to prevent use-after-free conditions, initialization failure cleanup, and HTTP buffer configuration.

Changes

Cohort / File(s)	Summary
Token and Authentication plugins/out_azure_kusto/azure_kusto.c, plugins/out_azure_kusto/azure_msiauth.c	Enhanced token retrieval error logging with specific messages for NULL MSI tokens and detailed OAuth2 failure reporting; added HTTP buffer dynamic growth via flb_http_buffer_size(c, 0) after HTTP client creation; improved mutex handling for allocation failures.
Resource Management & Configuration plugins/out_azure_kusto/azure_kusto.h, plugins/out_azure_kusto/azure_kusto_conf.c	Extended struct to track concurrent reload state (loading_in_progress) and deferred cleanup handles (old_blob_ha, old_queue_ha, old_identity_token); implemented mutex-protected reload logic with staleness checks and retry prevention on concurrent reloads; added deferred cleanup of old resources before moving current handles.
Initialization & Cleanup plugins/out_azure_kusto/azure_kusto.c	Strengthened initialization failure paths with proper cleanup of config, storage context, upstream context, and mutexes; added defensive null-chunk handling in buffered ingestion loop.
HTTP Ingestion plugins/out_azure_kusto/azure_kusto_ingest.c	Added flb_http_buffer_size(c, 0) calls in blob upload and queue ingestion paths for dynamic HTTP response buffer growth; removed debug log for upstream connection timeout.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• fluent/fluent-bit#10975: Modifies the same diagnostic log in plugins/out_azure_kusto/azure_kusto_ingest.c related to pre-Azure-storage-API timeout messaging.

Suggested labels

docs-required, backport to v4.0.x, backport to v4.1.x

Suggested reviewers

• edsiper
• koleini
• fujimotos

Poem

🐰 With mutexes held and cleanup deferred,
We guard against races both seen and unheard,
Old tokens retire with grace and with care,
While buffers grow dynamically in the air,
Safety through logs and defensive rebound! 🔐

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 57.14% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately summarizes the main changes: fixing SIGSEGV crashes, resource handle leaks, and HTTP buffer sizing issues in the out_azure_kusto plugin.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[tanmaya-panda1]

==========================================
FULL VALGRIND REPORT: Buffering OFF

==9== Memcheck, a memory error detector
==9== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==9== Using Valgrind-3.24.0 and LibVEX; rerun with -h for copyright info
==9== Command: ./bin/fluent-bit -c /fluent-bit/etc/buffering-off.conf
==9== Parent PID: 8
==9==
==9==
==9== HEAP SUMMARY:
==9== in use at exit: 0 bytes in 0 blocks
==9== total heap usage: 151,516 allocs, 151,516 frees, 57,502,662 bytes allocated
==9==
==9== All heap blocks were freed -- no leaks are possible
==9==
==9== For lists of detected and suppressed errors, rerun with: -s
==9== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

==========================================
FULL VALGRIND REPORT: Buffering ON

==9== Memcheck, a memory error detector
==9== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==9== Using Valgrind-3.24.0 and LibVEX; rerun with -h for copyright info
==9== Command: ./bin/fluent-bit -c /fluent-bit/etc/buffering-on.conf
==9== Parent PID: 8
==9==
==9==
==9== HEAP SUMMARY:
==9== in use at exit: 0 bytes in 0 blocks
==9== total heap usage: 30,616 allocs, 30,616 frees, 22,310,976 bytes allocated
==9==
==9== All heap blocks were freed -- no leaks are possible
==9==
==9== For lists of detected and suppressed errors, rerun with: -s
==9== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)