out_es: fix elasticsearch output api key usage

[graphaelli]

fixes #10948

---

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

• [N/A] Example configuration file for the change
• [N/A] Debug log output from testing the change
• [N/A] Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

• [N/A] Run local packaging test showing all targets (including any new ones) build.
• Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

• [N/A] Documentation required for this feature

Backporting

• Backport to latest stable release.

---

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Summary by CodeRabbit

• Bug Fixes
  • Improved reliability of API key authentication for the Elasticsearch output so authorization headers are built consistently across environments.
  • Reduced risk of request failures related to header construction, increasing stability during authenticated deliveries.
  • No configuration changes or user actions required; behavior is transparent to users.

[coderabbitai]

Walkthrough

Replaces direct formatting into a NULL SDS with explicit preallocation when building the Elasticsearch HTTP Authorization header for API key auth: allocate an SDS sized for the header, then format "ApiKey " into it. No public interfaces were changed.

Changes

Cohort / File(s)	Summary of Changes
Elasticsearch output header construction plugins/out_es/es.c	Allocate an SDS buffer with flb_sds_create_size(...) and populate it via flb_sds_printf(&header_line, "ApiKey %s", ctx->http_api_key) instead of calling flb_sds_printf(NULL, ...). Error handling and header addition remain the same.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant CB as cb_es_flush
    participant SDS as flb_sds (allocated)
    participant HTTP as http_client / headers

    CB->>SDS: flb_sds_create_size(len)
    CB->>SDS: flb_sds_printf(&header_line, "ApiKey %s", ctx->http_api_key)
    SDS-->>CB: header_line ("ApiKey <key>")
    CB->>HTTP: add header ("Authorization": header_line)
    CB->>HTTP: perform request / flush
    alt success
        HTTP-->>CB: response
    else error
        HTTP-->>CB: error -> cleanup
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• out_es: add apikey to available auth types #10461 — Introduced Elasticsearch API key authentication and the original header construction logic; this change adjusts that header creation.

Suggested reviewers

• braydonk
• edsiper
• PettitWesley

Poem

I nibbled bytes and fixed a leak,
Prebuilt my burrow, tidy and sleek.
No more crashes in the night,
Header snug — encoded right.
Hop, commit, and take a bite 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title “out_es: fix elasticsearch output api key usage” clearly identifies the affected component and succinctly describes the primary change, namely correcting the API key handling in the Elasticsearch output plugin, and follows the required “out_es:” prefix convention.
Linked Issues Check	✅ Passed	The pull request directly addresses the segmentation fault detailed in issue #10948 by pre-allocating an SDS buffer for the API key header and formatting it safely, thereby resolving the crash in cb_es_flush when using API key authentication.
Out of Scope Changes Check	✅ Passed	All modifications are confined to the header construction logic in plugins/out_es/es.c, with no changes to unrelated files or features, ensuring that the pull request contains no out-of-scope alterations.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5779614 and 0470788.

📒 Files selected for processing (1)

• plugins/out_es/es.c (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• plugins/out_es/es.c

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d21e8de and e6f5b03.

📒 Files selected for processing (1)

• plugins/out_es/es.c (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

plugins/out_es/es.c (1)

src/flb_sds.c (2)

• flb_sds_create_size (92-95)
• flb_sds_printf (336-387)

[graphaelli]

existing docs issue: fluent/fluent-bit-docs#1727

[graphaelli]

@braydonk Can you help us get this reviewed and labeled for backport like you did for #10461 ?

[tkennedy1-godaddy]

I'm like be wary of code rabbit which, with my help for not reading carefully enough, introduced this bug: #10461 (comment)

[braydonk]

I'm like be wary of code rabbit which, with my help for not reading carefully enough, introduced this bug: #10461 (comment)

Wow yeah Coderabbit screwed this one up. I should have caught this too in the review, so my bad as well!

[braydonk]

Commit messages need to be prefixed with out_es:

[graphaelli]

squashed the two commits to one while force pushing anyway to update commit messages, thanks.