diff --git a/lib/logstash/outputs/elasticsearch/http_client_builder.rb b/lib/logstash/outputs/elasticsearch/http_client_builder.rb index b7344499..921f168b 100644 --- a/lib/logstash/outputs/elasticsearch/http_client_builder.rb +++ b/lib/logstash/outputs/elasticsearch/http_client_builder.rb @@ -190,7 +190,10 @@ def self.setup_api_key(logger, params) return {} unless (api_key && api_key.value) - { "Authorization" => "ApiKey " + Base64.strict_encode64(api_key.value) } + # support key_id:key for b64(key_id:key) + api_key_b64 = api_key.value.match?(/:/) ? Base64.strict_encode64(api_key.value) : api_key.value + + { "Authorization" => "ApiKey " + api_key_b64 } end private diff --git a/spec/unit/outputs/elasticsearch_spec.rb b/spec/unit/outputs/elasticsearch_spec.rb index ac713c5c..a6b70fe3 100644 --- a/spec/unit/outputs/elasticsearch_spec.rb +++ b/spec/unit/outputs/elasticsearch_spec.rb @@ -1520,14 +1520,22 @@ describe "API key" do let(:manticore_options) { subject.client.pool.adapter.manticore.instance_variable_get(:@options) } let(:api_key) { "some_id:some_api_key" } - let(:base64_api_key) { "ApiKey c29tZV9pZDpzb21lX2FwaV9rZXk=" } + let(:base64_api_key) { "c29tZV9pZDpzb21lX2FwaV9rZXk=" } shared_examples 'secure api-key authenticated client' do let(:do_register) { true } it 'adds the appropriate Authorization header to the manticore client' do - expect(manticore_options[:headers]).to eq({ "Authorization" => base64_api_key }) + expect(manticore_options[:headers]).to eq({ "Authorization" => "ApiKey #{base64_api_key}" }) end + + context "when api_key is already base64 encoded" do + let(:api_key) { base64_api_key } + it 'passes the base64 encoded api to the headers as-is' do + expect(manticore_options[:headers]).to eq({ "Authorization" => "ApiKey #{base64_api_key}" }) + end + end + it 'is provides ssl_enabled=>true to the http client builder' do; aggregate_failures do expect(described_class::HttpClientBuilder).to have_received(:build).with(anything, anything, hash_including('ssl_enabled'=>true)) end; end