From 6b7cd34fa58bc6f7b7d724ad3b56512ff3ce8537 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Duarte?= Date: Wed, 19 Mar 2025 17:36:19 +0000 Subject: [PATCH 1/2] support base64 encoded api key --- .../outputs/elasticsearch/http_client_builder.rb | 5 ++++- spec/unit/outputs/elasticsearch_spec.rb | 12 ++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/lib/logstash/outputs/elasticsearch/http_client_builder.rb b/lib/logstash/outputs/elasticsearch/http_client_builder.rb index b7344499..d45848a3 100644 --- a/lib/logstash/outputs/elasticsearch/http_client_builder.rb +++ b/lib/logstash/outputs/elasticsearch/http_client_builder.rb @@ -190,7 +190,10 @@ def self.setup_api_key(logger, params) return {} unless (api_key && api_key.value) - { "Authorization" => "ApiKey " + Base64.strict_encode64(api_key.value) } + # support key_id:key for b64(key_id:key) + api_key_b64 = api_key.value.match?(/:/) ? Base64.strict_encode64(api_key.value) : api_key + + { "Authorization" => "ApiKey " + api_key_b64 } end private diff --git a/spec/unit/outputs/elasticsearch_spec.rb b/spec/unit/outputs/elasticsearch_spec.rb index ac713c5c..a6b70fe3 100644 --- a/spec/unit/outputs/elasticsearch_spec.rb +++ b/spec/unit/outputs/elasticsearch_spec.rb @@ -1520,14 +1520,22 @@ describe "API key" do let(:manticore_options) { subject.client.pool.adapter.manticore.instance_variable_get(:@options) } let(:api_key) { "some_id:some_api_key" } - let(:base64_api_key) { "ApiKey c29tZV9pZDpzb21lX2FwaV9rZXk=" } + let(:base64_api_key) { "c29tZV9pZDpzb21lX2FwaV9rZXk=" } shared_examples 'secure api-key authenticated client' do let(:do_register) { true } it 'adds the appropriate Authorization header to the manticore client' do - expect(manticore_options[:headers]).to eq({ "Authorization" => base64_api_key }) + expect(manticore_options[:headers]).to eq({ "Authorization" => "ApiKey #{base64_api_key}" }) end + + context "when api_key is already base64 encoded" do + let(:api_key) { base64_api_key } + it 'passes the base64 encoded api to the headers as-is' do + expect(manticore_options[:headers]).to eq({ "Authorization" => "ApiKey #{base64_api_key}" }) + end + end + it 'is provides ssl_enabled=>true to the http client builder' do; aggregate_failures do expect(described_class::HttpClientBuilder).to have_received(:build).with(anything, anything, hash_including('ssl_enabled'=>true)) end; end From 86c1203ab82ab5c24848962abfb183f2c3c9e123 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Duarte?= Date: Wed, 19 Mar 2025 17:39:55 +0000 Subject: [PATCH 2/2] oops --- lib/logstash/outputs/elasticsearch/http_client_builder.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/logstash/outputs/elasticsearch/http_client_builder.rb b/lib/logstash/outputs/elasticsearch/http_client_builder.rb index d45848a3..921f168b 100644 --- a/lib/logstash/outputs/elasticsearch/http_client_builder.rb +++ b/lib/logstash/outputs/elasticsearch/http_client_builder.rb @@ -191,7 +191,7 @@ def self.setup_api_key(logger, params) return {} unless (api_key && api_key.value) # support key_id:key for b64(key_id:key) - api_key_b64 = api_key.value.match?(/:/) ? Base64.strict_encode64(api_key.value) : api_key + api_key_b64 = api_key.value.match?(/:/) ? Base64.strict_encode64(api_key.value) : api_key.value { "Authorization" => "ApiKey " + api_key_b64 } end