Add cookies and basic_auth_eager options

simmel · simmel · commit 68649554d3aa · 2018-06-15T15:28:55.000+02:00
Make automatic cookie management and to use eager/preemptive Basic
Authentication configurable.
diff --git a/lib/logstash/outputs/elasticsearch.rb b/lib/logstash/outputs/elasticsearch.rb
@@ -229,6 +229,17 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
   # Custom Headers to send on each request to elasticsearch nodes
   config :custom_headers, :validate => :hash, :default => {}
 
+  # Enable automatic cookie management between requests
+  config :cookies, :validate => :boolean, :default => false
+
+  # Eagerly offer the Authorization header before the server challenges for it when using Basic Auth
+  config :basic_auth_eager, :validate => :boolean, :default => true
+
+  def build_client
+    params["metric"] = metric
+    @client ||= ::LogStash::Outputs::ElasticSearch::HttpClientBuilder.build(@logger, @hosts, params)
+  end
+
   def build_client
     params["metric"] = metric
     @client ||= ::LogStash::Outputs::ElasticSearch::HttpClientBuilder.build(@logger, @hosts, params)
diff --git a/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb b/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb
@@ -60,7 +60,7 @@ def perform_request(url, method, path, params={}, body=nil)
           # We have to unescape the password here since manticore won't do it
           # for us unless its part of the URL
           :password => CGI.unescape(url.password), 
-          :eager => true 
+          :eager => params["basic_auth_eager"]
         }
       end
 
diff --git a/lib/logstash/outputs/elasticsearch/http_client_builder.rb b/lib/logstash/outputs/elasticsearch/http_client_builder.rb
@@ -4,6 +4,7 @@ module LogStash; module Outputs; class ElasticSearch;
   module HttpClientBuilder
     def self.build(logger, hosts, params)
       client_settings = {
+        :cookies => params["cookies"],
         :pool_max => params["pool_max"],
         :pool_max_per_route => params["pool_max_per_route"],
         :check_connection_timeout => params["validate_after_inactivity"],
@@ -146,6 +147,7 @@ def self.setup_basic_auth(logger, params)
       return {} unless user && password && password.value
 
       {
+        :basic_auth_eager => params["basic_auth_eager"],
         :user => CGI.escape(user),
         :password => CGI.escape(password.value)
       }
diff --git a/spec/unit/http_client_builder_spec.rb b/spec/unit/http_client_builder_spec.rb
@@ -13,9 +13,10 @@
       allow(secured).to receive(:value).and_return(password)
       secured
     end
+    let(:basic_auth_eager) { true }
     let(:options) { {"user" => user, "password" => password} }
     let(:logger) { mock("logger") }
-    let(:auth_setup) { klass.setup_basic_auth(double("logger"), {"user" => user, "password" => password_secured}) }
+    let(:auth_setup) { klass.setup_basic_auth(double("logger"), {"user" => user, "password" => password_secured, "basic_auth_eager" => basic_auth_eager}) }
 
     it "should return the user escaped" do
       expect(auth_setup[:user]).to eql(CGI.escape(user))
diff --git a/spec/unit/outputs/elasticsearch/http_client/manticore_adapter_spec.rb b/spec/unit/outputs/elasticsearch/http_client/manticore_adapter_spec.rb
@@ -3,7 +3,9 @@
 
 describe LogStash::Outputs::ElasticSearch::HttpClient::ManticoreAdapter do
   let(:logger) { Cabin::Channel.get }
-  let(:options) { {} }
+  let(:options) { {
+    "basic_auth_eager" => true
+  } }
 
   subject { described_class.new(logger, options) }
 
@@ -19,6 +21,10 @@
   describe "auth" do
     let(:user) { "myuser" }
     let(:password) { "mypassword" }
+    let(:basic_auth_eager) { true }
+    let(:params) { {
+      "basic_auth_eager" => basic_auth_eager
+    } }
     let(:noauth_uri) { clone = uri.clone; clone.user=nil; clone.password=nil; clone }
     let(:uri) { ::LogStash::Util::SafeURI.new("http://#{user}:#{password}@localhost:9200") }
     
@@ -32,15 +38,16 @@
       
       expect(subject.manticore).to receive(:get).
         with(expected_uri.to_s, {
+          "basic_auth_eager" => basic_auth_eager,
           :headers => {"Content-Type" => "application/json"},
           :auth => {
             :user => user,
             :password => password,
-            :eager => true
+            :eager => basic_auth_eager
           }
         }).and_return resp
       
-      subject.perform_request(uri, :get, "/")
+      subject.perform_request(uri, :get, "/", params)
     end
   end
 

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ def perform_request(url, method, path, params={}, body=nil)`
`60`	`60`	`# We have to unescape the password here since manticore won't do it`
`61`	`61`	`# for us unless its part of the URL`
`62`	`62`	`:password => CGI.unescape(url.password),`
`63`		`- :eager => true`
	`63`	`+ :eager => params["basic_auth_eager"]`
`64`	`64`	`}`
`65`	`65`	`end`
`66`	`66`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@ module LogStash; module Outputs; class ElasticSearch;`
`4`	`4`	`module HttpClientBuilder`
`5`	`5`	`def self.build(logger, hosts, params)`
`6`	`6`	`client_settings = {`
	`7`	`+ :cookies => params["cookies"],`
`7`	`8`	`:pool_max => params["pool_max"],`
`8`	`9`	`:pool_max_per_route => params["pool_max_per_route"],`
`9`	`10`	`:check_connection_timeout => params["validate_after_inactivity"],`
`@@ -146,6 +147,7 @@ def self.setup_basic_auth(logger, params)`
`146`	`147`	`return {} unless user && password && password.value`
`147`	`148`
`148`	`149`	`{`
	`150`	`+ :basic_auth_eager => params["basic_auth_eager"],`
`149`	`151`	`:user => CGI.escape(user),`
`150`	`152`	`:password => CGI.escape(password.value)`
`151`	`153`	`}`