Add cookies and basic_auth_eager options

Make automatic cookie management and to use eager/preemptive Basic Authentication configurable.
logstash-plugins · Jun 15, 2018 · ac64a84 · ac64a84
1 parent 443b07b
commit ac64a84
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 5 deletions.
diff --git a/lib/logstash/outputs/elasticsearch.rb b/lib/logstash/outputs/elasticsearch.rb
@@ -229,6 +229,12 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
   # Custom Headers to send on each request to elasticsearch nodes
   config :custom_headers, :validate => :hash, :default => {}
 
+  # Enable automatic cookie management between requests
+  config :cookies, :validate => :boolean, :default => false
+
+  # Eagerly offer the Authorization header before the server challenges for it when using Basic Auth
+  config :basic_auth_eager, :validate => :boolean, :default => true
+
   def build_client
     params["metric"] = metric
     @client ||= ::LogStash::Outputs::ElasticSearch::HttpClientBuilder.build(@logger, @hosts, params)

diff --git a/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb b/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb
@@ -60,7 +60,7 @@ def perform_request(url, method, path, params={}, body=nil)
           # We have to unescape the password here since manticore won't do it
           # for us unless its part of the URL
           :password => CGI.unescape(url.password), 
-          :eager => true 
+          :eager => params["basic_auth_eager"]
         }
       end
 

diff --git a/lib/logstash/outputs/elasticsearch/http_client_builder.rb b/lib/logstash/outputs/elasticsearch/http_client_builder.rb
@@ -4,6 +4,7 @@ module LogStash; module Outputs; class ElasticSearch;
   module HttpClientBuilder
     def self.build(logger, hosts, params)
       client_settings = {
+        :cookies => params["cookies"],
         :pool_max => params["pool_max"],
         :pool_max_per_route => params["pool_max_per_route"],
         :check_connection_timeout => params["validate_after_inactivity"],
@@ -146,6 +147,7 @@ def self.setup_basic_auth(logger, params)
       return {} unless user && password && password.value
 
       {
+        :basic_auth_eager => params["basic_auth_eager"],
         :user => CGI.escape(user),
         :password => CGI.escape(password.value)
       }

diff --git a/spec/unit/http_client_builder_spec.rb b/spec/unit/http_client_builder_spec.rb
@@ -13,9 +13,10 @@
       allow(secured).to receive(:value).and_return(password)
       secured
     end
+    let(:basic_auth_eager) { true }
     let(:options) { {"user" => user, "password" => password} }
     let(:logger) { mock("logger") }
-    let(:auth_setup) { klass.setup_basic_auth(double("logger"), {"user" => user, "password" => password_secured}) }
+    let(:auth_setup) { klass.setup_basic_auth(double("logger"), {"user" => user, "password" => password_secured, "basic_auth_eager" => basic_auth_eager}) }
 
     it "should return the user escaped" do
       expect(auth_setup[:user]).to eql(CGI.escape(user))

diff --git a/spec/unit/outputs/elasticsearch/http_client/manticore_adapter_spec.rb b/spec/unit/outputs/elasticsearch/http_client/manticore_adapter_spec.rb
@@ -3,7 +3,9 @@
 
 describe LogStash::Outputs::ElasticSearch::HttpClient::ManticoreAdapter do
   let(:logger) { Cabin::Channel.get }
-  let(:options) { {} }
+  let(:options) { {
+    "basic_auth_eager" => true
+  } }
 
   subject { described_class.new(logger, options) }
 
@@ -19,6 +21,10 @@
   describe "auth" do
     let(:user) { "myuser" }
     let(:password) { "mypassword" }
+    let(:basic_auth_eager) { true }
+    let(:params) { {
+      "basic_auth_eager" => basic_auth_eager
+    } }
     let(:noauth_uri) { clone = uri.clone; clone.user=nil; clone.password=nil; clone }
     let(:uri) { ::LogStash::Util::SafeURI.new("http://#{user}:#{password}@localhost:9200") }
 
@@ -32,15 +38,16 @@
 
       expect(subject.manticore).to receive(:get).
         with(expected_uri.to_s, {
+          "basic_auth_eager" => basic_auth_eager,
           :headers => {"Content-Type" => "application/json"},
           :auth => {
             :user => user,
             :password => password,
-            :eager => true
+            :eager => basic_auth_eager
           }
         }).and_return resp
 
-      subject.perform_request(uri, :get, "/")
+      subject.perform_request(uri, :get, "/", params)
     end
   end