Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(sources)!: add custom auth strategy for components with HTTP server #22236

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

feat(sources)!: add custom auth strategy for components with HTTP server #22236

wants to merge 4 commits into from
+784 −187

Conversation

esensar
Copy link
Contributor

@esensar esensar commented Jan 17, 2025

Summary

This adds custom auth strategy for components with HTTP server (http_server, datadog_agent, opentelemetry, prometheus) besides the default basic auth. This is a breaking change because strategy is now required for auth - for existing configurations strategy: "basic" needs to be added.

Change Type

  • Bug fix
  • New feature
  • Non-functional (chore, refactoring, docs)
  • Performance

Is this a breaking change?

  • Yes
  • No

How did you test this PR?

Besides the tests added to the codebase, I ran basic tests with http_server source component:

sources:
  http_server_source:
    type: "http_server"
    address: "0.0.0.0:80"
    auth:
      strategy: "custom"
      source: |-
        .headers.authorization == "test"

sinks:
  console:
    inputs: ["http_server_source"]
    target: "stdout"
    type: "console"
    acknowledgements:
      enabled: false
    encoding:
      codec: "json"

Tested by making calls via curl:

$ curl -X POST vector:80
{"code":401,"message":"Auth failed"}
$ curl -X POST vector:80 -H "Authorization: test"

Does this PR include user facing changes?

  • Yes. Please add a changelog fragment based on our guidelines.
  • No. A maintainer will apply the "no-changelog" label to this PR.

Checklist

  • Please read our Vector contributor resources.
    • make check-all is a good command to run locally. This check is
      defined here. Some of these
      checks might not be relevant to your PR. For Rust changes, at the very least you should run:
      • cargo fmt --all
      • cargo clippy --workspace --all-targets -- -D warnings
      • cargo nextest run --workspace (alternatively, you can run cargo test --all)
  • If this PR introduces changes Vector dependencies (modifies Cargo.lock), please
    run dd-rust-license-tool write to regenerate the license inventory and commit the changes (if any). More details here.

References

Related: #22213

@esensar
feat(sources)!: add custom auth strategy for components with HTTP server
1a76849 
This adds `custom` auth strategy for components with HTTP server (`http_server`, `datadog_agent`,
`opentelemetry`, `prometheus`) besides the default basic auth. This is a breaking change because
`strategy` is now required for auth - for existing configurations `strategy: "basic"` needs to be
added.

Related: vectordotdev#22213
@esensar esensar requested a review from a team as a code owner January 17, 2025 18:04
@github-actions github-actions bot added domain: topology Anything related to Vector's topology code domain: sources Anything related to the Vector's sources labels Jan 17, 2025
@esensar
Copy link
Contributor Author

esensar commented Jan 17, 2025

I have made this a breaking change, requiring explicit strategy, for consistency (I have had a similar situation in a previous contribution: #19892 (comment)). Let me know if you want me to add untagged for serde deserialization, to make this a non-breaking change.

@esensar esensar requested review from a team as code owners January 17, 2025 18:09
@github-actions github-actions bot added the domain: external docs Anything related to Vector's external, public documentation label Jan 17, 2025
@pront pront self-assigned this Jan 17, 2025
estherk15
estherk15 approved these changes Jan 17, 2025
View reviewed changes
website/cue/reference/components/sources/base/heroku_logs.cue
Comment on lines +34 to +35
HTTP authentication should be used with HTTPS only, as the authentication credentials are passed as an
HTTP header without any additional encryption beyond what is provided by the transport itself.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
HTTP authentication should be used with HTTPS only, as the authentication credentials are passed as an
HTTP header without any additional encryption beyond what is provided by the transport itself.
Use the HTTP authentication with HTTPS only. The authentication credentials are passed as an
HTTP header without any additional encryption beyond what is provided by the transport itself.

website/cue/reference/components/sources/base/heroku_logs.cue
basic: """
Basic authentication.

The username and password are concatenated and encoded via [base64][base64].
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The username and password are concatenated and encoded via [base64][base64].
The username and password are concatenated and encoded using [base64][base64].

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@estherk15 estherk15 estherk15 approved these changes

Assignees

@pront pront

Labels
domain: external docs Anything related to Vector's external, public documentation domain: sources Anything related to the Vector's sources domain: topology Anything related to Vector's topology code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@esensar @estherk15 @pront