From 17fab5cc525b98b6abaae5f7dd5ed41251171221 Mon Sep 17 00:00:00 2001 From: Kostiantyn Masliuk <1pkg@protonmail.com> Date: Mon, 15 Jul 2024 16:31:12 +0000 Subject: [PATCH] fix: Add additional config remapping for "api_key" and "secret_token" for libbeat instrumentation wrapper (#13691) Add additional config remapping for "api_key" and "secret_token" for libbeat instrumentation wrapper. --- changelogs/8.15.asciidoc | 2 +- internal/beater/beater.go | 18 +++++++++++++++--- internal/beater/beater_test.go | 8 ++++++-- 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/changelogs/8.15.asciidoc b/changelogs/8.15.asciidoc index cefc7469a98..9abaa71e41f 100644 --- a/changelogs/8.15.asciidoc +++ b/changelogs/8.15.asciidoc @@ -33,5 +33,5 @@ https://github.com/elastic/apm-server/compare/v8.14.3\...v8.15.0[View commits] - Upgraded bundled APM Java agent attacher CLI to version 1.50.0 {pull}13326[13326] - Enable Kibana curated UIs to work with hostmetrics from OpenTelemetry's https://pkg.go.dev/go.opentelemetry.io/collector/receiver/hostmetricsreceiver[hostmetricsreceiver] {pull}13196[13196] - Add require data stream to bulk index requests {pull}13398[13398] -- Support self-instrumentation when in managed mode by getting tracing configs via reloader {pull}13514[13514] {pull}13653[13653] +- Support self-instrumentation when in managed mode by getting tracing configs via reloader {pull}13514[13514] {pull}13653[13653] {pull}13691[13691] - Add mapping for OpenTelemetry attribute `messaging.destination.name` to derive `service.target` correctly {pull}13472[13472] diff --git a/internal/beater/beater.go b/internal/beater/beater.go index 3c94c336086..efe1191e1b9 100644 --- a/internal/beater/beater.go +++ b/internal/beater/beater.go @@ -546,8 +546,10 @@ func newInstrumentation(rawConfig *agentconfig.C) (instrumentation.Instrumentati // // Note that original config keys were additionally marshalled by // https://github.com/elastic/elastic-agent/blob/main/pkg/component/runtime/apm_config_mapper.go#L18 - // that's why the keys are different from the original APMConfig struct. + // that's why some keys are different from the original APMConfig struct including "api_key" and "secret_token". var apmCfg struct { + APIKey string `config:"apikey"` + SecretToken string `config:"secrettoken"` GlobalLabels string `config:"globallabels"` TLS struct { SkipVerify bool `config:"skipverify"` @@ -556,19 +558,29 @@ func newInstrumentation(rawConfig *agentconfig.C) (instrumentation.Instrumentati } `config:"tls"` } cfg, err := rawConfig.Child("instrumentation", -1) - if err != nil { - // Fallback to instrumentation.New if the configs are not present. + if err != nil || !cfg.Enabled() { + // Fallback to instrumentation.New if the configs are not present or disabled. return instrumentation.New(rawConfig, "apm-server", version.Version) } if err := cfg.Unpack(&apmCfg); err != nil { return nil, err } const ( + envAPIKey = "ELASTIC_APM_API_KEY" + envSecretToken = "ELASTIC_APM_SECRET_TOKEN" envVerifyServerCert = "ELASTIC_APM_VERIFY_SERVER_CERT" envServerCert = "ELASTIC_APM_SERVER_CERT" envCACert = "ELASTIC_APM_SERVER_CA_CERT_FILE" envGlobalLabels = "ELASTIC_APM_GLOBAL_LABELS" ) + if apmCfg.APIKey != "" { + os.Setenv(envAPIKey, apmCfg.APIKey) + defer os.Unsetenv(envAPIKey) + } + if apmCfg.SecretToken != "" { + os.Setenv(envSecretToken, apmCfg.SecretToken) + defer os.Unsetenv(envSecretToken) + } if apmCfg.TLS.SkipVerify { os.Setenv(envVerifyServerCert, "false") defer os.Unsetenv(envVerifyServerCert) diff --git a/internal/beater/beater_test.go b/internal/beater/beater_test.go index c7aa453c163..4fec5b897f8 100644 --- a/internal/beater/beater_test.go +++ b/internal/beater/beater_test.go @@ -237,6 +237,7 @@ func TestRunnerNewDocappenderConfig(t *testing.T) { } func TestNewInstrumentation(t *testing.T) { + var auth string labels := make(chan map[string]string, 1) defer close(labels) s := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -249,6 +250,7 @@ func TestNewInstrumentation(t *testing.T) { zr, _ := zlib.NewReader(r.Body) _ = json.NewDecoder(zr).Decode(&b) labels <- b.Metadata.Labels + auth = r.Header.Get("Authorization") } w.WriteHeader(http.StatusOK) })) @@ -260,8 +262,9 @@ func TestNewInstrumentation(t *testing.T) { assert.NoError(t, err) cfg := agentconfig.MustNewConfigFrom(map[string]interface{}{ "instrumentation": map[string]interface{}{ - "enabled": true, - "hosts": []string{s.URL}, + "enabled": true, + "hosts": []string{s.URL}, + "secrettoken": "secret", "tls": map[string]interface{}{ "servercert": certPath, }, @@ -274,4 +277,5 @@ func TestNewInstrumentation(t *testing.T) { tracer.StartTransaction("name", "type").End() tracer.Flush(nil) assert.Equal(t, map[string]string{"k1": "val", "k2": "new val"}, <-labels) + assert.Equal(t, "Bearer secret", auth) }