From b4abfb192ff216b6551268c0e8c32e7447415ee0 Mon Sep 17 00:00:00 2001 From: Ken Rowland Date: Mon, 2 Dec 2024 15:09:53 -0500 Subject: [PATCH] Added immediate return if no auth config present and change log statement --- system/metrics/sinks/elastic/elasticSink.cpp | 76 ++++++++++---------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/system/metrics/sinks/elastic/elasticSink.cpp b/system/metrics/sinks/elastic/elasticSink.cpp index 6cc48f1f4c3..989e45304b2 100644 --- a/system/metrics/sinks/elastic/elasticSink.cpp +++ b/system/metrics/sinks/elastic/elasticSink.cpp @@ -90,57 +90,57 @@ bool ElasticMetricSink::getHostConfig(const IPropertyTree *pSettingsTree) // Get authentication settings, if present Owned pAuthConfigTree = pSettingsTree->getPropTree("authentication"); - if (pAuthConfigTree) + if (!pAuthConfigTree) + return true; + + // Retrieve the authentication type and validate (only basic is supported) + if (!pAuthConfigTree->getProp("@type", authenticationType) || !streq(authenticationType, "basic")) + { + WARNLOG("ElasticMetricSink: Only basic authentication is supported"); + return false; + } + + StringBuffer credentialsSecretKey; + pAuthConfigTree->getProp("@credentialsSecret", credentialsSecretKey); // vault/secrets key + if (!credentialsSecretKey.isEmpty()) { - // Retrieve the authentication type and validate (only basic is supported) - if (!pAuthConfigTree->getProp("@type", authenticationType) || !streq(authenticationType, "basic")) + StringBuffer credentialsVaultId; + pAuthConfigTree->getProp("@credentialsVaultId", credentialsVaultId);//optional HashiCorp vault ID + + PROGLOG("Retrieving ElasticSearch host authentication username/password from secrets tree '%s', from vault '%s'", + credentialsSecretKey.str(), !credentialsVaultId.isEmpty() ? credentialsVaultId.str() : ""); + + Owned secretTree(getSecret("authn", credentialsSecretKey.str(), credentialsVaultId, nullptr)); + if (secretTree == nullptr) { - WARNLOG("ElasticMetricSink: Only basic authentication is supported"); + WARNLOG("ElasticMetricSink: Unable to load secret tree '%s', from vault '%s'", credentialsSecretKey.str(), + !credentialsVaultId.isEmpty() ? credentialsVaultId.str() : "n/a"); return false; } - StringBuffer credentialsSecretKey; - pAuthConfigTree->getProp("@credentialsSecret", credentialsSecretKey); // vault/secrets key - if (!credentialsSecretKey.isEmpty()) + // authentication type defines the secret key name/value pairs to retrieve + if (streq(authenticationType, "basic")) { - StringBuffer credentialsVaultId; - pAuthConfigTree->getProp("@credentialsVaultId", credentialsVaultId);//optional HashiCorp vault ID - - DBGLOG("Retrieving ElasticSearch host authentication username/password from secrets tree '%s', from vault '%s'", - credentialsSecretKey.str(), !credentialsVaultId.isEmpty() ? credentialsVaultId.str() : ""); - - Owned secretTree(getSecret("authn", credentialsSecretKey.str(), credentialsVaultId, nullptr)); - if (secretTree == nullptr) + if (!getSecretKeyValue(username, secretTree, "username") || !getSecretKeyValue(password, secretTree, "password")) { - WARNLOG("ElasticMetricSink: Unable to load secret tree '%s', from vault '%s'", credentialsSecretKey.str(), - !credentialsVaultId.isEmpty() ? credentialsVaultId.str() : "n/a"); + WARNLOG("ElasticMetricSink: Missing username and/or password from secrets tree '%s', vault '%s'", + credentialsSecretKey.str(), !credentialsVaultId.isEmpty() ? credentialsVaultId.str() : "n/a"); return false; } - - // authentication type defines the secret key name/value pairs to retrieve - if (streq(authenticationType, "basic")) - { - if (!getSecretKeyValue(username, secretTree, "username") || !getSecretKeyValue(password, secretTree, "password")) - { - WARNLOG("ElasticMetricSink: Missing username and/or password from secrets tree '%s', vault '%s'", - credentialsSecretKey.str(), !credentialsVaultId.isEmpty() ? credentialsVaultId.str() : "n/a"); - return false; - } - } } - else + } + else + { + // if basic auth, username and password are stored directly in the configuration + if (streq(authenticationType, "basic")) { - // if basic auth, username and password are stored directly in the configuration - if (streq(authenticationType, "basic")) + StringBuffer encryptedPassword; + if (!pAuthConfigTree->getProp("@username", username) || !pAuthConfigTree->getProp("@password", encryptedPassword)) { - StringBuffer encryptedPassword; - if (!pAuthConfigTree->getProp("@username", username) || !pAuthConfigTree->getProp("@password", encryptedPassword)) - { - WARNLOG("ElasticMetricSink: Missing username and/or password from configuration"); - return false; - } - decrypt(password, encryptedPassword.str()); //MD5 encrypted in config + WARNLOG("ElasticMetricSink: Missing username and/or password from configuration"); + return false; } + decrypt(password, encryptedPassword.str()); //MD5 encrypted in config } } return true;