From 4d280215d1dd358e757af34cdb87c1c798c24398 Mon Sep 17 00:00:00 2001
From: andrefsp <andrefsp@gmail.com>
Date: Fri, 13 Sep 2024 15:14:16 +0100
Subject: [PATCH] ApiKey: Add ApiKey authentication.

---
 plugins/doc_fragments/login_options.py |  6 +++++
 plugins/module_utils/elastic_common.py | 33 ++++++++++++++++----------
 2 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/plugins/doc_fragments/login_options.py b/plugins/doc_fragments/login_options.py
index 21483a87..d664b296 100644
--- a/plugins/doc_fragments/login_options.py
+++ b/plugins/doc_fragments/login_options.py
@@ -13,6 +13,7 @@ class ModuleDocFragment(object):
     choices:
        - ''
        - http_auth
+       - api_key
     default: ''
   auth_scheme:
     description:
@@ -57,6 +58,11 @@ class ModuleDocFragment(object):
     required: no
     type: int
     default: 9200
+  api_key:
+    description:
+      - The ApiKey to authenticate with the server.
+    required: no
+    type: str
   timeout:
     description:
       - Response timeout in seconds.
diff --git a/plugins/module_utils/elastic_common.py b/plugins/module_utils/elastic_common.py
index 94236464..9f755b7d 100644
--- a/plugins/module_utils/elastic_common.py
+++ b/plugins/module_utils/elastic_common.py
@@ -27,9 +27,10 @@ def elastic_common_argument_spec():
     Returns a dict containing common options shared across the elastic modules
     """
     options = dict(
-        auth_method=dict(type='str', choices=['', 'http_auth'], default=''),
+        auth_method=dict(type='str', choices=['', 'http_auth', 'api_key'], default=''),
         auth_scheme=dict(type='str', choices=['http', 'https'], default='http'),
         cafile=dict(type='str', default=None),
+        api_key=dict(type='str', default=None, no_log=True),
         connection_options=dict(type='list', elements='dict', default=[]),
         login_user=dict(type='str', required=False),
         login_password=dict(type='str', required=False, no_log=True),
@@ -53,17 +54,25 @@ def build_auth(self, module):
         Build the auth list for elastic according to the passed in parameters
         '''
         auth = {}
-        if module.params['auth_method'] != '':
-            if module.params['auth_method'] == 'http_auth':
-                auth["http_auth"] = (module.params['login_user'],
-                                     module.params['login_password'])
-
-                if module.params['cafile'] is not None:
-                    from ssl import create_default_context
-                    context = create_default_context(module.params['cafile'])
-                    auth["ssl_context"] = context
-            else:
-                module.fail_json("Invalid or unsupported auth_method provided")
+        if not module.params['auth_method']:
+            return auth
+
+        if module.params['auth_method'] == 'http_auth':
+            # username/password authentication.
+            auth["http_auth"] = (module.params['login_user'],
+                                 module.params['login_password'])
+        elif module.params['auth_method'] == 'api_key':
+            # api key authentication.
+            auth["api_key"] = module.params['api_key']
+        else:
+            module.fail_json("Invalid or unsupported auth_method provided")
+
+        # CA file has been provided. Add it to auth dict
+        if module.params['cafile'] is not None:
+            from ssl import create_default_context
+            context = create_default_context(module.params['cafile'])
+            auth["ssl_context"] = context
+
         return auth
 
     def connect(self):