-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ApiKey: Add ApiKey authentication. #103
ApiKey: Add ApiKey authentication. #103
Conversation
Hi @andre-dialpad, See output from sanity tests... minor documentation stuff. I guess it would make sense to add no_log as mentioned. It would be a good idea to add a test for this feature. Cheers, Rhys |
cbb7d70
to
4d28021
Compare
Needs a test before commit. If/when I get time I might do something based on... |
@rhysmeister I understand. I didn't add such test as it feels that in order to do so it would also be required to build a sort of a "elastic_api_key" module and by that point it would make these changes very large. So it has to be something like the:
There is also the problem that the API key is only exposed at the moment of it's creation. |
Hi @andre-dialpad, I did also think of an elastic_api_key module. That would be cool however I think a bash command, to create an api key, would suffice for a test. We just need to make sure that this method of auth is functional. Rhys |
It seems there are differences in the way the api_key is used in different versions of the Python api https://www.elastic.co/guide/en/elasticsearch/client/python-api/7.17/connecting.html#auth-apikey |
Hello @andre-dialpad, I don't think this change will work with v7 of the python driver. It doesn't appear to work with 8 either... The error message is not helpful...
UPDATE It appears the api_key needs to be base64 encoded to work... This run worked - https://github.com/ansible-collections/community.elastic/actions/runs/11195839763/job/31123984166?pr=103 This should probably be handled in some way to avoid this confusion. Rhys |
Hi @andre-dialpad, I guess to wrap this up we should either...
In all cases we should add a few notes to the documentation for api_key. Rhys UPDATE I renamed it api_key_encoded and updated the documentation. |
I also created a issue for an elastic_api_key module. Feel free to take it if you're time-rich (I'm not). Cheers, Rhys |
SUMMARY
This PR adds "api_key" authentication for elastic search clusters. This is a necessary feature for when Elasticsearch is not managed via user/password combination.
ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION
It adds api_key as a auth_method but also a value.