support base64 encoded api key

lib/logstash/outputs/elasticsearch/http_client_builder.rb

@@ -190,7 +190,10 @@ def self.setup_api_key(logger, params)
 
       return {} unless (api_key && api_key.value)
 
-      { "Authorization" => "ApiKey " + Base64.strict_encode64(api_key.value) }
+      # support key_id:key for b64(key_id:key)
+      api_key_b64 = api_key.value.match?(/:/) ? Base64.strict_encode64(api_key.value) : api_key.value
+
+      { "Authorization" => "ApiKey " + api_key_b64 }
     end
 
     private

spec/unit/outputs/elasticsearch_spec.rb

@@ -1520,14 +1520,22 @@
   describe "API key" do
     let(:manticore_options) { subject.client.pool.adapter.manticore.instance_variable_get(:@options) }
     let(:api_key) { "some_id:some_api_key" }
-    let(:base64_api_key) { "ApiKey c29tZV9pZDpzb21lX2FwaV9rZXk=" }
+    let(:base64_api_key) { "c29tZV9pZDpzb21lX2FwaV9rZXk=" }
 
     shared_examples 'secure api-key authenticated client' do
       let(:do_register) { true }
 
       it 'adds the appropriate Authorization header to the manticore client' do
-        expect(manticore_options[:headers]).to eq({ "Authorization" => base64_api_key })
+        expect(manticore_options[:headers]).to eq({ "Authorization" => "ApiKey #{base64_api_key}" })
       end
+
+      context "when api_key is already base64 encoded" do
+        let(:api_key) { base64_api_key }
+        it 'passes the base64 encoded api to the headers as-is' do
+          expect(manticore_options[:headers]).to eq({ "Authorization" => "ApiKey #{base64_api_key}" })
+        end
+      end
+
       it 'is provides ssl_enabled=>true to the http client builder' do; aggregate_failures do
         expect(described_class::HttpClientBuilder).to have_received(:build).with(anything, anything, hash_including('ssl_enabled'=>true))
       end; end