From aaa7962316a64afd0aee53a530d254e69b86e58b Mon Sep 17 00:00:00 2001 From: John Wolfe Date: Tue, 14 Jul 2020 05:52:39 -0400 Subject: [PATCH] Adding support for additional authentication options in client (#56) * adding support for cloud,ssl, and auth fields in elastic client configuration + documentation * minor doc cleanup * removing ssl due to seeing another PR already open for that feature * added cli support and supporting documentation * tweak documentation to be more accurate * cli doc tweak to be less cloud specific * removed cloud reference in cli usage doc as well * removed cloud reference in reference link in readme * adding cli usage update to readme as well * making the apikey user/pass cli behavior consistent with the elastic client lib * added assertion that auth and cloud properties are allowed to pass through correctly to elastic client --- README.md | 60 +++++++++++++++++++++++++++++++++++++++++++++++ cli.js | 21 ++++++++++++++++- lib.js | 2 +- test/unit.test.js | 55 +++++++++++++++++++++++++++++++++++++++++++ usage.txt | 6 +++++ 5 files changed, 142 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b5a0f3b..d15996e 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,12 @@ npm install pino-elasticsearch -g -l | --trace-level trace level for the elasticsearch client, default 'error' (info, debug, trace). | --es-version specify the major version number of Elasticsearch (eg: 5, 6, 7) (this is needed only if you are using Elasticsearch <= 7) + -u | --username Username to specify with authentication method + (can only be used in tandem with the 'password' flag) + -p | --password Password to specify with authentication method + (can only be used in tandem with the 'username' flag) + -k | --api-key Api key for authentication instead of username/password combination + -c | --cloud Id of the elastic cloud node to connect to ``` @@ -106,6 +112,60 @@ If you need to use basic authentication to connect with the Elasticsearch cluste ``` cat log | pino-elasticsearch --node https://user:pwd@localhost:9200 ``` + +Alternatively you can supply a combination of `username` and `password` OR `api-key`: +``` +cat log | pino-elasticsearch --node https://localhost:9200 -u user -p pwd +``` +``` +cat log | pino-elasticsearch --node https://localhost:9200 --api-key=base64EncodedKey +``` + +Elastic cloud option `cloud` is also supported: +```sh +cat log | pino-elasticsearch --cloud=name:bG9jYWxob3N0JGFiY2QkZWZnaA== --api-key=base64EncodedKey +``` + +Note: When using the cli, if you pass username/password AND an apiKey the apiKey will take precedence over the username/password combination. + +You can also include the `auth` field in your configuration like so: +```js +const pinoElastic = require('pino-elasticsearch') + +const streamToElastic = pinoElastic({ + index: 'an-index', + consistency: 'one', + node: 'http://localhost:9200', + auth: { + username: 'user', + password: 'pwd' + }, + 'es-version': 7, + 'flush-bytes': 1000 +}) +``` + +Alternatively you can pass an `apiKey` instead: +```js +const pinoElastic = require('pino-elasticsearch') + +const streamToElastic = pinoElastic({ + index: 'an-index', + consistency: 'one', + node: 'http://localhost:9200', + cloud: { + id: 'name:bG9jYWxob3N0JGFiY2QkZWZnaA==' + }, + auth: { + apiKey: 'apikey123' + }, + 'es-version': 7, + 'flush-bytes': 1000 +}) +``` + +For a full list of authentication options when using elastic, check out the [authentication configuration docs](https://www.elastic.co/guide/en/elasticsearch/client/javascript-api/current/auth-reference.html) + ## Setup and Testing Setting up pino-elasticsearch is easy, and you can use the bundled diff --git a/cli.js b/cli.js index e6e331b..4507e11 100755 --- a/cli.js +++ b/cli.js @@ -18,6 +18,21 @@ function start (opts) { return } + if (opts.username && opts.password) { + opts.auth = { + username: opts.username, + password: opts.password + } + } + + if (opts['api-key']) { + opts.auth = { apiKey: opts['api-key'] } + } + + if (opts.cloud) { + opts.cloud = { id: opts.cloud } + } + pump(process.stdin, pinoElasticSearch(opts)) } @@ -29,7 +44,11 @@ start(minimist(process.argv.slice(2), { index: 'i', 'bulk-size': 'b', 'flush-bytes': 'f', - 'trace-level': 'l' + 'trace-level': 'l', + username: 'u', + password: 'p', + 'api-key': 'k', + cloud: 'c' }, default: { node: 'http://localhost:9200' diff --git a/lib.js b/lib.js index 0b7cdcb..9adcaee 100644 --- a/lib.js +++ b/lib.js @@ -52,7 +52,7 @@ function pinoElasticSearch (opts) { return value }) - const client = new Client({ node: opts.node }) + const client = new Client({ node: opts.node, auth: opts.auth, cloud: opts.cloud }) const esVersion = Number(opts['es-version']) || 7 const index = opts.index || 'pino' diff --git a/test/unit.test.js b/test/unit.test.js index 30b4e6b..11148f2 100644 --- a/test/unit.test.js +++ b/test/unit.test.js @@ -144,3 +144,58 @@ test('ecs format', (t) => { another log...` log.info(['info'], prettyLog) }) + +test('auth and cloud parameters are properly passed to client', (t) => { + const opts = { + index: 'pinotest', + type: 'log', + consistency: 'one', + node: 'http://localhost:9200', + auth: { + username: 'user', + password: 'pass' + }, + cloud: { + id: 'name:aHR0cHM6Ly9leGFtcGxlLmNvbQ==' + } + } + + t.plan(3) + const Client = function (config) { + t.equal(config.node, opts.node) + t.equal(config.auth, opts.auth) + t.equal(config.cloud, opts.cloud) + } + Client.prototype.helpers = { + async bulk (opts) {} + } + const elastic = proxyquire('../', { + '@elastic/elasticsearch': { Client } + }) + elastic(opts) +}) + +test('apikey is passed through auth param properly to client', (t) => { + const opts = { + index: 'pinotest', + type: 'log', + consistency: 'one', + node: 'http://localhost:9200', + auth: { + apiKey: 'aHR0cHM6Ly9leGFtcGxlLmNvbQ' + } + } + + t.plan(2) + const Client = function (config) { + t.equal(config.node, opts.node) + t.equal(config.auth, opts.auth) + } + Client.prototype.helpers = { + async bulk (opts) {} + } + const elastic = proxyquire('../', { + '@elastic/elasticsearch': { Client } + }) + elastic(opts) +}) diff --git a/usage.txt b/usage.txt index 7c1adc3..9cd14b6 100644 --- a/usage.txt +++ b/usage.txt @@ -18,3 +18,9 @@ -l | --trace-level trace level for the elasticsearch client, default 'error' (info, debug, trace). --es-version specify the major version number of Elasticsearch (eg: 5, 6, 7) (this is needed only if you are using Elasticsearch <= 7) + -u | --username Username to specify with authentication method + (can only be used in tandem with the 'password' flag) + -p | --password Password to specify with authentication method + (can only be used in tandem with the 'username' flag) + -k | --api-key Api key for authentication instead of username/password combination + -c | --cloud Id of the elastic cloud node to connect to