Merge pull request #11 from logicmonitor/DEV-135160_Bearer_Token

Add bearer token support for auth

Author: siddharthck

CHANGELOG.md

@@ -1,2 +1,14 @@
 ## 1.0.0
 - First version of the plugin
+## 1.0.1
+- Proxy support
+## 1.0.2
+- Update debug logs
+## 1.1.0
+- Disable mfa for gem push
+## 1.2.0
+- Add metadata by default to every log 
+## 1.2.1
+- Fix ensuring metadata exists before deleting the original while forwarding to lm-logs
+## 1.3.0
+- Add bearer token support for authentication with Logicmonitor

lib/logstash/outputs/lmlogs.rb

@@ -30,7 +30,7 @@ class InvalidHTTPConfigError < StandardError; end
 
   # Keep logstash timestamp
   config :keep_timestamp, :validate => :boolean, :default => true
-  
+
   # Use a configured message key for timestamp values
   # Valid timestamp formats are ISO8601 strings or epoch in seconds, milliseconds or nanoseconds
   config :timestamp_is_key, :validate => :boolean, :default => false
@@ -91,13 +91,16 @@ class InvalidHTTPConfigError < StandardError; end
   config :portal_name, :validate => :string, :required => true
 
   # Username to use for HTTP auth.
-  config :access_id, :validate => :string, :required => true
+  config :access_id, :validate => :string, :required => false, :default => nil
 
   # Include/Exclude metadata from sending to LM Logs
   config :include_metadata, :validate => :boolean, :default => true
 
   # Password to use for HTTP auth
-  config :access_key, :validate => :password, :required => true
+  config :access_key, :validate => :password, :required => false, :default => nil
+
+  # Use bearer token instead of access key/id for authentication.
+  config :bearer_token, :validate => :password, :required => false, :default => nil
 
   @@MAX_PAYLOAD_SIZE = 8*1024*1024
 
@@ -110,9 +113,9 @@ def register
     @total_failed = 0
     logger.info("Initialized LogicMonitor output plugin with configuration",
                 :host => @host)
-    logger.info("Max Payload Size: ", 
+    logger.info("Max Payload Size: ",
                 :size => @@MAX_PAYLOAD_SIZE)
-
+    configure_auth
   end # def register
 
   def client_config
@@ -137,19 +140,7 @@ def client_config
                       @proxy
     end
 
-    if @access_id
-      if !@access_key || !@access_key.value
-        raise ::LogStash::ConfigurationError, "access_id '#{@access_id}' specified without access_key!"
-      end
-
-      # Symbolize keys if necessary
-      # c[:auth] = {
-      #     :user => @access_id,
-      #     :password => @access_key.value,
-      #     :eager => true
-      # }
-    end
-	  log_debug("manticore client config: ", :client => c)              
+    log_debug("manticore client config: ", :client => c)
     return c
   end
 
@@ -168,21 +159,35 @@ def close
     @client.close
   end
 
-
+  def configure_auth
+    @use_bearer_instead_of_lmv1 = false
+    if @access_id == nil || @access_key.value == nil
+      @logger.info "Access Id or access key null. Using bearer token for authentication."
+      @use_bearer_instead_of_lmv1 = true
+    end  
+    if @use_bearer_instead_of_lmv1 && @bearer_token.value == nil 
+      @logger.error "Bearer token not specified. Either access_id and access_key both or bearer_token must be specified for authentication with Logicmonitor."
+      raise LogStash::ConfigurationError, 'No valid authentication specified. Either access_id and access_key both or bearer_token must be specified for authentication with Logicmonitor.'
+    end
+  end  
   def generate_auth_string(body)
-    timestamp = DateTime.now.strftime('%Q')
-    hash_this = "POST#{timestamp}#{body}/log/ingest"
-    sign_this = OpenSSL::HMAC.hexdigest(
-                  OpenSSL::Digest.new('sha256'),
-                  "#{@access_key.value}",
-                  hash_this
-                )
-    signature = Base64.strict_encode64(sign_this)
-    "LMv1 #{@access_id}:#{signature}:#{timestamp}"
+    if @use_bearer_instead_of_lmv1
+      return "Bearer #{@bearer_token.value}"
+    else
+      timestamp = DateTime.now.strftime('%Q')
+      hash_this = "POST#{timestamp}#{body}/log/ingest"
+      sign_this = OpenSSL::HMAC.hexdigest(
+                    OpenSSL::Digest.new('sha256'),
+                    "#{@access_key.value}",
+                    hash_this
+                  )
+      signature = Base64.strict_encode64(sign_this)
+      return "LMv1 #{@access_id}:#{signature}:#{timestamp}"
+    end
   end
 
   def send_batch(events)
-    log_debug("Started sending logs to LM: ", 
+    log_debug("Started sending logs to LM: ",
                   :time => Time::now.utc)
     url = "https://" + @portal_name + ".logicmonitor.com/rest/log/ingest"
     body = events.to_json
@@ -249,7 +254,7 @@ def log_debug(message, *opts)
     elsif debug
       @logger.debug(message, *opts)
     end
-  end 
+  end
 
   public
   def multi_receive(events)
@@ -268,7 +273,7 @@ def multi_receive(events)
          lmlogs_event.delete("@timestamp")  # remove redundant timestamp field
          if lmlogs_event.dig("event", "original") != nil
             lmlogs_event["event"].delete("original") # remove redundant log field
-         end 
+         end
         end
 
         lmlogs_event["message"] = event.get(@message_key).to_s
@@ -278,7 +283,7 @@ def multi_receive(events)
         if @keep_timestamp
           lmlogs_event["timestamp"] = event.get("@timestamp")
         end
-        
+
         if @timestamp_is_key
           lmlogs_event["timestamp"] = event.get(@timestamp_key.to_s)
         end
@@ -295,10 +300,10 @@ def log_failure(message, opts)
   end
 
   def isValidPayloadSize(documents,lmlogs_event,max_payload_size)
-    if (documents.to_json.bytesize + lmlogs_event.to_json.bytesize) >  max_payload_size 
+    if (documents.to_json.bytesize + lmlogs_event.to_json.bytesize) >  max_payload_size
           send_batch(documents)
           documents = []
-          
+
     end
     documents.push(lmlogs_event)
     return documents

logstash-output-lmlogs.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = 'logstash-output-lmlogs'
-  s.version         = '1.2.1'
+  s.version         = '1.3.0'
   s.licenses = ['Apache-2.0']
   s.summary = "Logstash output plugin for LM Logs"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

spec/outputs/auth_spec.rb

@@ -0,0 +1,60 @@
+# encoding: utf-8
+require "logstash/devutils/rspec/spec_helper"
+require "logstash/outputs/lmlogs"
+require "logstash/event"
+
+describe LogStash::Outputs::LMLogs do
+
+    let(:sample_lm_logs_event){{"message" => "hello this is log 1", "_lm.resourceId" => {"test.property" => "host1"}, "timestamp" => "2021-03-22T04:28:55.907121106Z"}}
+
+    def create_output_plugin_with_conf(conf)
+        return LogStash::Outputs::LMLogs.new(conf)
+    end 
+
+    it "with no auth specified" do
+        puts "auth test"
+        plugin = create_output_plugin_with_conf({
+            "portal_name" => "localhost"
+        })
+        expect { plugin.configure_auth() }.to raise_error(LogStash::ConfigurationError)
+    end
+
+    it "access_key id is specified with no bearer" do
+        puts "auth test"
+        plugin = create_output_plugin_with_conf({
+            "portal_name" => "localhost",
+            "access_id" => "abcd",
+            "access_key" => "abcd"
+        })
+        plugin.configure_auth()
+        auth_string  = plugin.generate_auth_string([sample_lm_logs_event])
+
+        expect(auth_string).to start_with("LMv1 abcd:")
+    end
+
+    it "when access id /key not specified but bearer specified" do
+        plugin = create_output_plugin_with_conf({
+            "portal_name" => "localhost",
+            "access_id" => "abcd",
+            "bearer_token" => "abcd"
+        })
+        plugin.configure_auth()
+        auth_string  = plugin.generate_auth_string([sample_lm_logs_event])
+
+        expect(auth_string).to eq("Bearer abcd")
+    end
+
+    it "when access id /key bearer all specified, use lmv1" do
+        puts "auth test"
+        plugin = create_output_plugin_with_conf({
+            "portal_name" => "localhost",
+            "access_id" => "abcd",
+            "access_key" => "abcd",
+            "bearer_token" => "abcd"
+        })
+        plugin.configure_auth()
+        auth_string  = plugin.generate_auth_string([sample_lm_logs_event])
+
+        expect(auth_string).to start_with("LMv1 abcd:")
+    end
+end