From 88f252037e6d9e8e71f1082cb144abf592f6b175 Mon Sep 17 00:00:00 2001
From: Kostiantyn Masliuk <1pkg@protonmail.com>
Date: Fri, 12 Jul 2024 11:21:56 -0700
Subject: [PATCH 1/3] Add additional config remapping for "api_key" and
 "secret_token" for libbeat instrumentation wrapper

---
 internal/beater/beater.go      | 18 +++++++++++++++---
 internal/beater/beater_test.go |  8 ++++++--
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/internal/beater/beater.go b/internal/beater/beater.go
index 3c94c336086..a502d9cebb4 100644
--- a/internal/beater/beater.go
+++ b/internal/beater/beater.go
@@ -546,8 +546,10 @@ func newInstrumentation(rawConfig *agentconfig.C) (instrumentation.Instrumentati
 	//
 	// Note that original config keys were additionally marshalled by
 	// https://github.com/elastic/elastic-agent/blob/main/pkg/component/runtime/apm_config_mapper.go#L18
-	// that's why the keys are different from the original APMConfig struct.
+	// that's why some keys are different from the original APMConfig struct including "api_key" and "secret_token".
 	var apmCfg struct {
+		ApiKey       string `config:"apikey"`
+		SecretToken  string `config:"secrettoken"`
 		GlobalLabels string `config:"globallabels"`
 		TLS          struct {
 			SkipVerify        bool   `config:"skipverify"`
@@ -556,19 +558,29 @@ func newInstrumentation(rawConfig *agentconfig.C) (instrumentation.Instrumentati
 		} `config:"tls"`
 	}
 	cfg, err := rawConfig.Child("instrumentation", -1)
-	if err != nil {
-		// Fallback to instrumentation.New if the configs are not present.
+	if err != nil || !cfg.Enabled() {
+		// Fallback to instrumentation.New if the configs are not present or disabled.
 		return instrumentation.New(rawConfig, "apm-server", version.Version)
 	}
 	if err := cfg.Unpack(&apmCfg); err != nil {
 		return nil, err
 	}
 	const (
+		envApiKey           = "ELASTIC_APM_API_KEY"
+		envSecretToken      = "ELASTIC_APM_SECRET_TOKEN"
 		envVerifyServerCert = "ELASTIC_APM_VERIFY_SERVER_CERT"
 		envServerCert       = "ELASTIC_APM_SERVER_CERT"
 		envCACert           = "ELASTIC_APM_SERVER_CA_CERT_FILE"
 		envGlobalLabels     = "ELASTIC_APM_GLOBAL_LABELS"
 	)
+	if apmCfg.ApiKey != "" {
+		os.Setenv(envApiKey, apmCfg.ApiKey)
+		defer os.Unsetenv(envApiKey)
+	}
+	if apmCfg.SecretToken != "" {
+		os.Setenv(envSecretToken, apmCfg.SecretToken)
+		defer os.Unsetenv(envSecretToken)
+	}
 	if apmCfg.TLS.SkipVerify {
 		os.Setenv(envVerifyServerCert, "false")
 		defer os.Unsetenv(envVerifyServerCert)
diff --git a/internal/beater/beater_test.go b/internal/beater/beater_test.go
index c7aa453c163..4fec5b897f8 100644
--- a/internal/beater/beater_test.go
+++ b/internal/beater/beater_test.go
@@ -237,6 +237,7 @@ func TestRunnerNewDocappenderConfig(t *testing.T) {
 }
 
 func TestNewInstrumentation(t *testing.T) {
+	var auth string
 	labels := make(chan map[string]string, 1)
 	defer close(labels)
 	s := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -249,6 +250,7 @@ func TestNewInstrumentation(t *testing.T) {
 			zr, _ := zlib.NewReader(r.Body)
 			_ = json.NewDecoder(zr).Decode(&b)
 			labels <- b.Metadata.Labels
+			auth = r.Header.Get("Authorization")
 		}
 		w.WriteHeader(http.StatusOK)
 	}))
@@ -260,8 +262,9 @@ func TestNewInstrumentation(t *testing.T) {
 	assert.NoError(t, err)
 	cfg := agentconfig.MustNewConfigFrom(map[string]interface{}{
 		"instrumentation": map[string]interface{}{
-			"enabled": true,
-			"hosts":   []string{s.URL},
+			"enabled":     true,
+			"hosts":       []string{s.URL},
+			"secrettoken": "secret",
 			"tls": map[string]interface{}{
 				"servercert": certPath,
 			},
@@ -274,4 +277,5 @@ func TestNewInstrumentation(t *testing.T) {
 	tracer.StartTransaction("name", "type").End()
 	tracer.Flush(nil)
 	assert.Equal(t, map[string]string{"k1": "val", "k2": "new val"}, <-labels)
+	assert.Equal(t, "Bearer secret", auth)
 }

From 9c45cc726f66a916400e1c8a74aeeb7ec8b4294d Mon Sep 17 00:00:00 2001
From: Kostiantyn Masliuk <1pkg@protonmail.com>
Date: Fri, 12 Jul 2024 11:44:22 -0700
Subject: [PATCH 2/3] Update changelog entry

---
 changelogs/8.15.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/changelogs/8.15.asciidoc b/changelogs/8.15.asciidoc
index cefc7469a98..9abaa71e41f 100644
--- a/changelogs/8.15.asciidoc
+++ b/changelogs/8.15.asciidoc
@@ -33,5 +33,5 @@ https://github.com/elastic/apm-server/compare/v8.14.3\...v8.15.0[View commits]
 - Upgraded bundled APM Java agent attacher CLI to version 1.50.0 {pull}13326[13326]
 - Enable Kibana curated UIs to work with hostmetrics from OpenTelemetry's https://pkg.go.dev/go.opentelemetry.io/collector/receiver/hostmetricsreceiver[hostmetricsreceiver] {pull}13196[13196]
 - Add require data stream to bulk index requests {pull}13398[13398]
-- Support self-instrumentation when in managed mode by getting tracing configs via reloader {pull}13514[13514] {pull}13653[13653]
+- Support self-instrumentation when in managed mode by getting tracing configs via reloader {pull}13514[13514] {pull}13653[13653] {pull}13691[13691]
 - Add mapping for OpenTelemetry attribute `messaging.destination.name` to derive `service.target` correctly {pull}13472[13472]

From a32ebaecbf61851982f8fdad0e01fbba176a71e9 Mon Sep 17 00:00:00 2001
From: Kostiantyn Masliuk <1pkg@protonmail.com>
Date: Fri, 12 Jul 2024 11:47:24 -0700
Subject: [PATCH 3/3] Address linter naming complain

---
 internal/beater/beater.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/internal/beater/beater.go b/internal/beater/beater.go
index a502d9cebb4..efe1191e1b9 100644
--- a/internal/beater/beater.go
+++ b/internal/beater/beater.go
@@ -548,7 +548,7 @@ func newInstrumentation(rawConfig *agentconfig.C) (instrumentation.Instrumentati
 	// https://github.com/elastic/elastic-agent/blob/main/pkg/component/runtime/apm_config_mapper.go#L18
 	// that's why some keys are different from the original APMConfig struct including "api_key" and "secret_token".
 	var apmCfg struct {
-		ApiKey       string `config:"apikey"`
+		APIKey       string `config:"apikey"`
 		SecretToken  string `config:"secrettoken"`
 		GlobalLabels string `config:"globallabels"`
 		TLS          struct {
@@ -566,16 +566,16 @@ func newInstrumentation(rawConfig *agentconfig.C) (instrumentation.Instrumentati
 		return nil, err
 	}
 	const (
-		envApiKey           = "ELASTIC_APM_API_KEY"
+		envAPIKey           = "ELASTIC_APM_API_KEY"
 		envSecretToken      = "ELASTIC_APM_SECRET_TOKEN"
 		envVerifyServerCert = "ELASTIC_APM_VERIFY_SERVER_CERT"
 		envServerCert       = "ELASTIC_APM_SERVER_CERT"
 		envCACert           = "ELASTIC_APM_SERVER_CA_CERT_FILE"
 		envGlobalLabels     = "ELASTIC_APM_GLOBAL_LABELS"
 	)
-	if apmCfg.ApiKey != "" {
-		os.Setenv(envApiKey, apmCfg.ApiKey)
-		defer os.Unsetenv(envApiKey)
+	if apmCfg.APIKey != "" {
+		os.Setenv(envAPIKey, apmCfg.APIKey)
+		defer os.Unsetenv(envAPIKey)
 	}
 	if apmCfg.SecretToken != "" {
 		os.Setenv(envSecretToken, apmCfg.SecretToken)