Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(http source): Digest access authentication #22101

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

feat(http source): Digest access authentication #22101

wants to merge 4 commits into from
+130 −6

Conversation

average-gary
Copy link
Contributor

Summary

Adding rfc2617 to http source

Change Type

  • Bug fix
  • New feature
  • Non-functional (chore, refactoring, docs)
  • Performance

Is this a breaking change?

  • Yes
  • No

How did you test this PR?

The datacenter/compute infrastructure I manage uses this authentication method for its endpoint. I successfully ran vector against one of these devices and received expected results back.

Does this PR include user facing changes?

  • Yes. Please add a changelog fragment based on our guidelines.
  • No. A maintainer will apply the "no-changelog" label to this PR.

Checklist

  • Please read our Vector contributor resources.
  • If this PR introduces changes Vector dependencies (modifies Cargo.lock), please
    run dd-rust-license-tool write to regenerate the license inventory and commit the changes (if any). More details here.

References

None.

@average-gary average-gary requested a review from a team as a code owner December 31, 2024 19:14
@github-actions github-actions bot added domain: sources Anything related to the Vector's sources domain: sinks Anything related to the Vector's sinks labels Dec 31, 2024
pront
pront reviewed Jan 27, 2025
View reviewed changes
Copy link
Member

@pront pront left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @average-gary for this contribution. Since there's no issue attached, can you explain the motivation for this PR in the summary? E.g. what use case does this change enable?

src/sources/util/http_client.rs
}

tokio::time::timeout(inputs.timeout, client.send(request))
.then({
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you extract this into a separate function? Or alternatively two, an extra one for the new is_digest block.

src/http.rs
/// Digest authentication.
///
/// requires a round trip to the server to get the challenge and then send the response
Digest {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is identical to Basic, I wonder if we can add a new field digest: bool that defaults to false. cc @jszwedko for UX review 🙏

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 The fields are identical, but given users are likely to think about these mechanisms differently (rather than digest authentication being a specialized form of basic authentication) I think having them separate makes sense.

src/sources/util/http_client.rs
}
let ha1 = format!("{:x}", md5::Md5::digest(format!("{}:{}:{}", username_inner, realm, user_password_inner.inner())));
let ha2 = format!("{:x}", md5::Md5::digest(format!("GET:{}", uri.path())));
let cnonce = "00000001"; // TODO: use rng for client nonce
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you plan to address this in this PR?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for pointing this out. I will update to add this for this PR.

@pront pront added the meta: awaiting author Pull requests that are awaiting their author. label Jan 30, 2025
@average-gary
Copy link
Contributor Author

Thanks @average-gary for this contribution. Since there's no issue attached, can you explain the motivation for this PR in the summary? E.g. what use case does this change enable?

I have thousands of machines whose firmware uses this auth digest method and I wanted to see if I could make vector a viable option for scraping data/metrics from the machine. This PR was my PoC at enabling it.

jszwedko
jszwedko reviewed Feb 7, 2025
View reviewed changes
src/http.rs
@@ -295,6 +299,20 @@ pub enum Auth {
/// The bearer authentication token.
token: SensitiveString,
},
/// Digest authentication.
///
/// requires a round trip to the server to get the challenge and then send the response
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/// requires a round trip to the server to get the challenge and then send the response
/// Challenge and response authentication as specified by [RFC7616](https://httpwg.org/specs/rfc7616.html).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jszwedko jszwedko jszwedko left review comments

@pront pront pront left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
domain: sinks Anything related to the Vector's sinks domain: sources Anything related to the Vector's sources meta: awaiting author Pull requests that are awaiting their author.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@average-gary @jszwedko @pront