Skip to content

Use basic/token auth when doing explicitly constructed requests#110

Closed
chrisberkhout wants to merge 2 commits intoelastic:devfrom
chrisberkhout:use-configured-auth-for-all-requests
Closed

Use basic/token auth when doing explicitly constructed requests#110
chrisberkhout wants to merge 2 commits intoelastic:devfrom
chrisberkhout:use-configured-auth-for-all-requests

Conversation

@chrisberkhout
Copy link
Contributor

@chrisberkhout chrisberkhout commented Aug 22, 2025
edited
Loading

Use the basic/token auth configuration not just for direct requests
(e.g. get('http://www.example.com/'), but also when doing explicitly
constructed requests (e.g. get_request(...).do_request() or
request("GET", ...).do_request()).

This matches the behavior of the auth.oauth2 configuration, which applies to all requests.

It means that the choice of whether to apply basic/token auth automatically by configuration or explicitly in CEL is separate from the choice of how to construct requests in general.

Related:

Related in beats:

@chrisberkhout chrisberkhout self-assigned this Aug 22, 2025
@chrisberkhout chrisberkhout requested a review from a team August 25, 2025 11:08
efd6
efd6 requested changes Aug 25, 2025
View reviewed changes
Copy link
Collaborator

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not LGTM.

This behaviour is intentional and this change would be a breaking change.

@chrisberkhout
Copy link
Contributor Author

chrisberkhout commented Aug 26, 2025
edited
Loading

This behaviour is intentional and this change would be a breaking change.

Yeah, I probably should have opened an issue rather than a PR for the discussion, but I think the current state of some types of authentication configuration only applying to subsets of requests is confusing for the user and something that adds effort to work around.

If we're going to leave it as is, we should probably mention it in the CEL input's options documentation. I saw the auth.token options there, tried them in mito without success, then looked at mito's config parsing code and saw that they're supported before finally seeing how they're applied and the explanation in the mito documentation.

We could add an option like auth.token.requests: direct|all, but I'm not sure that's a good idea.

@efd6
Copy link
Collaborator

efd6 commented Aug 26, 2025

If we're going to leave it as is, we should probably mention it in the CEL input's options documentation.

If it's not there (it's not), then by all means. I'd suggest that there be some text here to indicate where it works, linking also to here where it is fully specified.

We could add an option like auth.token.requests: direct|all, but I'm not sure that's a good idea.

Knobs are bad; people use them.

@chrisberkhout chrisberkhout mentioned this pull request Aug 27, 2025
Merged
6 tasks
This was referenced Sep 5, 2025
Merged
Merged
Merged
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efd6 efd6 efd6 requested changes

Assignees

@chrisberkhout chrisberkhout

Labels

enhancement New feature or request Team:Security-Service Integrations

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chrisberkhout @efd6

Comments