fix: Add additional config remapping for "api_key" and "secret_token"…

… for libbeat instrumentation wrapper (#13691) Add additional config remapping for "api_key" and "secret_token" for libbeat instrumentation wrapper. (cherry picked from commit 17fab5c)
elastic · Jul 15, 2024 · 24d2e7f · 24d2e7f
1 parent 74c21e6
commit 24d2e7f
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 6 deletions.
diff --git a/changelogs/8.15.asciidoc b/changelogs/8.15.asciidoc
@@ -33,6 +33,6 @@ https://github.com/elastic/apm-server/compare/v8.14.3\...v8.15.0[View commits]
 - Upgraded bundled APM Java agent attacher CLI to version 1.50.0 {pull}13326[13326]
 - Enable Kibana curated UIs to work with hostmetrics from OpenTelemetry's https://pkg.go.dev/go.opentelemetry.io/collector/receiver/hostmetricsreceiver[hostmetricsreceiver] {pull}13196[13196]
 - Add require data stream to bulk index requests {pull}13398[13398]
-- Support self-instrumentation when in managed mode by getting tracing configs via reloader {pull}13514[13514] {pull}13653[13653]
+- Support self-instrumentation when in managed mode by getting tracing configs via reloader {pull}13514[13514] {pull}13653[13653] {pull}13691[13691]
 - Add mapping for OpenTelemetry attribute `messaging.destination.name` to derive `service.target` correctly {pull}13472[13472]
 - APM Server now automatically retries document-level 429s from Elasticsearch to avoid dropping data. `output.elasticsearch.max_retries` now controls both request-level and document-level retries, and defaults to `3`. {pull}13620[13620]
diff --git a/internal/beater/beater.go b/internal/beater/beater.go
@@ -546,8 +546,10 @@ func newInstrumentation(rawConfig *agentconfig.C) (instrumentation.Instrumentati
 	//
 	// Note that original config keys were additionally marshalled by
 	// https://github.com/elastic/elastic-agent/blob/main/pkg/component/runtime/apm_config_mapper.go#L18
-	// that's why the keys are different from the original APMConfig struct.
+	// that's why some keys are different from the original APMConfig struct including "api_key" and "secret_token".
 	var apmCfg struct {
+		APIKey       string `config:"apikey"`
+		SecretToken  string `config:"secrettoken"`
 		GlobalLabels string `config:"globallabels"`
 		TLS          struct {
 			SkipVerify        bool   `config:"skipverify"`
@@ -556,19 +558,29 @@ func newInstrumentation(rawConfig *agentconfig.C) (instrumentation.Instrumentati
 		} `config:"tls"`
 	}
 	cfg, err := rawConfig.Child("instrumentation", -1)
-	if err != nil {
-		// Fallback to instrumentation.New if the configs are not present.
+	if err != nil || !cfg.Enabled() {
+		// Fallback to instrumentation.New if the configs are not present or disabled.
 		return instrumentation.New(rawConfig, "apm-server", version.Version)
 	}
 	if err := cfg.Unpack(&apmCfg); err != nil {
 		return nil, err
 	}
 	const (
+		envAPIKey           = "ELASTIC_APM_API_KEY"
+		envSecretToken      = "ELASTIC_APM_SECRET_TOKEN"
 		envVerifyServerCert = "ELASTIC_APM_VERIFY_SERVER_CERT"
 		envServerCert       = "ELASTIC_APM_SERVER_CERT"
 		envCACert           = "ELASTIC_APM_SERVER_CA_CERT_FILE"
 		envGlobalLabels     = "ELASTIC_APM_GLOBAL_LABELS"
 	)
+	if apmCfg.APIKey != "" {
+		os.Setenv(envAPIKey, apmCfg.APIKey)
+		defer os.Unsetenv(envAPIKey)
+	}
+	if apmCfg.SecretToken != "" {
+		os.Setenv(envSecretToken, apmCfg.SecretToken)
+		defer os.Unsetenv(envSecretToken)
+	}
 	if apmCfg.TLS.SkipVerify {
 		os.Setenv(envVerifyServerCert, "false")
 		defer os.Unsetenv(envVerifyServerCert)

diff --git a/internal/beater/beater_test.go b/internal/beater/beater_test.go
@@ -237,6 +237,7 @@ func TestRunnerNewDocappenderConfig(t *testing.T) {
 }
 
 func TestNewInstrumentation(t *testing.T) {
+	var auth string
 	labels := make(chan map[string]string, 1)
 	defer close(labels)
 	s := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -249,6 +250,7 @@ func TestNewInstrumentation(t *testing.T) {
 			zr, _ := zlib.NewReader(r.Body)
 			_ = json.NewDecoder(zr).Decode(&b)
 			labels <- b.Metadata.Labels
+			auth = r.Header.Get("Authorization")
 		}
 		w.WriteHeader(http.StatusOK)
 	}))
@@ -260,8 +262,9 @@ func TestNewInstrumentation(t *testing.T) {
 	assert.NoError(t, err)
 	cfg := agentconfig.MustNewConfigFrom(map[string]interface{}{
 		"instrumentation": map[string]interface{}{
-			"enabled": true,
-			"hosts":   []string{s.URL},
+			"enabled":     true,
+			"hosts":       []string{s.URL},
+			"secrettoken": "secret",
 			"tls": map[string]interface{}{
 				"servercert": certPath,
 			},
@@ -274,4 +277,5 @@ func TestNewInstrumentation(t *testing.T) {
 	tracer.StartTransaction("name", "type").End()
 	tracer.Flush(nil)
 	assert.Equal(t, map[string]string{"k1": "val", "k2": "new val"}, <-labels)
+	assert.Equal(t, "Bearer secret", auth)
 }