Support API key authentication #1778
Merged
+15
−4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
inqueue
requested changes
Sep 13, 2023
docs/command_line_reference.rst
Outdated
| @@ -717,6 +717,7 @@ Here are a few common examples: | |||
|
|
|||
| * Enable HTTP compression: ``--client-options="http_compress:true"`` | |||
| * Enable basic authentication: ``--client-options="basic_auth_user:'user',basic_auth_password:'password'"``. Avoid the characters ``'``, ``,`` and ``:`` in user name and password as Rally's parsing of these options is currently really simple and there is no possibility to escape characters. | |||
| * Enable API key authentication: ``--client-options="api_key:'a0V...2dw=='"`` | |||
There was a problem hiding this comment.
Can we add a note suggesting only one authentication mechanism should be used?
There was a problem hiding this comment.
Great point, thanks. Done in 4f73902 (#1778), can you please take another look?
inqueue
approved these changes
Sep 13, 2023
There was a problem hiding this comment.
Just one comment, the rest LGTM.
2023-09-13 16:05:39,325 ActorAddr-(T|:37685)/PID:2257 esrally.client.factory INFO Creating ES client connected to [{'host': 'target.host', 'port': 443}] with option
s [{'api_key': '*****', 'use_ssl': True, 'verify_certs': False, 'retry_on_timeout': True}]
gbanasiak
approved these changes
Sep 13, 2023
There was a problem hiding this comment.
LGTM.
Note: API key and other sensitive information can still leak through the following DEBUG log, but as we do not use DEBUG log level by default I think that is acceptable.
Line 1254 in a2bc19e
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #1777, relates #1757
Most of the work is done in the Elasticsearch Python client, so we do only three things:
However:
api_key,basic_auth_userandbasic_auth_passwordare all set, since we get a traceback withValueError: Can only set one of 'api_key', 'basic_auth', and 'bearer_auth'in this case.create_api_key_per_clientwithapi_key:basic_authis still required for that use case, as documented.