Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Manticore eager setting cannot be changed and does not work in all cases #87

Open
Jc2k opened this issue Oct 27, 2017 · 4 comments
Open

Comments

@Jc2k
Copy link

Jc2k commented Oct 27, 2017

In normalize_request when building spec[:auth] the setting eager is set to true. It cannot be changed from logstash configuration. In my case a third party server i don't control is configured to only do digest auth and we send basic auth instead, which breaks on the servers side. If i hand patch eager: true to eager: false it works.

manticore itself advocates for it to be false in most cases - from its CHANGELOG:

Added an option for eager auth, which instructs Manticore to present basic auth credentials on initial request, rather than being challenged for them. You should only use this if you have a specific need for it, as it may be a security concern otherwise.

Would you accept a pull request to set eager to false?

@andrewvc
Copy link
Contributor

Yes! We would gladly accept it.

I'm on the fence about defaulting it one way or the other.

For common Logstash use cases turning it off would double the number of requests.

@andrewvc andrewvc assigned andrewvc and unassigned andrewvc Oct 27, 2017
@Jc2k
Copy link
Author

Jc2k commented Oct 27, 2017

I was hoping to get away with literally just setting eager to false but it sounds like it needs to be made a setting. I'm new to logstash dev (and jruby and ruby) but it looks like i'd need to add something like:

config :eager, :validate => :boolean, default => false

And then i'd be able to access that from the spec object? Maybe something like:

      if user && password
        spec[:auth] = {
          user: user, 
          pass: password,
          eager: spec.delete(:eager) || false,
        } 
      end

?

And it looks like the config bit would have to go into logstash-mixin-http_client and a similar change made here? But i'd be able to refer to @eager.

Does that sound about right? So will need to get a release of logstash-mixin-http_client before can get anything merged here.

@andrewvc
Copy link
Contributor

Yes, you'd need to add it to the mixin.

You can actually just open an issue there, link to it here, and close this issue.

@andrewvc
Copy link
Contributor

You're right, by the way, about the config stuff.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants