elastic · herrBez · Nov 12, 2024 · Oct 14, 2024 · Oct 14, 2024 · Oct 14, 2024
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -373,6 +373,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 - Added Cisco Meraki module {pull}40836[40836]
 - Added Palo Alto Networks module {pull}40686[40686]
 - Restore docker.network.in.* and docker.network.out.* fields in docker module {pull}40968[40968]
+- Add support for basic auth in Aerospike module {pull}41233[41233]
 
 *Metricbeat*
 

@@ -2806,12 +2806,12 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 
 --------------------------------------------------------------------------------
-Dependency : github.com/aerospike/aerospike-client-go
-Version: v1.27.1-0.20170612174108-0f3b54da6bdc
+Dependency : github.com/aerospike/aerospike-client-go/v7
+Version: v7.7.1
 Licence type (autodetected): Apache-2.0
 --------------------------------------------------------------------------------
 
-Contents of probable licence file $GOMODCACHE/github.com/aerospike/aerospike-client-go@v1.27.1-0.20170612174108-0f3b54da6bdc/LICENSE:
+Contents of probable licence file $GOMODCACHE/github.com/aerospike/aerospike-client-go/v7@v7.7.1/LICENSE:
 
 
                                  Apache License
@@ -3002,7 +3002,7 @@ Contents of probable licence file $GOMODCACHE/github.com/aerospike/aerospike-cli
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2014-2016 Aerospike, Inc.
+   Copyright 2014-2020 Aerospike, Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
@@ -55890,11 +55890,11 @@ SOFTWARE.
 
 --------------------------------------------------------------------------------
 Dependency : github.com/yuin/gopher-lua
-Version: v0.0.0-20170403160031-b402f3114ec7
+Version: v1.1.1
 Licence type (autodetected): MIT
 --------------------------------------------------------------------------------
 
-Contents of probable licence file $GOMODCACHE/github.com/yuin/gopher-lua@v0.0.0-20170403160031-b402f3114ec7/LICENSE:
+Contents of probable licence file $GOMODCACHE/github.com/yuin/gopher-lua@v1.1.1/LICENSE:
 
 The MIT License (MIT)
 

@@ -20,7 +20,6 @@ require (
 	github.com/PaesslerAG/jsonpath v0.1.1
 	github.com/Shopify/sarama v1.27.0
 	github.com/StackExchange/wmi v1.2.1
-	github.com/aerospike/aerospike-client-go v1.27.1-0.20170612174108-0f3b54da6bdc
 	github.com/akavel/rsrc v0.8.0 // indirect
 	github.com/apoydence/eachers v0.0.0-20181020210610-23942921fe77 // indirect
 	github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
@@ -176,6 +175,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.4.0
 	github.com/Azure/azure-storage-blob-go v0.15.0
 	github.com/Azure/go-autorest/autorest/adal v0.9.24
+	github.com/aerospike/aerospike-client-go/v7 v7.7.1
 	github.com/apache/arrow/go/v14 v14.0.2
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.12
 	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.13
@@ -416,7 +416,7 @@ require (
 	github.com/dlclark/regexp2 v1.4.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/moby/term v0.5.0 // indirect
-	github.com/yuin/gopher-lua v0.0.0-20170403160031-b402f3114ec7 // indirect
+	github.com/yuin/gopher-lua v1.1.1 // indirect
 	gopkg.in/jcmturner/rpc.v1 v1.1.0 // indirect
 )
 

@@ -146,8 +146,8 @@ github.com/Shopify/toxiproxy v2.1.4+incompatible h1:TKdv8HiTLgE5wdJuEML90aBgNWso
 github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
 github.com/StackExchange/wmi v1.2.1 h1:VIkavFPXSjcnS+O8yTq7NI32k0R5Aj+v39y29VYDOSA=
 github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8=
-github.com/aerospike/aerospike-client-go v1.27.1-0.20170612174108-0f3b54da6bdc h1:9iW/Fbn/R/nyUOiqo6AgwBe8uirqUIoTGF3vKG8qjoc=
-github.com/aerospike/aerospike-client-go v1.27.1-0.20170612174108-0f3b54da6bdc/go.mod h1:zj8LBEnWBDOVEIJt8LvaRvDG5ARAoa5dBeHaB472NRc=
+github.com/aerospike/aerospike-client-go/v7 v7.7.1 h1:lcskBtPZYe6ESObhIEQEp4XO1axYZpaFD3ie4iwr6tg=
+github.com/aerospike/aerospike-client-go/v7 v7.7.1/go.mod h1:STlBtOkKT8nmp7iD+sEkr/JGEOu+4e2jGlNN0Jiu2a4=
 github.com/akavel/rsrc v0.8.0 h1:zjWn7ukO9Kc5Q62DOJCcxGpXC18RawVtYAGdz2aLlfw=
 github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -933,8 +933,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/yuin/gopher-lua v0.0.0-20170403160031-b402f3114ec7 h1:0gYLpmzecnaDCoeWxSfEJ7J1b6B/67+NV++4HKQXx+Y=
-github.com/yuin/gopher-lua v0.0.0-20170403160031-b402f3114ec7/go.mod h1:aEV29XrmTYFr3CiRxZeGHpkvbwq+prZduBqMaascyCU=
+github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
+github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
 github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg=
 github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=

diff --git a/metricbeat/docs/modules/aerospike.asciidoc b/metricbeat/docs/modules/aerospike.asciidoc
@@ -45,6 +45,16 @@ metricbeat.modules:
   # Aerospike Cluster Name
   #cluster_name: myclustername
 
+  # Username of hosts. Empty by default.
+  #username: root
+
+  # Password of hosts. Empty by default.
+  #password: secret
+
+  # Authentication modes: https://aerospike.com/docs/server/guide/security/access-control
+  # Possible values: internal (default), external, pki
+  #auth_mode: internal
+
   # Optional SSL/TLS (disabled by default)
   #ssl.enabled: true
 

@@ -152,6 +152,16 @@ metricbeat.modules:
   # Aerospike Cluster Name
   #cluster_name: myclustername
 
+  # Username of hosts. Empty by default.
+  #username: root
+
+  # Password of hosts. Empty by default.
+  #password: secret
+
+  # Authentication modes: https://aerospike.com/docs/server/guide/security/access-control
+  # Possible values: internal (default), external, pki
+  #auth_mode: internal
+
   # Optional SSL/TLS (disabled by default)
   #ssl.enabled: true
 

@@ -7,6 +7,16 @@
   # Aerospike Cluster Name
   #cluster_name: myclustername
 
+  # Username of hosts. Empty by default.
+  #username: root
+
+  # Password of hosts. Empty by default.
+  #password: secret
+
+  # Authentication modes: https://aerospike.com/docs/server/guide/security/access-control
+  # Possible values: internal (default), external, pki
+  #auth_mode: internal
+
   # Optional SSL/TLS (disabled by default)
   #ssl.enabled: true
 

@@ -7,6 +7,16 @@
   # Aerospike Cluster Name
   #cluster_name: myclustername
 
+  # Username of hosts. Empty by default.
+  #username: root
+
+  # Password of hosts. Empty by default.
+  #password: secret
+
+  # Authentication modes: https://aerospike.com/docs/server/guide/security/access-control
+  # Possible values: internal (default), external, pki
+  #auth_mode: internal
+
   # Optional SSL/TLS (disabled by default)
   #ssl.enabled: true
 

@@ -24,14 +24,24 @@ import (
 
 	"github.com/elastic/elastic-agent-libs/transport/tlscommon"
 
-	as "github.com/aerospike/aerospike-client-go"
+	as "github.com/aerospike/aerospike-client-go/v7"
 )
 
 type Config struct {
 	ClusterName string            `config:"cluster_name"`
 	TLS         *tlscommon.Config `config:"ssl"`
+	User        string            `config:"username"`
+	Password    string            `config:"password"`
+	AuthMode    string            `config:"auth_mode"`
 }
 
+const (
+	AUTH_MODE_UNSET    string = ""
+	AUTH_MODE_INTERNAL string = "internal"
+	AUTH_MODE_PKI      string = "pki"
+	AUTH_MODE_EXTERNAL string = "external"
+)
+
 // DefaultConfig return default config for the aerospike module.
 func DefaultConfig() Config {
 	return Config{}
@@ -47,6 +57,24 @@ func ParseClientPolicy(config Config) (*as.ClientPolicy, error) {
 		clientPolicy.TlsConfig = tlsconfig.ToConfig()
 	}
 
+	if len(config.User) > 0 && len(config.Password) > 0 {
+		clientPolicy.User = config.User
+		clientPolicy.Password = config.Password
+	}
+
+	switch config.AuthMode {
+	case AUTH_MODE_UNSET:
+		// Use default behavior of client
+	case AUTH_MODE_INTERNAL:
+		clientPolicy.AuthMode = as.AuthModeInternal
+	case AUTH_MODE_EXTERNAL:
+		clientPolicy.AuthMode = as.AuthModeExternal
+	case AUTH_MODE_PKI:
+		clientPolicy.AuthMode = as.AuthModePKI
+	default:
+		return nil, fmt.Errorf("unknown authentication mode '%s'", config.AuthMode)
+	}
+
 	if config.ClusterName != "" {
 		clientPolicy.ClusterName = config.ClusterName
 	}

@@ -19,13 +19,14 @@ package aerospike
 
 import (
 	"errors"
+	"fmt"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 
 	"github.com/elastic/elastic-agent-libs/transport/tlscommon"
 
-	as "github.com/aerospike/aerospike-client-go"
+	as "github.com/aerospike/aerospike-client-go/v7"
 )
 
 func TestParseHost(t *testing.T) {
@@ -105,6 +106,8 @@ func pointer[T any](d T) *T {
 
 func TestParseClientPolicy(t *testing.T) {
 	sampleClusterName := "TestCluster"
+	sampleUser := "TestUser"
+	samplePassword := "MySecretPassword"
 
 	TLSPolicy := as.NewClientPolicy()
 	tlsconfig, _ := tlscommon.LoadTLSConfig(&tlscommon.Config{Enabled: pointer(true)})
@@ -113,6 +116,24 @@ func TestParseClientPolicy(t *testing.T) {
 	ClusterNamePolicy := as.NewClientPolicy()
 	ClusterNamePolicy.ClusterName = sampleClusterName
 
+	UserPasswordClientPolicy := as.NewClientPolicy()
+	UserPasswordClientPolicy.User = sampleUser
+	UserPasswordClientPolicy.Password = samplePassword
+
+	UserPasswordTLSPolicy := as.NewClientPolicy()
+	UserPasswordTLSPolicy.User = sampleUser
+	UserPasswordTLSPolicy.Password = samplePassword
+	UserPasswordTLSPolicy.TlsConfig = tlsconfig.ToConfig()
+
+	ExternalAuthModePolicy := as.NewClientPolicy()
+	ExternalAuthModePolicy.AuthMode = as.AuthModeExternal
+
+	PKIAuthModePolicy := as.NewClientPolicy()
+	PKIAuthModePolicy.AuthMode = as.AuthModePKI
+
+	InternalAuthModePolicy := as.NewClientPolicy()
+	InternalAuthModePolicy.AuthMode = as.AuthModeInternal
+
 	tests := []struct {
 		Name                 string
 		Config               Config
@@ -143,6 +164,66 @@ func TestParseClientPolicy(t *testing.T) {
 			expectedClientPolicy: ClusterNamePolicy,
 			expectedErr:          nil,
 		},
+		{
+			Name: "Username and password are honored",
+			Config: Config{
+				User:     sampleUser,
+				Password: samplePassword,
+			},
+			expectedClientPolicy: UserPasswordClientPolicy,
+			expectedErr:          nil,
+		},
+		{
+			Name: "Username is set and password is not set",
+			Config: Config{
+				User: sampleUser,
+			},
+			expectedClientPolicy: as.NewClientPolicy(),
+			expectedErr:          nil,
+		},
+		{
+			Name: "Password is set and user is not set",
+			Config: Config{
+				Password: samplePassword,
+			},
+			expectedClientPolicy: as.NewClientPolicy(),
+			expectedErr:          nil,
+		},
+		{
+			Name: "TLS and Basic Auth",
+			Config: Config{
+				TLS: &tlscommon.Config{
+					Enabled: pointer(true),
+				},
+				User:     sampleUser,
+				Password: samplePassword,
+			},
+			expectedClientPolicy: UserPasswordTLSPolicy,
+			expectedErr:          nil,
+		},
+		{
+			Name: "Unsupported Authentication Mode",
+			Config: Config{
+				AuthMode: "doesnotexist",
+			},
+			expectedErr: fmt.Errorf("unknown authentication mode 'doesnotexist'"),
+		},
+		{
+			Name: "External Authentication Mode",
+			Config: Config{
+				AuthMode: AUTH_MODE_EXTERNAL,
+			},
+			expectedClientPolicy: ExternalAuthModePolicy,
+			expectedErr:          fmt.Errorf("unknown authentication mode 'doesnotexist'"),
+		},
+		{
+			Name: "Internal Authentication Mode",
+			Config: Config{
+				AuthMode: AUTH_MODE_INTERNAL,
+			},
+			expectedClientPolicy: InternalAuthModePolicy,
+			expectedErr:          fmt.Errorf("unknown authentication mode 'doesnotexist'"),
+		},
 	}
 
 	for _, test := range tests {
@@ -158,6 +239,16 @@ func TestParseClientPolicy(t *testing.T) {
 		}
 		assert.Equalf(t, test.expectedClientPolicy.ClusterName, result.ClusterName,
 			"Aerospike policy cluster name is wrong. Got '%s' expected '%s'", result.ClusterName, test.expectedClientPolicy.ClusterName)
+
+		assert.Equalf(t, test.expectedClientPolicy.User, result.User,
+			"Aerospike policy user name is wrong. Got '%s' expected '%s'", result.User, test.expectedClientPolicy.User)
+
+		assert.Equalf(t, test.expectedClientPolicy.Password, result.Password,
+			"Aerospike policy password is wrong. Got '%s' expected '%s'", result.Password, test.expectedClientPolicy.Password)
+
+		assert.Equalf(t, test.expectedClientPolicy.AuthMode, result.AuthMode,
+			"Aerospike policy authentication mode is wrong. Got '%s' expected '%s'", result.AuthMode, test.expectedClientPolicy.AuthMode)
+
 		if test.Config.TLS.IsEnabled() {
 			assert.NotNil(t, result.TlsConfig, "Aerospike policy: TLS is not set even though TLS is specified in the configuration")
 		}

@@ -2,10 +2,10 @@ version: '2.3'
 
 services:
   aerospike:
-    image: docker.elastic.co/integrations-ci/beats-aerospike:${AEROSPIKE_VERSION:-3.9.0}-1
+    image: docker.elastic.co/integrations-ci/beats-aerospike:${AEROSPIKE_VERSION:-ee-7.2.0.1_1}
     build:
       context: ./_meta
       args:
-        AEROSPIKE_VERSION: ${AEROSPIKE_VERSION:-3.9.0}
+        AEROSPIKE_VERSION: ${AEROSPIKE_VERSION:-ee-7.2.0.1_1}
     ports:
       - 3000