Add API key validation in Datadog logs source · vectordotdev/vector#6809

(1 commento) (0 reazioni) (0 assegnatari)Rust (21.837 star) (2126 fork)batch import

good first issuesource: datadog_agenttype: enhancement

Descrizione

Following #6744 Vector is able to receive log from a Datadog agent.

The source could be improved by allowing api key filtering:

[sources.addUnit]
type = "datadog_logs"
address = "0.0.0.0.0:8080"
# New config param suggestion to support multiple api key
# the behaviour would be subject to the drop_on_invalid_api_key value
valid_api_keys = ["123456", "789abc" ]
# If this is true a log coming with a unknown API key would be dropped
# else the API key would just be ignored and not saved in the event
drop_on_invalid_api_key = true

This would allow to address two usecases :

Basic authentication (drop_on_invalid_api_key = true)
Prevent unknown API keys to be used (i.e. avoid leaking logs lines to a 3rd party org)

One could argue that we could also support API key blacklisting, it could be addressed later thought.

Guida contributor

Tech stack: rust
Dominio: backendobservability
Tipo issue: feature
Difficoltà: 3
Tempo stimato: 1-2 days
Stato attività: stale
Chiarezza: clear
Prerequisiti: Vector source architectureRust async programmingDatadog logs source from #6744
Adatta ai principianti: 55
Direzione di ricerca: Start by reading the existing Datadog logs source implementation in `src/sources/datadog logs/`. Understand how the source currently handles incoming logs and where authentication could be added. Review similar authentication patterns in other Vector sources, such as the HTTP source. Implement the `valid api keys` and `drop on invalid api key` configuration options, ensuring proper validation and logging. Refer to the discussion in #6744 for context.