vectordotdev/vector

Add API key validation in Datadog logs source

Open

#6,809 opened on Mar 18, 2021

View on GitHub
 (1 comment) (0 reactions) (0 assignees)Rust (21,837 stars) (2,126 forks)batch import
good first issuesource: datadog_agenttype: enhancement

Description

Following #6744 Vector is able to receive log from a Datadog agent.

The source could be improved by allowing api key filtering:

[sources.addUnit]
type = "datadog_logs"
address = "0.0.0.0.0:8080"
# New config param suggestion to support multiple api key
# the behaviour would be subject to the drop_on_invalid_api_key value
valid_api_keys = ["123456", "789abc" ]
# If this is true a log coming with a unknown API key would be dropped
# else the API key would just be ignored and not saved in the event
drop_on_invalid_api_key = true

This would allow to address two usecases :

  • Basic authentication (drop_on_invalid_api_key = true)
  • Prevent unknown API keys to be used (i.e. avoid leaking logs lines to a 3rd party org)

One could argue that we could also support API key blacklisting, it could be addressed later thought.

Contributor guide

Tech stack
rust
Domain
backendobservability
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-2 days
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
Vector source architectureRust async programmingDatadog logs source from #6744
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
55
Research direction
Start by reading the existing Datadog logs source implementation in `src/sources/datadog logs/`. Understand how the source currently handles incoming logs and where authentication could be added. Review similar authentication patterns in other Vector sources, such as the HTTP source. Implement the `valid api keys` and `drop on invalid api key` configuration options, ensuring proper validation and logging. Refer to the discussion in #6744 for context.