From f3805b13170155ccd3c012837deb876410fc7b0d Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Tue, 29 Nov 2016 13:59:33 -0500
Subject: [PATCH] enable Logstash auth and prepare for handler for multiple
 auth types

---
 awx/main/log_utils/handlers.py              | 31 +++++++++++++++++----
 awx/settings/defaults.py                    |  4 ++-
 tools/elastic/logstash/config/logstash.conf |  2 ++
 3 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/awx/main/log_utils/handlers.py b/awx/main/log_utils/handlers.py
index 762b359608..50fb98ff78 100644
--- a/awx/main/log_utils/handlers.py
+++ b/awx/main/log_utils/handlers.py
@@ -23,6 +23,9 @@ from requests_futures.sessions import FuturesSession
 # Logstash
 from logstash import formatter
 
+# custom
+from requests.auth import HTTPBasicAuth
+
 
 ENABLED_LOGS = ['ansible']
 
@@ -61,13 +64,16 @@ def bg_cb(sess, resp):
 
 # add port for a generic handler
 class HTTPSHandler(logging.Handler):
-    def __init__(self, host, port=80, message_type='logstash', fqdn=False):
+    def __init__(self, host, fqdn=False, **kwargs):
         super(HTTPSHandler, self).__init__()
         self.host_saved = host
-        self.port = port
-        # self.port = port
-        self.message_type = message_type
         self.fqdn = fqdn
+        for fd in ['port', 'message_type', 'username', 'password']:
+            if fd in kwargs:
+                attr_name = fd
+                if fd == 'username':
+                    attr_name = 'user'
+                setattr(self, attr_name, kwargs[fd])
 
     def get_full_message(self, record):
         if record.exc_info:
@@ -75,6 +81,19 @@ class HTTPSHandler(logging.Handler):
         else:
             return record.getMessage()
 
+    def add_auth_information(self, kwargs):
+        if self.message_type == 'logstash':
+            if not self.user:
+                # Logstash authentication not enabled
+                return kwargs
+            logstash_auth = HTTPBasicAuth(self.user, self.password)
+            kwargs['auth'] = logstash_auth
+        elif self.message_type == 'splunk':
+            auth_header = "Splunk %s" % self.token
+            headers = dict(Authorization=auth_header)
+            kwargs['headers'] = headers
+        return kwargs
+
     def emit(self, record):
         try:
             payload = self.format(record)
@@ -94,7 +113,9 @@ class HTTPSHandler(logging.Handler):
                 host = 'http://%s' % self.host_saved
             if self.port != 80:
                 host = '%s:%s' % (host, str(self.port))
-            session.post(host, data=payload, background_callback=bg_cb)
+            bare_kwargs = dict(data=payload, background_callback=bg_cb)
+            kwargs = self.add_auth_information(bare_kwargs)
+            session.post(host, **kwargs)
         except (KeyboardInterrupt, SystemExit):
             raise
         except:
diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
index fbb5230d38..89afcc0f26 100644
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -892,7 +892,9 @@ LOGGING = {
             'message_type': 'logstash',
             'fqdn': True,
             # 'tags': ['tower'],
-            'formatter': 'json'
+            'formatter': 'json',
+            'username': 'awx_logger',
+            'password': 'workflows',
         },
         'mail_admins': {
             'level': 'ERROR',
diff --git a/tools/elastic/logstash/config/logstash.conf b/tools/elastic/logstash/config/logstash.conf
index 1f25b6ac95..9ad3a94f3c 100644
--- a/tools/elastic/logstash/config/logstash.conf
+++ b/tools/elastic/logstash/config/logstash.conf
@@ -1,6 +1,8 @@
 input {
 	http {
 		port => 8085
+		user => awx_logger
+		password => "workflows"
 	}
 }