Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x-pack/filebeat/input/httpjson: Add hexDecode function #31886

Merged
merged 6 commits into from
Jun 20, 2022
Merged

x-pack/filebeat/input/httpjson: Add hexDecode function #31886

merged 6 commits into from
Jun 20, 2022

Conversation

darshan-elastic
Copy link
Contributor

  • Enhancement

What does this PR do?

This adds template helper function for decoding hexadecimal string, output will be in bytes representation.

Why is it important?

This feature is needed for authentication with some APIs. For example, https://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html for the AWS Security Hub integration package.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
    - [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

@darshan-elastic darshan-elastic requested a review from a team as a code owner June 9, 2022 11:56
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jun 9, 2022
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jun 9, 2022
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-06-20T06:00:00.158+0000

  • Duration: 80 min 26 sec

Test stats 🧪

Test Results
Failed 0
Passed 2130
Skipped 166
Total 2296

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jun 9, 2022
@andrewkroh
Copy link
Member

This feature is needed for authentication with some APIs. For example, https://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html for the AWS Security Hub integration package.

Can you provide an example template showing how this will be used in that context.

@darshan-elastic
Copy link
Contributor Author

This feature is needed for authentication with some APIs. For example, https://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html for the AWS Security Hub integration package.

Can you provide an example template showing how this will be used in that context.

Sure, we are trying to use it in that context as follows:

Reference: https://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-python

def sign(key, msg):
    return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()

def getSignatureKey(key, dateStamp, regionName, serviceName):
    kDate = sign(("AWS4" + key).encode("utf-8"), dateStamp)
    kRegion = sign(kDate, regionName)
    kService = sign(kRegion, serviceName)
    kSigning = sign(kService, "aws4_request")
    return kSigning

Example template:

[[(hexDecode (hmac "sha256" (hexDecode (hmac "sha256" (hexDecode (hmac "sha256" (hexDecode (hmac "sha256" "AWS4wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY" "20120215")) "us-east-1")) "iam")) "aws4_request"))]]

@mergify
Copy link
Contributor

mergify bot commented Jun 16, 2022

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b httpjson_hex_decode upstream/httpjson_hex_decode
git merge upstream/main
git push upstream httpjson_hex_decode

@darshan-elastic darshan-elastic requested a review from marc-gr June 17, 2022 05:11
@darshan-elastic darshan-elastic requested a review from efd6 June 20, 2022 06:01
efd6
efd6 approved these changes Jun 20, 2022
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@marc-gr marc-gr merged commit 7d5242e into elastic:main Jun 20, 2022
@darshan-elastic darshan-elastic mentioned this pull request Jun 21, 2022
Merged
4 tasks
chrisberkhout pushed a commit that referenced this pull request Jun 1, 2023
@darshan-elastic @chrisberkhout
x-pack/filebeat/input/httpjson: Add hexDecode function (#31886)
c33dd17 
* Add hexDecode function to enhance httpjson

* Add CHANGELOG.next.asciidoc entry

* Update documentation to include example

* Conditionally return empty string in case of error
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

@marc-gr marc-gr marc-gr approved these changes

Assignees

@darshan-elastic darshan-elastic

Labels
enhancement Filebeat Filebeat
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@darshan-elastic @elasticmachine @andrewkroh @marc-gr @efd6