From d80deec77682cd9a3ac25bd320e1beb81be0e235 Mon Sep 17 00:00:00 2001
From: Ken Rowland <kenneth.rowland@lexisnexisrisk.com>
Date: Mon, 2 Dec 2024 15:09:53 -0500
Subject: [PATCH] Added immediate return if no auth config present

---
 system/metrics/sinks/elastic/elasticSink.cpp | 76 ++++++++++----------
 1 file changed, 38 insertions(+), 38 deletions(-)

diff --git a/system/metrics/sinks/elastic/elasticSink.cpp b/system/metrics/sinks/elastic/elasticSink.cpp
index 6cc48f1f4c3..3ab1a404073 100644
--- a/system/metrics/sinks/elastic/elasticSink.cpp
+++ b/system/metrics/sinks/elastic/elasticSink.cpp
@@ -90,57 +90,57 @@ bool ElasticMetricSink::getHostConfig(const IPropertyTree *pSettingsTree)
 
     // Get authentication settings, if present
     Owned<IPropertyTree> pAuthConfigTree = pSettingsTree->getPropTree("authentication");
-    if (pAuthConfigTree)
+    if (!pAuthConfigTree)
+        return true;
+
+    // Retrieve the authentication type and validate (only basic is supported)
+    if (!pAuthConfigTree->getProp("@type", authenticationType) || !streq(authenticationType, "basic"))
+    {
+        WARNLOG("ElasticMetricSink: Only basic authentication is supported");
+        return false;
+    }
+
+    StringBuffer credentialsSecretKey;
+    pAuthConfigTree->getProp("@credentialsSecret", credentialsSecretKey);  // vault/secrets key
+    if (!credentialsSecretKey.isEmpty())
     {
-        // Retrieve the authentication type and validate (only basic is supported)
-        if (!pAuthConfigTree->getProp("@type", authenticationType) || !streq(authenticationType, "basic"))
+        StringBuffer credentialsVaultId;
+        pAuthConfigTree->getProp("@credentialsVaultId", credentialsVaultId);//optional HashiCorp vault ID
+
+        DBGLOG("Retrieving ElasticSearch host authentication username/password from secrets tree '%s', from vault '%s'",
+               credentialsSecretKey.str(), !credentialsVaultId.isEmpty() ? credentialsVaultId.str() : "");
+
+        Owned<const IPropertyTree> secretTree(getSecret("authn", credentialsSecretKey.str(), credentialsVaultId, nullptr));
+        if (secretTree == nullptr)
         {
-            WARNLOG("ElasticMetricSink: Only basic authentication is supported");
+            WARNLOG("ElasticMetricSink: Unable to load secret tree '%s', from vault '%s'", credentialsSecretKey.str(),
+                    !credentialsVaultId.isEmpty() ? credentialsVaultId.str() : "n/a");
             return false;
         }
 
-        StringBuffer credentialsSecretKey;
-        pAuthConfigTree->getProp("@credentialsSecret", credentialsSecretKey);  // vault/secrets key
-        if (!credentialsSecretKey.isEmpty())
+        // authentication type defines the secret key name/value pairs to retrieve
+        if (streq(authenticationType, "basic"))
         {
-            StringBuffer credentialsVaultId;
-            pAuthConfigTree->getProp("@credentialsVaultId", credentialsVaultId);//optional HashiCorp vault ID
-
-            DBGLOG("Retrieving ElasticSearch host authentication username/password from secrets tree '%s', from vault '%s'",
-                   credentialsSecretKey.str(), !credentialsVaultId.isEmpty() ? credentialsVaultId.str() : "");
-
-            Owned<const IPropertyTree> secretTree(getSecret("authn", credentialsSecretKey.str(), credentialsVaultId, nullptr));
-            if (secretTree == nullptr)
+            if (!getSecretKeyValue(username, secretTree, "username") || !getSecretKeyValue(password, secretTree, "password"))
             {
-                WARNLOG("ElasticMetricSink: Unable to load secret tree '%s', from vault '%s'", credentialsSecretKey.str(),
-                        !credentialsVaultId.isEmpty() ? credentialsVaultId.str() : "n/a");
+                WARNLOG("ElasticMetricSink: Missing username and/or password from secrets tree '%s', vault '%s'",
+                        credentialsSecretKey.str(), !credentialsVaultId.isEmpty() ? credentialsVaultId.str() : "n/a");
                 return false;
             }
-
-            // authentication type defines the secret key name/value pairs to retrieve
-            if (streq(authenticationType, "basic"))
-            {
-                if (!getSecretKeyValue(username, secretTree, "username") || !getSecretKeyValue(password, secretTree, "password"))
-                {
-                    WARNLOG("ElasticMetricSink: Missing username and/or password from secrets tree '%s', vault '%s'",
-                            credentialsSecretKey.str(), !credentialsVaultId.isEmpty() ? credentialsVaultId.str() : "n/a");
-                    return false;
-                }
-            }
         }
-        else
+    }
+    else
+    {
+        // if basic auth, username and password are stored directly in the configuration
+        if (streq(authenticationType, "basic"))
         {
-            // if basic auth, username and password are stored directly in the configuration
-            if (streq(authenticationType, "basic"))
+            StringBuffer encryptedPassword;
+            if (!pAuthConfigTree->getProp("@username", username) || !pAuthConfigTree->getProp("@password", encryptedPassword))
             {
-                StringBuffer encryptedPassword;
-                if (!pAuthConfigTree->getProp("@username", username) || !pAuthConfigTree->getProp("@password", encryptedPassword))
-                {
-                    WARNLOG("ElasticMetricSink: Missing username and/or password from configuration");
-                    return false;
-                }
-                decrypt(password, encryptedPassword.str()); //MD5 encrypted in config
+                WARNLOG("ElasticMetricSink: Missing username and/or password from configuration");
+                return false;
             }
+            decrypt(password, encryptedPassword.str()); //MD5 encrypted in config
         }
     }
     return true;