Changes to include apikey configuration for elastic search rest client

extensions/elasticsearch-rest-client/runtime/src/main/java/io/quarkus/elasticsearch/restclient/lowlevel/runtime/ElasticsearchConfig.java

@@ -10,6 +10,7 @@
 import io.quarkus.runtime.annotations.ConfigRoot;
 import io.smallrye.config.ConfigMapping;
 import io.smallrye.config.WithDefault;
+import io.smallrye.config.WithParentName;
 
 @ConfigMapping(prefix = "quarkus.elasticsearch")
 @ConfigRoot(phase = ConfigPhase.RUN_TIME)
@@ -28,6 +29,23 @@ public interface ElasticsearchConfig {
     @WithDefault("http")
     String protocol();
 
+    /**
+     * Retrieves the Configuration for API Key Authentication
+     */
+    @WithParentName
+    Optional<EsApiKeyAuth> esApiKeyAuth();
+
+    /**
+     * Represents the API Key authentication details for Elasticsearch
+     */
+    interface EsApiKeyAuth {
+
+        /**
+         * Retrieves the API key used for authentication.
+         */
+        String apiKey();
+    }
+
     /**
      * The username for basic HTTP authentication.
      */

extensions/elasticsearch-rest-client/runtime/src/main/java/io/quarkus/elasticsearch/restclient/lowlevel/runtime/RestClientBuilderHelper.java

@@ -2,8 +2,11 @@
 
 import java.net.InetSocketAddress;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 
+import org.apache.http.Header;
+import org.apache.http.HttpHeaders;
 import org.apache.http.HttpHost;
 import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.UsernamePasswordCredentials;
@@ -12,6 +15,7 @@
 import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
 import org.apache.http.impl.nio.reactor.IOReactorConfig;
+import org.apache.http.message.BasicHeader;
 import org.apache.http.nio.conn.NoopIOSessionStrategy;
 import org.elasticsearch.client.RestClient;
 import org.elasticsearch.client.RestClientBuilder;
@@ -54,16 +58,9 @@ public RequestConfig.Builder customizeRequestConfig(RequestConfig.Builder reques
         builder.setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
             @Override
             public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
-                if (config.username().isPresent()) {
-                    if (!"https".equalsIgnoreCase(config.protocol())) {
-                        LOG.warn("Using Basic authentication in HTTP implies sending plain text passwords over the wire, " +
-                                "use the HTTPS protocol instead.");
-                    }
-                    CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
-                    credentialsProvider.setCredentials(AuthScope.ANY,
-                            new UsernamePasswordCredentials(config.username().get(), config.password().orElse(null)));
-                    httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
-                }
+
+                EsAuth authMethod = checkAuthMethod(config);
+                authMethod.apply(httpClientBuilder, config);
 
                 if (config.ioThreadCounts().isPresent()) {
                     IOReactorConfig ioReactorConfig = IOReactorConfig.custom()
@@ -92,6 +89,7 @@ public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpCli
                 }
                 return result;
             }
+
         });
 
         return builder;
@@ -112,4 +110,58 @@ public static Sniffer createSniffer(RestClient client, ElasticsearchConfig confi
 
         return builder.build();
     }
+
+    public enum EsAuth {
+        NONE {
+            @Override
+            public void apply(HttpAsyncClientBuilder httpClientBuilder, ElasticsearchConfig config) {
+                // No authentication needed
+            }
+        },
+
+        BASIC {
+            @Override
+            public void apply(HttpAsyncClientBuilder httpClientBuilder, ElasticsearchConfig config) {
+                if (config.username().isPresent()) {
+                    if (!"https".equalsIgnoreCase(config.protocol())) {
+                        LOG.warn("Using Basic authentication in HTTP implies sending plain text passwords over the wire, "
+                                + "use the HTTPS protocol instead.");
+                    }
+
+                    CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+                    credentialsProvider.setCredentials(AuthScope.ANY,
+                            new UsernamePasswordCredentials(config.username().get(),
+                                    config.password().orElse(null)));
+                    httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
+                }
+            }
+        },
+
+        API_KEY {
+            @Override
+            public void apply(HttpAsyncClientBuilder httpClientBuilder, ElasticsearchConfig config) {
+                if (config.esApiKeyAuth().isPresent()) {
+                    ElasticsearchConfig.EsApiKeyAuth auth = config.esApiKeyAuth().get();
+                    Header apiKeyHeader = new BasicHeader(HttpHeaders.AUTHORIZATION,
+                            "ApiKey " + auth.apiKey());
+                    httpClientBuilder.setDefaultHeaders(Collections.singleton(apiKeyHeader));
+                    LOG.info("API Key authentication is enabled.");
+                }
+            }
+        };
+
+        public abstract void apply(HttpAsyncClientBuilder httpClientBuilder, ElasticsearchConfig config);
+    }
+
+    private static EsAuth checkAuthMethod(ElasticsearchConfig config) {
+        boolean hasBasic = config.username().isPresent();
+        boolean hasApiKey = config.esApiKeyAuth().isPresent();
+
+        if (hasBasic && hasApiKey) {
+            LOG.warn("Multiple authentication methods configured. Defaulting to Basic Authentication.");
+            return EsAuth.BASIC;
+        }
+
+        return hasApiKey ? EsAuth.API_KEY : hasBasic ? EsAuth.BASIC : EsAuth.NONE;
+    }
 }