[Heartbeat] Support HTTP Digest auth.

[andrewvc]

Describe the enhancement:

It looks like go's HTTP client doesn't support digest, but there is a proposal here. So, we'd have to do a custom implementation. This originated with this discuss post.

Describe a specific use case for the enhancement or feature:

HTTP digest is an old insecure standard, using a long deprecated hashing algorithm (MD5), and provides few of the protections TLS/SSL provide.

Users may be forced to use it to monitor legacy software however, so it wouldn't be bad to support.

[elasticmachine]

Pinging @elastic/uptime (:uptime)

[hendry-lim]

+1 for HTTP Digest auth support. We have a client's requirement to monitor JBoss through its management URL/API, but it is configured with Digest auth by default.

[cskowronnek]

+1 we'd need this too

[andrewvc]

One thought is as we roll out our synthetics framework, based on node.js, you'll have access to a full JS environment, letting you do weird things like digest auth. It's a bit early (and we're focusing on browsers at the moment) but it makes sense as a path to me. See https://www.elastic.co/what-is/synthetic-monitoring .

[beirtipol]

I'll throw my hat in the ring for this too. Again, need to access JBoss stats and only Digest auth is supported. I'll probably set up a script to curl and log the data I need on a timer and then scrape the json with filebeat

[botelastic]

Hi!
We just realized that we haven't looked into this issue in a while. We're sorry!

We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!

[beirtipol]

👍

[andrewvc]

I'm going to close this issue in favor of elastic/synthetics#137, which will almost certainly be the way this is implemented in the future. Please feel free to follow that issue!