feat(inputs.http): Rework token options (#13622)

plugins/inputs/http/README.md

@@ -17,8 +17,8 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details.
 
 ## Secret-store support
 
-This plugin supports secrets from secret-stores for the `username` and
-`password` option.
+This plugin supports secrets from secret-stores for the `username`, `password`
+and `token` option.
 See the [secret-store documentation][SECRETSTORE] for more details on how
 to use them.
 
@@ -47,9 +47,10 @@ to use them.
   ## compress body or "identity" to apply no encoding.
   # content_encoding = "identity"
 
-  ## Optional file with Bearer token
-  ## file content is added as an Authorization header
-  # bearer_token = "/path/to/file"
+  ## Optional Bearer token settings to use for the API calls.
+  ## Use either the token itself or the token file if you need a token.
+  # token = "eyJhbGc...Qssw5c"
+  # token_file = "/path/to/file"
 
   ## Optional HTTP Basic Auth Credentials
   # username = "username"

plugins/inputs/http/http.go

@@ -28,18 +28,18 @@ type HTTP struct {
 	Body            string   `toml:"body"`
 	ContentEncoding string   `toml:"content_encoding"`
 
-	Headers map[string]string `toml:"headers"`
-
-	// HTTP Basic Auth Credentials
+	// Basic authentication
 	Username config.Secret `toml:"username"`
 	Password config.Secret `toml:"password"`
 
-	// Absolute path to file with Bearer token
-	BearerToken string `toml:"bearer_token"`
+	// Bearer authentication
+	BearerToken string        `toml:"bearer_token" deprecated:"1.28.0;use 'token_file' instead"`
+	Token       config.Secret `toml:"token"`
+	TokenFile   string        `toml:"token_file"`
 
-	SuccessStatusCodes []int `toml:"success_status_codes"`
-
-	Log telegraf.Logger `toml:"-"`
+	Headers            map[string]string `toml:"headers"`
+	SuccessStatusCodes []int             `toml:"success_status_codes"`
+	Log                telegraf.Logger   `toml:"-"`
 
 	httpconfig.HTTPClientConfig
 
@@ -52,12 +52,24 @@ func (*HTTP) SampleConfig() string {
 }
 
 func (h *HTTP) Init() error {
+	// For backward compatibility
+	if h.TokenFile != "" && h.BearerToken != "" && h.TokenFile != h.BearerToken {
+		return fmt.Errorf("conflicting settings for 'bearer_token' and 'token_file'")
+	} else if h.TokenFile == "" && h.BearerToken != "" {
+		h.TokenFile = h.BearerToken
+	}
+
+	// We cannot use multiple sources for tokens
+	if h.TokenFile != "" && !h.Token.Empty() {
+		return fmt.Errorf("either use 'token_file' or 'token' not both")
+	}
+
+	// Create the client
 	ctx := context.Background()
 	client, err := h.HTTPClientConfig.CreateClient(ctx, h.Log)
 	if err != nil {
 		return err
 	}
-
 	h.client = client
 
 	// Set default as [200]
@@ -110,7 +122,14 @@ func (h *HTTP) gatherURL(
 		return err
 	}
 
-	if h.BearerToken != "" {
+	if !h.Token.Empty() {
+		token, err := h.Token.Get()
+		if err != nil {
+			return err
+		}
+		bearer := "Bearer " + strings.TrimSpace(string(token))
+		request.Header.Set("Authorization", bearer)
+	} else if h.TokenFile != "" {
 		token, err := os.ReadFile(h.BearerToken)
 		if err != nil {
 			return err

plugins/inputs/http/sample.conf

@@ -18,9 +18,10 @@
   ## compress body or "identity" to apply no encoding.
   # content_encoding = "identity"
 
-  ## Optional file with Bearer token
-  ## file content is added as an Authorization header
-  # bearer_token = "/path/to/file"
+  ## Optional Bearer token settings to use for the API calls.
+  ## Use either the token itself or the token file if you need a token.
+  # token = "eyJhbGc...Qssw5c"
+  # token_file = "/path/to/file"
 
   ## Optional HTTP Basic Auth Credentials
   # username = "username"

plugins/inputs/http/sample.conf.in

@@ -18,9 +18,10 @@
   ## compress body or "identity" to apply no encoding.
   # content_encoding = "identity"
 
-  ## Optional file with Bearer token
-  ## file content is added as an Authorization header
-  # bearer_token = "/path/to/file"
+  ## Optional Bearer token settings to use for the API calls.
+  ## Use either the token itself or the token file if you need a token.
+  # token = "eyJhbGc...Qssw5c"
+  # token_file = "/path/to/file"
 
   ## Optional HTTP Basic Auth Credentials
   # username = "username"