diff --git a/plugins/inputs/http/README.md b/plugins/inputs/http/README.md index 58413effc..d1252584c 100644 --- a/plugins/inputs/http/README.md +++ b/plugins/inputs/http/README.md @@ -17,8 +17,8 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details. ## Secret-store support -This plugin supports secrets from secret-stores for the `username` and -`password` option. +This plugin supports secrets from secret-stores for the `username`, `password` +and `token` option. See the [secret-store documentation][SECRETSTORE] for more details on how to use them. @@ -47,9 +47,10 @@ to use them. ## compress body or "identity" to apply no encoding. # content_encoding = "identity" - ## Optional file with Bearer token - ## file content is added as an Authorization header - # bearer_token = "/path/to/file" + ## Optional Bearer token settings to use for the API calls. + ## Use either the token itself or the token file if you need a token. + # token = "eyJhbGc...Qssw5c" + # token_file = "/path/to/file" ## Optional HTTP Basic Auth Credentials # username = "username" diff --git a/plugins/inputs/http/http.go b/plugins/inputs/http/http.go index df247a804..56ecf5dfe 100644 --- a/plugins/inputs/http/http.go +++ b/plugins/inputs/http/http.go @@ -28,18 +28,18 @@ type HTTP struct { Body string `toml:"body"` ContentEncoding string `toml:"content_encoding"` - Headers map[string]string `toml:"headers"` - - // HTTP Basic Auth Credentials + // Basic authentication Username config.Secret `toml:"username"` Password config.Secret `toml:"password"` - // Absolute path to file with Bearer token - BearerToken string `toml:"bearer_token"` + // Bearer authentication + BearerToken string `toml:"bearer_token" deprecated:"1.28.0;use 'token_file' instead"` + Token config.Secret `toml:"token"` + TokenFile string `toml:"token_file"` - SuccessStatusCodes []int `toml:"success_status_codes"` - - Log telegraf.Logger `toml:"-"` + Headers map[string]string `toml:"headers"` + SuccessStatusCodes []int `toml:"success_status_codes"` + Log telegraf.Logger `toml:"-"` httpconfig.HTTPClientConfig @@ -52,12 +52,24 @@ func (*HTTP) SampleConfig() string { } func (h *HTTP) Init() error { + // For backward compatibility + if h.TokenFile != "" && h.BearerToken != "" && h.TokenFile != h.BearerToken { + return fmt.Errorf("conflicting settings for 'bearer_token' and 'token_file'") + } else if h.TokenFile == "" && h.BearerToken != "" { + h.TokenFile = h.BearerToken + } + + // We cannot use multiple sources for tokens + if h.TokenFile != "" && !h.Token.Empty() { + return fmt.Errorf("either use 'token_file' or 'token' not both") + } + + // Create the client ctx := context.Background() client, err := h.HTTPClientConfig.CreateClient(ctx, h.Log) if err != nil { return err } - h.client = client // Set default as [200] @@ -110,7 +122,14 @@ func (h *HTTP) gatherURL( return err } - if h.BearerToken != "" { + if !h.Token.Empty() { + token, err := h.Token.Get() + if err != nil { + return err + } + bearer := "Bearer " + strings.TrimSpace(string(token)) + request.Header.Set("Authorization", bearer) + } else if h.TokenFile != "" { token, err := os.ReadFile(h.BearerToken) if err != nil { return err diff --git a/plugins/inputs/http/sample.conf b/plugins/inputs/http/sample.conf index 03d8d1645..9cb4bc704 100644 --- a/plugins/inputs/http/sample.conf +++ b/plugins/inputs/http/sample.conf @@ -18,9 +18,10 @@ ## compress body or "identity" to apply no encoding. # content_encoding = "identity" - ## Optional file with Bearer token - ## file content is added as an Authorization header - # bearer_token = "/path/to/file" + ## Optional Bearer token settings to use for the API calls. + ## Use either the token itself or the token file if you need a token. + # token = "eyJhbGc...Qssw5c" + # token_file = "/path/to/file" ## Optional HTTP Basic Auth Credentials # username = "username" diff --git a/plugins/inputs/http/sample.conf.in b/plugins/inputs/http/sample.conf.in index 9ab8a4801..3951d47ea 100644 --- a/plugins/inputs/http/sample.conf.in +++ b/plugins/inputs/http/sample.conf.in @@ -18,9 +18,10 @@ ## compress body or "identity" to apply no encoding. # content_encoding = "identity" - ## Optional file with Bearer token - ## file content is added as an Authorization header - # bearer_token = "/path/to/file" + ## Optional Bearer token settings to use for the API calls. + ## Use either the token itself or the token file if you need a token. + # token = "eyJhbGc...Qssw5c" + # token_file = "/path/to/file" ## Optional HTTP Basic Auth Credentials # username = "username"