feat(common.cookie): Allow usage of secrets for header (#15640)

Co-authored-by: Josh Powers <powersj@fastmail.com>
2024-08-06 08:12:13 +02:00 · 2024-08-06 08:12:13 +02:00 · 9cb121c76a
parent fbac735052
commit 9cb121c76a
4 changed files with 19 additions and 9 deletions
--- a/plugins/common/cookie/cookie.go
+++ b/plugins/common/cookie/cookie.go
@ -20,7 +20,7 @@ type CookieAuthConfig struct {
 	URL    string `toml:"cookie_auth_url"`
 	Method string `toml:"cookie_auth_method"`

-	Headers map[string]string `toml:"cookie_auth_headers"`
+	Headers map[string]*config.Secret `toml:"cookie_auth_headers"`

 	// HTTP Basic Auth Credentials
 	Username string `toml:"cookie_auth_username"`
@ -98,11 +98,19 @@ func (c *CookieAuthConfig) auth() error {
 	}

 	for k, v := range c.Headers {
-		if strings.EqualFold(k, "host") {
-			req.Host = v
-		} else {
-			req.Header.Add(k, v)
+		secret, err := v.Get()
+		if err != nil {
+			return err
 		}
+
+		headerVal := secret.String()
+		if strings.EqualFold(k, "host") {
+			req.Host = headerVal
+		} else {
+			req.Header.Add(k, headerVal)
+		}
+
+		secret.Destroy()
 	}

 	resp, err := c.client.Do(req)
--- a/plugins/common/cookie/cookie_test.go
+++ b/plugins/common/cookie/cookie_test.go
@ -37,6 +37,8 @@ var fakeCookie = &http.Cookie{
 	Value: "this is an auth cookie",
 }

+var reqHeaderValSecret = config.NewSecret([]byte(reqHeaderVal))
+
 type fakeServer struct {
 	*httptest.Server
 	*int32
@ -123,7 +125,7 @@ func TestAuthConfig_Start(t *testing.T) {
 		Username string
 		Password string
 		Body     string
-		Headers  map[string]string
+		Headers  map[string]*config.Secret
 	}
 	type args struct {
 		renewal  time.Duration
@ -157,7 +159,7 @@ func TestAuthConfig_Start(t *testing.T) {
 				endpoint: authEndpointWithHeader,
 			},
 			fields: fields{
-				Headers: map[string]string{reqHeaderKey: reqHeaderVal},
+				Headers: map[string]*config.Secret{reqHeaderKey: &reqHeaderValSecret},
 			},
 			firstAuthCount:    1,
 			lastAuthCount:     3,
--- a/plugins/inputs/http/README.md
+++ b/plugins/inputs/http/README.md
@ -18,7 +18,7 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details.
 ## Secret-store support

 This plugin supports secrets from secret-stores for the `username`, `password`,
-`token` and `headers` option.
+`token`, `headers`, and `cookie_auth_headers` option.
 See the [secret-store documentation][SECRETSTORE] for more details on how
 to use them.

--- a/plugins/outputs/http/README.md
+++ b/plugins/outputs/http/README.md
@ -16,7 +16,7 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details.
 ## Secret-store support

 This plugin supports secrets from secret-stores for the `username`, `password`
-and `headers` option.
+`headers`, and `cookie_auth_headers` option.
 See the [secret-store documentation][SECRETSTORE] for more details on how
 to use them.