Skip to content

Commit

Permalink
support basic_auth_password_file to read HTTP Basic auth password from
Browse files Browse the repository at this point in the history
  • Loading branch information
adamdecaf committed Apr 10, 2018
1 parent 89604d1 commit b8104b1
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 2 deletions.
15 changes: 14 additions & 1 deletion config/http_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,8 @@ func (u URL) MarshalYAML() (interface{}, error) {
type HTTPClientConfig struct {
// The HTTP basic authentication credentials for the targets.
BasicAuth *BasicAuth `yaml:"basic_auth,omitempty"`
// The HTTP basic authentication password file
BasicAuthPasswordFile string `yaml:"basic_auth_password_file,omitempty"`
// The bearer token for the targets.
BearerToken Secret `yaml:"bearer_token,omitempty"`
// The bearer token file for the targets.
Expand All @@ -85,6 +87,9 @@ func (c *HTTPClientConfig) Validate() error {
if len(c.BearerToken) > 0 && len(c.BearerTokenFile) > 0 {
return fmt.Errorf("at most one of bearer_token & bearer_token_file must be configured")
}
if c.BasicAuth != nil && (c.BasicAuth.Password == "" && c.BasicAuthPasswordFile == "") {
return fmt.Errorf("you need to specify either basic_auth_password_file or basic_auth.password")
}
if c.BasicAuth != nil && (len(c.BearerToken) > 0 || len(c.BearerTokenFile) > 0) {
return fmt.Errorf("at most one of basic_auth, bearer_token & bearer_token_file must be configured")
}
Expand Down Expand Up @@ -146,7 +151,15 @@ func NewHTTPClientFromConfig(cfg *HTTPClientConfig) (*http.Client, error) {
}

if cfg.BasicAuth != nil {
rt = NewBasicAuthRoundTripper(cfg.BasicAuth.Username, Secret(cfg.BasicAuth.Password), rt)
pass := cfg.BasicAuth.Password
if pass == "" || cfg.BasicAuthPasswordFile != "" {
bs, err := ioutil.ReadFile(cfg.BasicAuthPasswordFile)
if err != nil {
return nil, fmt.Errorf("Unable to read %s as basic_auth password file", cfg.BasicAuthPasswordFile)
}
pass = Secret(string(bs))
}
rt = NewBasicAuthRoundTripper(cfg.BasicAuth.Username, pass, rt)
}

// Return a new client with the configured round tripper.
Expand Down
24 changes: 23 additions & 1 deletion config/http_config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@ var invalidHTTPClientConfigs = []struct {
}

func TestAuthRoundTrippers(t *testing.T) {

cfg, _, err := LoadHTTPConfigFile("testdata/http.conf.good.yml")
if err != nil {
t.Errorf("Error loading HTTP client config: %v", err)
Expand All @@ -63,6 +62,29 @@ func TestAuthRoundTrippers(t *testing.T) {
basicAuthRoundTripper.RoundTrip(req)
}

func TestBasicAuthPasswordFile(t *testing.T) {
cfg, _, err := LoadHTTPConfigFile("testdata/http.conf.basic-auth.good.yaml")
if err != nil {
t.Errorf("Error loading HTTP client config: %v", err)
}
client, err := NewHTTPClientFromConfig(cfg)
if err != nil {
t.Errorf("Error creating HTTP Client: %v", err)
}

rt, ok := client.Transport.(*basicAuthRoundTripper)
if !ok {
t.Errorf("Error casting to basic auth transport, %v", client.Transport)
}

if rt.username == "" {
t.Error("Empty HTTP client username")
}
if string(rt.password) == "" {
t.Error("Empty HTTP client password")
}
}

func TestHideHTTPClientConfigSecrets(t *testing.T) {
c, _, err := LoadHTTPConfigFile("testdata/http.conf.good.yml")
if err != nil {
Expand Down
1 change: 1 addition & 0 deletions config/testdata/basic-auth-password
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
foobar
3 changes: 3 additions & 0 deletions config/testdata/http.conf.basic-auth.good.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
basic_auth:
username: username
basic_auth_password_file: testdata/basic-auth-password

0 comments on commit b8104b1

Please sign in to comment.