Support authorization_credentials #272
Conversation
|
Questions: Do we want the form: or Note: the latter would mean always 2 lines (in pretty yaml) and therefore you can't easily or |
roidelapluie
force-pushed
the
add-auth-credentials
branch
2 times, most recently
from
4b57689
to
1e10141
Compare
|
My vote would be for the latter format |
roidelapluie
force-pushed
the
add-auth-credentials
branch
from
1e10141
to
ac5d086
Compare
|
I have implemented the latter. cc @beorn7 |
roidelapluie
force-pushed
the
add-auth-credentials
branch
2 times, most recently
from
fac8ca6
to
34fd980
Compare
|
I'll review properly ASAP. In the meantime, you can fix the CI failures. (o: |
This backward-compatible patch enables authorization header type to be set. For consistency, bearer_token is renamed to authorization credentials and a new authorization type is introduced. The terminology is taken from https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
roidelapluie
force-pushed
the
add-auth-credentials
branch
from
34fd980
to
84ebc5b
Compare
| if len(c.Authorization.Type) == 0 { | ||
| c.Authorization.Type = "Bearer" | ||
| } | ||
| if strings.ToLower(c.Authorization.Type) == "basic" { |
There was a problem hiding this comment.
What's the benefit for preventing "basic" as the auth type here? Just thinking the two config mechanisms are not strictly equivalent - as with one the user must save the username and password in the config in plain text. In the other the user can save the credentials pre encoded as they are transmitted over the wire. It may be preferable to the user to use the second mechanism?
There was a problem hiding this comment.
This is to reduce support requests. That prevents users to put clear text password here and expect it to work. We have a well defined way to do Basic auth, let's not add a second.
There was a problem hiding this comment.
I would also note that some users might have the fake sense of security that this method would use an encrypted password while it's not the case.
This backward-compatible patch enables authorization header type to be
set.
For consistency, bearer_token is renamed to authorization_credentials
and a new authorization_type is introduced.
The terminology is taken from
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization
refs:
#271
prometheus/prometheus#5107
Signed-off-by: Julien Pivotto roidelapluie@inuits.eu