specify logcli authorization header by flag (#6164)

* specify logcli authorization header by flag #6144 * default AuthHeader to Authorization in client lib * use constant for default auth header * for consistency use LOKI_AUTH_HEADER
3 years ago · 73b39a97bc
parent 40b2373398
commit 73b39a97bc
2 changed files with 22 additions and 9 deletions
--- a/cmd/logcli/main.go
+++ b/cmd/logcli/main.go
@ -244,6 +244,7 @@ func newQueryClient(app *kingpin.Application) client.Client {
 	app.Flag("bearer-token", "adds the Authorization header to API requests for authentication purposes. Can also be set using LOKI_BEARER_TOKEN env var.").Default("").Envar("LOKI_BEARER_TOKEN").StringVar(&client.BearerToken)
 	app.Flag("bearer-token-file", "adds the Authorization header to API requests for authentication purposes. Can also be set using LOKI_BEARER_TOKEN_FILE env var.").Default("").Envar("LOKI_BEARER_TOKEN_FILE").StringVar(&client.BearerTokenFile)
 	app.Flag("retries", "How many times to retry each query when getting an error response from Loki. Can also be set using LOKI_CLIENT_RETRIES").Default("0").Envar("LOKI_CLIENT_RETRIES").IntVar(&client.Retries)
+	app.Flag("auth-header", "The authorization header used.").Default("Authorization").Envar("LOKI_AUTH_HEADER").StringVar(&client.AuthHeader)

 	return client
 }
--- a/pkg/logcli/client/client.go
+++ b/pkg/logcli/client/client.go
@ -22,12 +22,13 @@ import (
 )

 const (
-	queryPath       = "/loki/api/v1/query"
-	queryRangePath  = "/loki/api/v1/query_range"
-	labelsPath      = "/loki/api/v1/labels"
-	labelValuesPath = "/loki/api/v1/label/%s/values"
-	seriesPath      = "/loki/api/v1/series"
-	tailPath        = "/loki/api/v1/tail"
+	queryPath         = "/loki/api/v1/query"
+	queryRangePath    = "/loki/api/v1/query_range"
+	labelsPath        = "/loki/api/v1/labels"
+	labelValuesPath   = "/loki/api/v1/label/%s/values"
+	seriesPath        = "/loki/api/v1/series"
+	tailPath          = "/loki/api/v1/tail"
+	defaultAuthHeader = "Authorization"
 )

 var userAgent = fmt.Sprintf("loki-logcli/%s", build.Version)
@ -58,6 +59,7 @@ type DefaultClient struct {
 	BearerTokenFile string
 	Retries         int
 	QueryTags       string
+	AuthHeader      string
 }

 // Query uses the /api/v1/query endpoint to execute an instant query
@ -236,8 +238,11 @@ func (c *DefaultClient) getHTTPRequestHeader() (http.Header, error) {
 	h := make(http.Header)

 	if c.Username != "" && c.Password != "" {
+		if c.AuthHeader == "" {
+			c.AuthHeader = defaultAuthHeader
+		}
 		h.Set(
-			"Authorization",
+			c.AuthHeader,
 			"Basic "+base64.StdEncoding.EncodeToString([]byte(c.Username+":"+c.Password)),
 		)
 	}
@ -261,7 +266,11 @@ func (c *DefaultClient) getHTTPRequestHeader() (http.Header, error) {
 	}

 	if c.BearerToken != "" {
-		h.Set("Authorization", "Bearer "+c.BearerToken)
+		if c.AuthHeader == "" {
+			c.AuthHeader = defaultAuthHeader
+		}
+
+		h.Set(c.AuthHeader, "Bearer "+c.BearerToken)
 	}

 	if c.BearerTokenFile != "" {
@ -270,7 +279,10 @@ func (c *DefaultClient) getHTTPRequestHeader() (http.Header, error) {
 			return nil, fmt.Errorf("unable to read authorization credentials file %s: %s", c.BearerTokenFile, err)
 		}
 		bearerToken := strings.TrimSpace(string(b))
-		h.Set("Authorization", "Bearer "+bearerToken)
+		if c.AuthHeader == "" {
+			c.AuthHeader = defaultAuthHeader
+		}
+		h.Set(c.AuthHeader, "Bearer "+bearerToken)
 	}
 	return h, nil
 }