app/vmalert/vmalertutil/auth.go

package vmalertutil

import (
	"strings"

	"github.com/VictoriaMetrics/VictoriaMetrics/lib/promauth"
)

// AuthConfigOptions options which helps build promauth.Config
type AuthConfigOptions func(config *promauth.HTTPClientConfig)

// AuthConfig returns promauth.Config based on the given params
func AuthConfig(filterOptions ...AuthConfigOptions) (*promauth.Config, error) {
	authCfg := &promauth.HTTPClientConfig{}
	for _, option := range filterOptions {
		option(authCfg)
	}

	return authCfg.NewConfig(".")
}

// WithBasicAuth returns AuthConfigOptions and initialized promauth.BasicAuthConfig based on given params
func WithBasicAuth(username, usernameFile, password, passwordFile string) AuthConfigOptions {
	return func(config *promauth.HTTPClientConfig) {
		if username != "" || usernameFile != "" || password != "" || passwordFile != "" {
			config.BasicAuth = &promauth.BasicAuthConfig{
				Username:     username,
				UsernameFile: usernameFile,
				Password:     promauth.NewSecret(password),
				PasswordFile: passwordFile,
			}
		}
	}
}

// WithBearer returns AuthConfigOptions and set BearerToken or BearerTokenFile based on given params
func WithBearer(token, tokenFile string) AuthConfigOptions {
	return func(config *promauth.HTTPClientConfig) {
		if token != "" {
			config.BearerToken = promauth.NewSecret(token)
		}
		if tokenFile != "" {
			config.BearerTokenFile = tokenFile
		}
	}
}

// WithOAuth returns AuthConfigOptions and set OAuth params based on given params
func WithOAuth(clientID, clientSecret, clientSecretFile, tokenURL, scopes string, endpointParams map[string]string) AuthConfigOptions {
	return func(config *promauth.HTTPClientConfig) {
		if clientSecretFile != "" || clientSecret != "" {
			config.OAuth2 = &promauth.OAuth2Config{
				ClientID:         clientID,
				ClientSecret:     promauth.NewSecret(clientSecret),
				ClientSecretFile: clientSecretFile,
				EndpointParams:   endpointParams,
				TokenURL:         tokenURL,
				Scopes:           strings.Split(scopes, ";"),
			}
		}
	}
}

// WithHeaders returns AuthConfigOptions and set Headers based on the given params
func WithHeaders(headers string) AuthConfigOptions {
	return func(config *promauth.HTTPClientConfig) {
		if headers != "" {
			config.Headers = strings.Split(headers, "^^")
		}
	}
}
app/vmalert: rename app/vmalert/utils to app/vmalert/vmalertutil for the sake of consistency of *util package naming 2025-03-26 18:07:45 +01:00			`package vmalertutil`
vmalert: create basic auth config only if args aren't empty (#1618) * vmalert: create basic auth config only if args aren't empty follow-up after 68721f6 * vmalert: make lint happy 2021-09-15 01:53:31 +03:00
			`import (`
Issue-1824: added flags and different auth types support (#2287) * vmalert/notifier: added flags and different auth types support Co-authored-by: hagen1778 <roman@victoriametrics.com> 2022-03-10 13:09:12 +02:00			`"strings"`

vmalert: create basic auth config only if args aren't empty (#1618) * vmalert: create basic auth config only if args aren't empty follow-up after 68721f6 * vmalert: make lint happy 2021-09-15 01:53:31 +03:00			`"github.com/VictoriaMetrics/VictoriaMetrics/lib/promauth"`
			`)`

Issue-1824: added flags and different auth types support (#2287) * vmalert/notifier: added flags and different auth types support Co-authored-by: hagen1778 <roman@victoriametrics.com> 2022-03-10 13:09:12 +02:00			`// AuthConfigOptions options which helps build promauth.Config`
			`type AuthConfigOptions func(config *promauth.HTTPClientConfig)`

vmalert: create basic auth config only if args aren't empty (#1618) * vmalert: create basic auth config only if args aren't empty follow-up after 68721f6 * vmalert: make lint happy 2021-09-15 01:53:31 +03:00			`// AuthConfig returns promauth.Config based on the given params`
Issue-1824: added flags and different auth types support (#2287) * vmalert/notifier: added flags and different auth types support Co-authored-by: hagen1778 <roman@victoriametrics.com> 2022-03-10 13:09:12 +02:00			`func AuthConfig(filterOptions ...AuthConfigOptions) (*promauth.Config, error) {`
			`authCfg := &promauth.HTTPClientConfig{}`
			`for _, option := range filterOptions {`
			`option(authCfg)`
			`}`

			`return authCfg.NewConfig(".")`
			`}`

			`// WithBasicAuth returns AuthConfigOptions and initialized promauth.BasicAuthConfig based on given params`
app/{vmalert,vmagent}: add basicAuth.usernameFile CLI flags The core `lib/promauth` already supports `usernameFile` configs, but the CLI flags for vmagent remotewrite and vmalert datasource/remotewrite/remoteread/notifier only expose `basicAuth.username`. This commit adds the corresponding `basicAuth.usernameFile` flags to match the existing `basicAuth.passwordFile` pattern, closing the gap between YAML and CLI configuration. Fixes https://github.com/VictoriaMetrics/VictoriaMetrics/issues/9436 2026-05-12 13:50:44 -07:00			`func WithBasicAuth(username, usernameFile, password, passwordFile string) AuthConfigOptions {`
Issue-1824: added flags and different auth types support (#2287) * vmalert/notifier: added flags and different auth types support Co-authored-by: hagen1778 <roman@victoriametrics.com> 2022-03-10 13:09:12 +02:00			`return func(config *promauth.HTTPClientConfig) {`
app/{vmalert,vmagent}: add basicAuth.usernameFile CLI flags The core `lib/promauth` already supports `usernameFile` configs, but the CLI flags for vmagent remotewrite and vmalert datasource/remotewrite/remoteread/notifier only expose `basicAuth.username`. This commit adds the corresponding `basicAuth.usernameFile` flags to match the existing `basicAuth.passwordFile` pattern, closing the gap between YAML and CLI configuration. Fixes https://github.com/VictoriaMetrics/VictoriaMetrics/issues/9436 2026-05-12 13:50:44 -07:00			`if username != "" \|\| usernameFile != "" \|\| password != "" \|\| passwordFile != "" {`
Issue-1824: added flags and different auth types support (#2287) * vmalert/notifier: added flags and different auth types support Co-authored-by: hagen1778 <roman@victoriametrics.com> 2022-03-10 13:09:12 +02:00			`config.BasicAuth = &promauth.BasicAuthConfig{`
			`Username: username,`
app/{vmalert,vmagent}: add basicAuth.usernameFile CLI flags The core `lib/promauth` already supports `usernameFile` configs, but the CLI flags for vmagent remotewrite and vmalert datasource/remotewrite/remoteread/notifier only expose `basicAuth.username`. This commit adds the corresponding `basicAuth.usernameFile` flags to match the existing `basicAuth.passwordFile` pattern, closing the gap between YAML and CLI configuration. Fixes https://github.com/VictoriaMetrics/VictoriaMetrics/issues/9436 2026-05-12 13:50:44 -07:00			`UsernameFile: usernameFile,`
Issue-1824: added flags and different auth types support (#2287) * vmalert/notifier: added flags and different auth types support Co-authored-by: hagen1778 <roman@victoriametrics.com> 2022-03-10 13:09:12 +02:00			`Password: promauth.NewSecret(password),`
			`PasswordFile: passwordFile,`
			`}`
			`}`
			`}`
			`}`

			`// WithBearer returns AuthConfigOptions and set BearerToken or BearerTokenFile based on given params`
			`func WithBearer(token, tokenFile string) AuthConfigOptions {`
			`return func(config *promauth.HTTPClientConfig) {`
			`if token != "" {`
			`config.BearerToken = promauth.NewSecret(token)`
			`}`
			`if tokenFile != "" {`
			`config.BearerTokenFile = tokenFile`
			`}`
			`}`
			`}`

			`// WithOAuth returns AuthConfigOptions and set OAuth params based on given params`
app/{vmagent,vmalert}: add the ability to set OAuth2 endpoint params via the corresponding *.oauth2.endpointParams command-line flags This is a follow-up for 5ebd5a0d7b12ac8c8ba6282ac5be16a193d5239d Updates https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5427 2023-12-20 21:35:16 +02:00			`func WithOAuth(clientID, clientSecret, clientSecretFile, tokenURL, scopes string, endpointParams map[string]string) AuthConfigOptions {`
Issue-1824: added flags and different auth types support (#2287) * vmalert/notifier: added flags and different auth types support Co-authored-by: hagen1778 <roman@victoriametrics.com> 2022-03-10 13:09:12 +02:00			`return func(config *promauth.HTTPClientConfig) {`
			`if clientSecretFile != "" \|\| clientSecret != "" {`
			`config.OAuth2 = &promauth.OAuth2Config{`
			`ClientID: clientID,`
			`ClientSecret: promauth.NewSecret(clientSecret),`
			`ClientSecretFile: clientSecretFile,`
app/{vmagent,vmalert}: add the ability to set OAuth2 endpoint params via the corresponding *.oauth2.endpointParams command-line flags This is a follow-up for 5ebd5a0d7b12ac8c8ba6282ac5be16a193d5239d Updates https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5427 2023-12-20 21:35:16 +02:00			`EndpointParams: endpointParams,`
Issue-1824: added flags and different auth types support (#2287) * vmalert/notifier: added flags and different auth types support Co-authored-by: hagen1778 <roman@victoriametrics.com> 2022-03-10 13:09:12 +02:00			`TokenURL: tokenURL,`
			`Scopes: strings.Split(scopes, ";"),`
			`}`
vmalert: create basic auth config only if args aren't empty (#1618) * vmalert: create basic auth config only if args aren't empty follow-up after 68721f6 * vmalert: make lint happy 2021-09-15 01:53:31 +03:00			`}`
			`}`
			`}`
vmalert: allow configuring custom headers for URLs (#2897) See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/2860 Signed-off-by: hagen1778 <roman@victoriametrics.com> 2022-07-21 13:57:53 +02:00
app/vmalert/utils: add missing docs to WithHeaders func added at 70a822f3a00abb964c416e77b928377d7c5c919d 2022-07-21 20:39:52 +03:00			`// WithHeaders returns AuthConfigOptions and set Headers based on the given params`
vmalert: allow configuring custom headers for URLs (#2897) See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/2860 Signed-off-by: hagen1778 <roman@victoriametrics.com> 2022-07-21 13:57:53 +02:00			`func WithHeaders(headers string) AuthConfigOptions {`
			`return func(config *promauth.HTTPClientConfig) {`
			`if headers != "" {`
			`config.Headers = strings.Split(headers, "^^")`
			`}`
			`}`
			`}`