vector icon indicating copy to clipboard operation
vector copied to clipboard
verified publisher icon vectordotdev

feat(http_client): Add token_file feature

Open unautre opened this issue 1 year ago • 2 comments

Add a "token_file" option to http::Auth to read the bearer token from a file. This is especially useful when using a Kubernetes provided token file (/run/secrets/kubernetes.io/serviceaccount/token).

Closes: https://github.com/vectordotdev/vector/issues/20747

unautre avatar Mar 19 '24 21:03 unautre

Hello @tobz , thanks for the feedback

My use case is to use vector's prometheus_scrape to scrape k8s metrics. This requires authentification, given by a token file that might be refreshed at the kubelet's convenance.

From what I gather from the k8s docs, "The application is responsible for reloading the token when it rotates. Periodic reloading (e.g. once every 5 minutes) is sufficient for most use cases.", so caching the file for a duration is possible ; but that is out of my meager rust expertise for now.

unautre avatar Mar 25 '24 18:03 unautre

Nice, yeah, that makes sense.

I'll have a chat with the team. I can see the appeal of just reading the file every single time we want to build an authenticated request, but I'm not sure if we're comfortable with that overhead or not.

tobz avatar Mar 27 '24 18:03 tobz