Ability to set request headers of amtool #2597
Comments
|
@roidelapluie I'd like to know your thoughts on this when you have time - I could use this functionality as well, although I know in the past that we have shyed away from adding anything "business logic-y" to alertmanager |
|
At this point to you think we could have an "http_client" config file? that would enable all the auth scenarios and avoid passwords in the command line. |
|
That would work for static auth tokens, but a lot of oauth proxies rotate their credentials fairly regularly so updating the file each time might be a pain. I agree that having passwords in plaintext in a bash history isn't ideal though. Maybe we could compromise and support something like That would at least allow a simple |
|
We could have #2764 take |
|
Considering the OP mentions Cloudflare I'd imagine they're referring to Cloudflare Access, which uses the |
|
@sinkingpoint That's correct. |
|
I am against passing secrets in command line it but I do not want to be "on the way" so I have reached the community for more data/ideas/opinions: https://groups.google.com/g/prometheus-developers/c/-lXLx2nYKlk |
|
Any movement on this? |
Proposal
For the amtool to support passing in HTTP request headers via parameters. We manage over a dozen AMs each fronted with a Cloudflare reverse proxy. Currently we cant use the amtool to manage AM (create/delete silences) as we need to be able to pass in cloudflare specific headers for auth purposes. The scenario would occur for anyone with a reverse proxy with auth in front of their AM.
Being able to specify request headers via a simple --header key:value would allow most users to be able to access their AM ingresses and deal with auth.
I have investigated adding this functionality myself via PR, but want to make sure this is something that could potentially get approved.
Thanks.
The text was updated successfully, but these errors were encountered: