Enable ability to send username/password for Basic Auth in service check stanza

[leowmjw]

Nomad v0.6

Request for ability to pass username/password for Basic Auth in the service check stanza. As example, I have below where it checks the cluster endpoints for ElasticSearch:

      service {
        name = "escluster"
        tags = [
          "search",
          "cluster"
        ]
        port = "eshttp"
        check {
          name = "available"
          type = "tcp"
          interval = "10s"
          timeout = "2s"
        }
        check {
          name = "ready"
          type = "http"
          port = "eshttp"
          path = "/_cluster/health?wait_for_status=yellow"
          interval = "30s"
          timeout = "10s"
        }
      }

As cannot authenticate; will hit error below:

HTTP GET http://10.0.42.4:47553/_cluster/health?wait_for_status=yellow: 401 Unauthorized Output: {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/_cluster/health?wait_for_status=yellow]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication token for REST request [/_cluster/health?wait_for_status=yellow]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}

Thanks for any possible guidance. Thanks!

[dadgar]

Looks like there is support in Consul as of late: hashicorp/consul#3107

Should allow headers in Nomad as well.

[leowmjw]

Thanks @dadgar. Unfortunately it seems header in check is not valid?

$ nomad run docker-cluster-elasticsearch.nomad 
Error getting job struct: Error parsing job file from docker-cluster-elasticsearch.nomad: error parsing 'job': 1 error(s) occurred:

* group: 'complex', task: 'elasticsearch', service: 'escluster', check -> invalid key: header

Config below:

        check {
          name = "ready"
          type = "http"
          port = "eshttp"
          path = "/_cluster/health?wait_for_status=yellow"
          header = "Authorization: Basic ZWxhc3RpYzpjaGFuZ2VtZQ=="
          interval = "30s"
          timeout = "10s"
        }

If you can provide some guidance on what needs to be done; I'll take a stab at doing a PR --> I'm a Golang noob :)

I see in the Consul docs, the example for header is like below:

...
"header": {"x-foo":["bar", "baz"]},
...

so does the resulting output will have to be as below; correct?

...
"header": {"Authorization":["Basic", "ZWxhc3RpYzpjaGFuZ2VtZQ=="]},
...

[dadgar]

@leowmjw Ah sorry to confuse you! I was agreeing that we should add support. It isn't there currently. Hopefully in 0.6.1 or 0.6.2

[github-actions]

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.