feature: Add support to use bearer token for API authentication

[tcinbis]

Hey everyone!

We would like to make use of the origin-ca-issuer in our Kubernetes clusters, but noticed that the code is currently hard-coded to use the X-Auth-User-Service-Key for authentication.

It would be nice if we can make this authentication header configurable to allow us to e.g. use a bearer token instead. We tested it on our end by replacing above line with this.

r.Header.Add("Authorization", fmt.Sprintf("Bearer %s", string(c.serviceKey)))

The use case for us is that we can not use the Origin CA API key (as suggested in #108) since we are a larger enterprise. And handing out tokens with account level permissions is not an option. Therefore, we are only allowed to use API tokens that are have permissions limited to individual zones.

If you can provide us some pointers as to where the right place for such config would be (via CLI flags maybe?) and if it is a welcome contribution, I will open a PR with that change.

Thanks! Tom

[terinjokes]

This API endpoint is documented as only supporting Origin CA API keys. I'm not aware of any changes to that support since #108.

[tcinbis]

Hey @terinjokes,

thanks for the quick reply! I just tested the API endpoint both in Postman and with the forked origin-ca-issuer and can confirn that the Bearer token is supported. And it has been for at least a year now.

[terinjokes]

Works is different than supported. I'll ask the team to confirm support by updating the documentation.

[tcinbis]

Thanks! Maybe just missing from the docs. If it helps, we also have a CF internal case regarding this: #01046080