Closed dlbuckley closed 3 years ago
@ecamacho is there anything that I can do to help push this forwards?
@dlbuckley This looks very interesting! We knew that at some point we would need to support something like for teams that don't put their XCMetrics installation being a VPN. In my opinion this looks fine, I have a comment though on the flags. Let's see what @ecamacho thinks as well :)
Overview
We are currently using AWS to host the XCMetrics backend and want to lock down the API so it can only be used for developers within our team. To close down the API somewhat we decided to use the functionality within API Gateway to provide a basic level of authentication.
For this to work we need to send additional headers with the
xcactivitylog
upload requests. This is something that the XCMetrics client doesn't yet support. This PR adds support for two additional flags;authorizationKey
andauthorizationValue
. The reason for allowing the key to be configurable was down to making this functionality as flexible as possible. Whilst a lot of cases you may use the standardAuthorisation
key, there are instances where you may just wish to use an API token with a custom key e.gx-api-key
.Details
Two additional flags have been added:
--authorizationKey
: An optional authorization header key to be included in the upload request e.g 'Authorization' or 'x-api-key' etc. This is ignored by the XCMetrics backend service, but can be consumed by a 3rd party service to facilitate a basic level of authentication. An example of this would be using an AWS API Gateway API Key. Must be used in conjunction withauthorizationValue
.--authorizationValue
: An optional authorization header value to be included in the upload request e.g 'Basic YWxhZGRpbjpvcGVuc2VzYW1l' orhYDqG78OIUDIWKLdwjdwhdu8
etc. This is ignored by the XCMetrics backend service, but can be consumed by a 3rd party service to facilitate a basic level of authentication. An example of this would be using an AWS API Gateway API Key. Must be used in conjunction withauthorizationKey
.Internally, the changes allow for any number of additional headers to be included within the
PUT
request which uploads thexcactivitylog
. These headers are added prior to any required headers in the request builder so they can't be used to override required headers by XCMetrics.