feat: add support to use a bearer token for authenticated backends on client

[PedroMSantosD]

Overview

The changes introduce support for injecting a bearer token into HTTP requests made by the pushprox-client. This token is read from a file and automatically reloaded if the file changes (useful for short-lived Kubernetes tokens).

---

Key Changes and Reasons

1. Added --bearer-token-path Flag

• What: Introduced a new command-line flag bearer-token-path to specify the file path containing the bearer token.
• Why: To allow configuration of the token source for authenticating requests.

2. Global Variables for Bearer Token and Mutex

• What: Added two new variables:
  • bearerToken (string) to hold the current token.
  • bearerTokenMutex (sync.RWMutex) to safely handle concurrent access.
• Why: To safely store and access the bearer token across goroutines without race conditions.

3. Token Injection in HTTP Requests

• What: In the doScrape method, before sending the scrape request, the code:
  • Acquires a read lock.
  • Reads the current bearer token.
  • Injects it into the Authorization header as Bearer <token> if it’s not empty.
• Why: To ensure all scrape requests authenticate using the bearer token.

4. Automatic Token Reloading via File Watcher

• What: Added a new function watchBearerTokenFile that:
  • Reads the bearer token from the specified file initially.
  • Watches the directory containing the token file using fsnotify.
  • Reloads the token whenever the file is modified or created.
• Why: To automatically update the bearer token if it changes at runtime, supporting use cases like rotating Kubernetes tokens.

5. Launching the Token Watcher in main()

• What: If --bearer-token-path is set, starts a goroutine to run watchBearerTokenFile.
• Why: To enable continuous monitoring and updating of the bearer token without restarting the client.

6. updated main_test file to match the code changes.

---

Additional Notes

• Proper synchronization with a mutex avoids race conditions between the file watcher updating the token and HTTP requests reading it.

• The existing TLS and proxy settings remain unchanged.

• Logging was added to track loading and reloading of the bearer token.

• local tests:

=== RUN   TestDoScrape_Success
--- PASS: TestDoScrape_Success (0.01s)
=== RUN   TestDoScrape_FailWrongFQDN
--- PASS: TestDoScrape_FailWrongFQDN (0.00s)
=== RUN   TestHandleErr
--- PASS: TestHandleErr (0.00s)
=== RUN   TestDoPush_ErrorOnInvalidProxyURL
--- PASS: TestDoPush_ErrorOnInvalidProxyURL (0.00s)
=== RUN   TestDoPoll
--- PASS: TestDoPoll (0.00s)
=== RUN   TestLoopWithBackoff
--- PASS: TestLoopWithBackoff (0.00s)
=== RUN   TestWatchBearerTokenFile
--- PASS: TestWatchBearerTokenFile (0.10s)
=== RUN   TestBearerTokenHeader
--- PASS: TestBearerTokenHeader (0.00s)
PASS
ok      github.com/prometheus-community/pushprox/cmd/client     0.419s
[PushProx]$ echo $?
0