feat(http-log) add custom header for authorization

[Tieske]

Adds an option to provide a custom header, and value to add to the log request. Typically required for Splunk for example.

[bungle]

Should it allow plural? Aka custom headers?

[dndx]

@bungle I asked the same question in #6449 (comment). I guess there is little use case for people adding two statistically defined headers, so I tends to agree this current implementation should satisfies more than 90% of the use cases out there.

In particular, for authenticating against a log collection API, one set of header is usually enough. Whether it is Authorization or API-Key or something similar.

If we support templating for header values then supporting more than one custom header may be more useful.

[Tieske]

@dndx @bungle if using this; https://github.com/Kong/kong/blob/next/kong/db/schema/typedefs.lua#L509

do you have an example of where/how it is to be used?

[Tieske]

had a look at it, that is not suitable. That headers typedef only checks for "Host", and doesn't allow it.
To do the same here, we need to validate the other headers as well, see

kong/kong/plugins/http-log/handler.lua

Lines 85 to 87 in 612c365

	["Content-Type"] = content_type,
	["Content-Length"] = #payload,
	["Authorization"] = parsed_url.userinfo and (

That is really overkill for such a simple feature.

[Tieske]

• the headers one is not suited, it contains an error message specific to the route entity
• the keys in the headers typedef are just strings, not valid header names. currently there is 1 header name in this PR, but it is properly validated
• if checking for Host, we also must check for the others, so that would require a complete new typedef anyway.
• If we check for Authorization there must be a check that it does not collide with the userinfo in the URL provided, which I think requires a custom validator function, which we don't like.

I really think this is overcomplicating it.

[Tieske]

@bungle @dndx fixed up to support multiple headers now.