Support a secure way to pass credentials to http() calls

[rwitzel]

Background

A third-party API requires us to pass credentials (user ID and secret key) via custom HTTP headers.

At the moment there is no way to specify the credentials without allowing other users to access the credentials.

In #30 a solution is suggested (a proxy in front of the external resource) but users might try to avoid to setup additional resources.

Suggested solution

Via environment variables one could specify the following kind of information:

accounts = [
   {
    placeholder_prefix : "ABC",
    url_pattern        : "https://abc.com/api/.*',
    USER_ID            : "myUserId1",            // should be encryped via AWS KMS
    SECRETKEY          : "r73fhf83g83gdv327dv"   // should be encryped via AWS KMS
   },
   ....
]

The HTTP call in the check would look like:

response = http('https://abc.com/api/v2/status', 
                    replace_credentials_placeholder : True,
                    headers={
                        'X-ABC-INC-ACCESS-ID': 'ACCOUNTS_ABC_USER_ID',
                        'X-ABC-INC-SECRET-KEY': 'ACCOUNTS_ABC_SECRETKEY',
                        })

Then ZMON's http component would replace placeholders in the URL and in the headers before doing the actual call.