CRED-2150: Add PAT auth support to Rust API client

.generator/src/generator/templates/api.j2

@@ -384,19 +384,14 @@ impl {{ structName }} {
         };
 
         // build auth
-        {%- set authMethods = operation.security if "security" in operation else openapi.security %}
-        {%- if authMethods %}
-        {%- for authMethod in authMethods %}
-        {%- for name in authMethod %}
-        {%- set schema = openapi.components.securitySchemes[name] %}
-        {%- if schema.type == "apiKey" and schema.in != "cookie" %}
-        if let Some(local_key) = local_configuration.auth_keys.get("{{ name }}") {
-            headers.insert("{{schema.name}}", HeaderValue::from_str(local_key.key.as_str()).expect("failed to parse {{schema.name}} header"));
-        };
-        {%- endif %}
-        {%- endfor %}
-        {%- endfor %}
-        {%- endif %}
+        for (key, value) in local_configuration.auth_headers() {
+            headers.insert(
+                reqwest::header::HeaderName::from_bytes(key.as_bytes())
+                    .expect("failed to parse auth header name"),
+                HeaderValue::from_str(value.as_str())
+                    .expect("failed to parse auth header value"),
+            );
+        }
 
         {% if formParameter %}
         // build form parameters

.generator/src/generator/templates/configuration.j2

@@ -44,6 +44,9 @@ pub struct Configuration {
     pub(crate) user_agent: String,
     pub(crate) unstable_operations: HashMap<String, bool>,
     pub(crate) auth_keys: HashMap<String, APIKey>,
+    {%- if "bearerAuth" in openapi.components.securitySchemes %}
+    pub(crate) pat: Option<String>,
+    {%- endif %}
     pub server_index: usize,
     pub server_variables: HashMap<String, String>,
     pub server_operation_index: HashMap<String, usize>,
@@ -106,6 +109,40 @@ impl Configuration {
         self.auth_keys.insert(operation_str.to_string(), api_key);
     }
 
+    {%- if "bearerAuth" in openapi.components.securitySchemes %}
+
+    /// Set a bearer token for authentication.
+    pub fn set_pat(&mut self, pat: String) {
+        self.pat = Some(pat);
+    }
+
+    {%- endif %}
+
+    /// Build authentication headers for an API request.
+    /// All configured auth credentials are sent; the server decides which to use.
+    pub fn auth_headers(&self) -> Vec<(String, String)> {
+        let mut headers = Vec::new();
+        {%- if "bearerAuth" in openapi.components.securitySchemes %}
+        if let Some(ref pat) = self.pat {
+            headers.push(("Authorization".to_string(), format!("Bearer {}", pat)));
+        }
+        {%- endif %}
+        {%- set authMethods = openapi.security %}
+        {%- if authMethods %}
+        {%- for authMethod in authMethods %}
+        {%- for name in authMethod %}
+        {%- set schema = openapi.components.securitySchemes[name] %}
+        {%- if schema.type == "apiKey" and schema.in != "cookie" %}
+        if let Some(key) = self.auth_keys.get("{{ name }}") {
+            headers.push(("{{ schema.name }}".to_string(), key.key.clone()));
+        }
+        {%- endif %}
+        {%- endfor %}
+        {%- endfor %}
+        {%- endif %}
+        headers
+    }
+
     pub fn set_proxy_url(&mut self, proxy_url: Option<String>) {
         self.proxy_url = proxy_url;
     }
@@ -149,10 +186,20 @@ impl Default for Configuration {
         {%- endfor %}
         {%- endif %}
 
+        {%- if "bearerAuth" in openapi.components.securitySchemes %}
+        {%- set bearerEnvName = openapi.components.securitySchemes.bearerAuth["x-env-name"] %}
+
+        // {{ bearerEnvName }} env var enables Bearer token auth (mutually exclusive with API key auth)
+        let pat = env::var("{{ bearerEnvName }}").ok().filter(|p| !p.is_empty());
+        {%- endif %}
+
         Self {
             user_agent: DEFAULT_USER_AGENT.clone(),
             unstable_operations,
             auth_keys,
+            {%- if "bearerAuth" in openapi.components.securitySchemes %}
+            pat,
+            {%- endif %}
             server_index: 0,
             server_variables: HashMap::from([(
                 "site".into(),

src/datadog/configuration.rs

@@ -46,6 +46,7 @@ pub struct Configuration {
     pub(crate) user_agent: String,
     pub(crate) unstable_operations: HashMap<String, bool>,
     pub(crate) auth_keys: HashMap<String, APIKey>,
+    pub(crate) pat: Option<String>,
     pub server_index: usize,
     pub server_variables: HashMap<String, String>,
     pub server_operation_index: HashMap<String, usize>,
@@ -109,6 +110,27 @@ impl Configuration {
         self.auth_keys.insert(operation_str.to_string(), api_key);
     }
 
+    /// Set a bearer token for authentication.
+    pub fn set_pat(&mut self, pat: String) {
+        self.pat = Some(pat);
+    }
+
+    /// Build authentication headers for an API request.
+    /// All configured auth credentials are sent; the server decides which to use.
+    pub fn auth_headers(&self) -> Vec<(String, String)> {
+        let mut headers = Vec::new();
+        if let Some(ref pat) = self.pat {
+            headers.push(("Authorization".to_string(), format!("Bearer {}", pat)));
+        }
+        if let Some(key) = self.auth_keys.get("apiKeyAuth") {
+            headers.push(("DD-API-KEY".to_string(), key.key.clone()));
+        }
+        if let Some(key) = self.auth_keys.get("appKeyAuth") {
+            headers.push(("DD-APPLICATION-KEY".to_string(), key.key.clone()));
+        }
+        headers
+    }
+
     pub fn set_proxy_url(&mut self, proxy_url: Option<String>) {
         self.proxy_url = proxy_url;
     }
@@ -363,10 +385,14 @@ impl Default for Configuration {
             },
         );
 
+        // DD_BEARER_TOKEN env var enables Bearer token auth (mutually exclusive with API key auth)
+        let pat = env::var("DD_BEARER_TOKEN").ok().filter(|p| !p.is_empty());
+
         Self {
             user_agent: DEFAULT_USER_AGENT.clone(),
             unstable_operations,
             auth_keys,
+            pat,
             server_index: 0,
             server_variables: HashMap::from([(
                 "site".into(),

src/datadogV1/api/api_authentication.rs

@@ -143,13 +143,14 @@ impl AuthenticationAPI {
         };
 
         // build auth
-        if let Some(local_key) = local_configuration.auth_keys.get("apiKeyAuth") {
+        for (key, value) in local_configuration.auth_headers() {
             headers.insert(
-                "DD-API-KEY",
-                HeaderValue::from_str(local_key.key.as_str())
-                    .expect("failed to parse DD-API-KEY header"),
+                reqwest::header::HeaderName::from_bytes(key.as_bytes())
+                    .expect("failed to parse auth header name"),
+                HeaderValue::from_str(value.as_str())
+                    .expect("failed to parse auth header value"),
             );
-        };
+        }
 
         local_req_builder = local_req_builder.headers(headers);
         let local_req = local_req_builder.build()?;