Remove mutual exclusivity between PAT and API+App key auth

tausman · tausman · commit 5605e45bf9d9 · 2026-03-05T00:46:27.000Z
diff --git a/.generator/src/generator/templates/configuration.j2 b/.generator/src/generator/templates/configuration.j2
@@ -112,26 +112,21 @@ impl Configuration {
     {%- if "bearerAuth" in openapi.components.securitySchemes %}
 
     /// Set a bearer token for authentication.
-    /// When a bearer token is configured, the client sends only an `Authorization: Bearer <token>`
-    /// header and does NOT send DD-API-KEY or DD-APPLICATION-KEY headers.
     pub fn set_pat(&mut self, pat: String) {
         self.pat = Some(pat);
     }
 
     {%- endif %}
 
     /// Build authentication headers for an API request.
-    {%- if "bearerAuth" in openapi.components.securitySchemes %}
-    /// If a bearer token is configured, returns a single `Authorization: Bearer` header.
-    /// Otherwise, returns API key headers.
-    {%- endif %}
+    /// All configured auth credentials are sent; the server decides which to use.
     pub fn auth_headers(&self) -> Vec<(String, String)> {
+        let mut headers = Vec::new();
         {%- if "bearerAuth" in openapi.components.securitySchemes %}
         if let Some(ref pat) = self.pat {
-            return vec![("Authorization".to_string(), format!("Bearer {}", pat))];
+            headers.push(("Authorization".to_string(), format!("Bearer {}", pat)));
         }
         {%- endif %}
-        let mut headers = Vec::new();
         {%- set authMethods = openapi.security %}
         {%- if authMethods %}
         {%- for authMethod in authMethods %}
diff --git a/src/datadog/configuration.rs b/src/datadog/configuration.rs
@@ -111,20 +111,17 @@ impl Configuration {
     }
 
     /// Set a bearer token for authentication.
-    /// When a bearer token is configured, the client sends only an `Authorization: Bearer <token>`
-    /// header and does NOT send DD-API-KEY or DD-APPLICATION-KEY headers.
     pub fn set_pat(&mut self, pat: String) {
         self.pat = Some(pat);
     }
 
     /// Build authentication headers for an API request.
-    /// If a bearer token is configured, returns a single `Authorization: Bearer` header.
-    /// Otherwise, returns API key headers.
+    /// All configured auth credentials are sent; the server decides which to use.
     pub fn auth_headers(&self) -> Vec<(String, String)> {
+        let mut headers = Vec::new();
         if let Some(ref pat) = self.pat {
-            return vec![("Authorization".to_string(), format!("Bearer {}", pat))];
+            headers.push(("Authorization".to_string(), format!("Bearer {}", pat)));
         }
-        let mut headers = Vec::new();
         if let Some(key) = self.auth_keys.get("apiKeyAuth") {
             headers.push(("DD-API-KEY".to_string(), key.key.clone()));
         }
@@ -1179,13 +1176,11 @@ mod tests {
         config.set_pat("my-pat-token".to_string());
 
         let headers = config.auth_headers();
-        assert_eq!(headers.len(), 1);
-        assert_eq!(headers[0].0, "Authorization");
-        assert_eq!(headers[0].1, "Bearer my-pat-token");
+        assert!(headers.iter().any(|(k, v)| k == "Authorization" && v == "Bearer my-pat-token"));
     }
 
     #[test]
-    fn test_auth_headers_with_pat_excludes_api_keys() {
+    fn test_auth_headers_with_pat_and_api_keys_sends_all() {
         let mut config = Configuration::new();
         config.set_auth_key(
             "apiKeyAuth",
@@ -1201,13 +1196,12 @@ mod tests {
                 prefix: "".to_string(),
             },
         );
-        // PAT overrides all key-based auth
         config.set_pat("my-pat-token".to_string());
 
         let headers = config.auth_headers();
-        assert_eq!(headers.len(), 1);
-        assert_eq!(headers[0].0, "Authorization");
-        assert_eq!(headers[0].1, "Bearer my-pat-token");
+        assert!(headers.iter().any(|(k, v)| k == "Authorization" && v == "Bearer my-pat-token"));
+        assert!(headers.iter().any(|(k, v)| k == "DD-API-KEY" && v == "my-api-key"));
+        assert!(headers.iter().any(|(k, v)| k == "DD-APPLICATION-KEY" && v == "my-app-key"));
     }
 
     #[test]
@@ -1245,7 +1239,7 @@ mod tests {
     }
 
     #[test]
-    fn test_dd_pat_env_var() {
+    fn test_dd_bearer_token_env_var() {
         let _lock = ENV_MUTEX.lock().unwrap();
         let old_pat = env::var("DD_BEARER_TOKEN").ok();
 
@@ -1255,9 +1249,7 @@ mod tests {
         assert_eq!(config.pat.as_deref(), Some("env-pat-token"));
 
         let headers = config.auth_headers();
-        assert_eq!(headers.len(), 1);
-        assert_eq!(headers[0].0, "Authorization");
-        assert_eq!(headers[0].1, "Bearer env-pat-token");
+        assert!(headers.iter().any(|(k, v)| k == "Authorization" && v == "Bearer env-pat-token"));
 
         // Restore env
         match old_pat {
