#229 Add OpenTelemetry Collector Server Auth Extensions to Receivers #2203
Conversation
|
|
clayton-cornell
added
the
type/docs
|
@grafana/grafana-alloy-maintainers I am going to hold back on reviewing the doc input until after a technical code review has been completed. There are some questions I have about the way things are phrased in the docs that may be resolved with the code review. |
Thanks for taking a look! Happy to clarify once the code review is complete. |
Yeah, I dug into why this test was failing for a couple of hours and my assessment was that it was an issue with the test infrastructure incorrectly reporting that the component is running. See auth_test.go and I have a detailed comment explaining what is happening. Do you have any suggestions or comments on how to wait for the underlying extension to be running on the host? |
|
Will try to take a look at this but for full transparency most of the team is gonna be unavailable for a week or so due to the holidays. |
Not a problem, I'm not in any rush to get this PR merged. I did see a PR go through recently that added a /healthy endpoint to a component. I will try using that and let you know. Thanks for the help so far. |
|
The latest commits should fix the issue with the race condition in auth_basic.go. I have also addressed the outstanding comments on the PR. |
| @@ -10,6 +10,8 @@ title: otelcol.auth.oauth2 | |||
|
|
|||
| `otelcol.auth.oauth2` exposes a `handler` that can be used by other `otelcol` components to authenticate requests using OAuth 2.0. | |||
|
|
|||
| This extension only supports client authentication. | |||
There was a problem hiding this comment.
Is this an extension to a component? Or do we mean component here?
docs/sources/reference/components/otelcol/otelcol.auth.sigv4.md
Outdated
Show resolved
Hide resolved
docs/sources/reference/components/otelcol/otelcol.extension.jaeger_remote_sampling.md
Outdated
Show resolved
Hide resolved
docs/sources/reference/components/otelcol/otelcol.extension.jaeger_remote_sampling.md
Outdated
Show resolved
Hide resolved
|
@clayton-cornell I have made the requested changes to the docs. Based on your previous feedback I also slightly modified each receiver's docs. Let me know if you would like any more changes. |
aidanleuck
force-pushed
the
feature/add_auth_to_otlp_receiver
branch
from
3913159 to
4665aaf
Compare
…re/add_auth_to_otlp_receiver
| {{< admonition type="note" >}} | ||
| Not all OpenTelemetry Collector authentication plugins support receiver authentication. | ||
| Refer to the [documentation](https://grafana.com/docs/alloy/<ALLOY_VERSION>/reference/components/otelcol/) for each `otelcol.auth.*` component to determine its compatibility. | ||
| {{< /admonition >}} |
There was a problem hiding this comment.
| {{< admonition type="note" >}} | |
| Not all OpenTelemetry Collector authentication plugins support receiver authentication. | |
| Refer to the [documentation](https://grafana.com/docs/alloy/<ALLOY_VERSION>/reference/components/otelcol/) for each `otelcol.auth.*` component to determine its compatibility. | |
| {{< /admonition >}} | |
| {{< admonition type="note" >}} | |
| Not all OpenTelemetry Collector authentication plugins support receiver authentication. | |
| Refer to the [documentation](https://grafana.com/docs/alloy/<ALLOY_VERSION>/reference/components/otelcol/) for each `otelcol.auth.*` component to determine its compatibility. | |
| {{< /admonition >}} |
Removing extra space
| @@ -11,7 +11,7 @@ title: otelcol.auth.basic | |||
| `otelcol.auth.basic` exposes a `handler` that can be used by other `otelcol` | |||
| components to authenticate requests using basic authentication. | |||
|
|
|||
| This extension supports both server and client authentication. | |||
| This `component` supports both server and client authentication. | |||
There was a problem hiding this comment.
| This `component` supports both server and client authentication. | |
| This component supports both server and client authentication. |
Ooops, my fault. I used the inline code syntax to emphasize in the previous comment.
| @@ -11,7 +11,7 @@ title: otelcol.auth.bearer | |||
| `otelcol.auth.bearer` exposes a `handler` that can be used by other `otelcol` | |||
| components to authenticate requests using bearer token authentication. | |||
|
|
|||
| This extension supports both server and client authentication. | |||
| This `component` supports both server and client authentication. | |||
There was a problem hiding this comment.
| This `component` supports both server and client authentication. | |
| This component supports both server and client authentication. |
| @@ -11,7 +11,7 @@ title: otelcol.auth.headers | |||
| `otelcol.auth.headers` exposes a `handler` that can be used by other `otelcol` | |||
| components to authenticate requests using custom headers. | |||
|
|
|||
| This extension only supports client authentication. | |||
| This `component` only supports client authentication. | |||
There was a problem hiding this comment.
| This `component` only supports client authentication. | |
| This component only supports client authentication. |
| @@ -10,7 +10,7 @@ title: otelcol.auth.oauth2 | |||
|
|
|||
| `otelcol.auth.oauth2` exposes a `handler` that can be used by other `otelcol` components to authenticate requests using OAuth 2.0. | |||
|
|
|||
| This extension only supports client authentication. | |||
| This `component` only supports client authentication. | |||
There was a problem hiding this comment.
| This `component` only supports client authentication. | |
| This component only supports client authentication. |
| @@ -12,7 +12,7 @@ title: otelcol.auth.sigv4 | |||
| components to authenticate requests to AWS services using the AWS Signature Version 4 (SigV4) protocol. | |||
| For more information about SigV4 see the AWS documentation about [Signing AWS API requests][]. | |||
|
|
|||
| This extension only supports client authentication. | |||
| This `component` only supports client authentication. | |||
There was a problem hiding this comment.
| This `component` only supports client authentication. | |
| This component only supports client authentication. |
|
Documentation changes have been implemented. However, the recent merge with the main branch seems to have caused a test failure. This pull request PR appears to be the culprit. The same test is also failing on the main branch. I wanted to flag this issue here to ensure the failure doesn't hinder the progress of this PR. |
|
@aidanleuck It's probably OK to ignore the failing test here. The @grafana/grafana-alloy-maintainers over to someone on the dev team for code review |
| // authentication extensions to all of our components. | ||
| // Auth is a binding to an otelcol.auth.* component extension which handles | ||
| // authentication. | ||
| Auth *auth.Handler `alloy:"auth,attr,optional"` |
There was a problem hiding this comment.
I think we should name this to a authentication in both the var name and alloy name. This is so it doesnt overlap with authentication. Same with the documentation.
There was a problem hiding this comment.
What do you think about renaming the var name to Authentication but keeping the alloy name as auth? That way when using client auth or server auth the field is consistent.
client auth looks like this. We can't easily change this without breaking the user interface.
otelcol.exporter.otlp "otlp"{
auth = <component>.handler
}
server auth would look like this if we changed auth to authentication.
otelcol.receiver.otlp "receiver"{
authentication = <component>.handler
}
As a user I like the consistency between it being auth for both exporters and receivers. Let me know what you think.
There was a problem hiding this comment.
I can live with that. Can you add a comment in the code saying why its that way?
| } | ||
|
|
||
| // Configure the authentication if args.Auth is set. | ||
| var auth *otelconfigauth.Authentication | ||
| var authz *otelconfigauth.Authentication |
There was a problem hiding this comment.
Var name feels like authorization.
| if err != nil { | ||
| return err | ||
| } else if ext != nil { |
There was a problem hiding this comment.
This merge conflict was already handled in this PR in the function createExtension() on line 388 of this file.
|
This is looking great. One last comment to add and I will merge. Likely will pull this into the RC candidate before release. |
|
Comments addressed! I also changed the var name for client blocks from Auth to Authentication for consistency. |
PR Description
Adds server authentication support to
otelcol.receivers.*that support the OpenTelemetry collector auth extension model. Some receivers are not wrappers of the collector so they are excluded from this PR.Receivers that now support server auth:
Which issue(s) this PR fixes
Fixes #229
Notes to the Reviewer
TestAuthServer in auth_basic_test.go is consistently failing due to a race condition in startup. Any ideas or potential solutions to this problem would be appreciated. The auth_basic plugin appears to function as expected when running from the binary.
User interface for client auth has not changed.
PR Checklist