README
¶
Authentication configuration
This module defines necessary interfaces to implement server and client type authenticators:
- Server type authenticators perform authentication for incoming HTTP/gRPC requests and are typically used in receivers.
- Client type authenticators perform client-side authentication for outgoing HTTP/gRPC requests and are typically used in exporters.
The currently known authenticators are:
-
Server Authenticators
-
Client Authenticators
Examples:
extensions:
oidc:
# see the blog post on securing the otelcol for information
# on how to setup an OIDC server and how to generate the TLS certs
# required for this example
# https://medium.com/opentelemetry/securing-your-opentelemetry-collector-1a4f9fa5bd6f
issuer_url: http://localhost:8080/auth/realms/opentelemetry
audience: account
oauth2client:
client_id: someclientid
client_secret: someclientsecret
token_url: https://example.com/oauth2/default/v1/token
scopes: ["api.metrics"]
# tls settings for the token client
tls:
insecure: true
ca_file: /var/lib/mycert.pem
cert_file: certfile
key_file: keyfile
# timeout for the token client
timeout: 2s
receivers:
otlp/with_auth:
protocols:
grpc:
endpoint: localhost:4318
tls:
cert_file: /tmp/certs/cert.pem
key_file: /tmp/certs/cert-key.pem
auth:
## oidc is the extension name to use as the authenticator for this receiver
authenticator: oidc
otlphttp/withauth:
endpoint: http://localhost:9000
auth:
authenticator: oauth2client
Creating an authenticator
New authenticators can be added by creating a new extension that also implements the appropriate interface (configauth.ServerAuthenticator or configauth.ClientAuthenticator).
Generic authenticators that may be used by a good number of users might be accepted as part of the contrib distribution. If you have an interest in contributing an authenticator, open an issue with your proposal. For other cases, you'll need to include your custom authenticator as part of your custom OpenTelemetry Collector, perhaps being built using the OpenTelemetry Collector Builder.
Documentation
¶
Overview ¶
Package configauth implements the configuration settings to ensure authentication on incoming requests, and allows exporters to add authentication on outgoing requests.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authentication ¶
type Authentication struct {
// AuthenticatorID specifies the name of the extension to use in order to authenticate the incoming data point.
AuthenticatorID component.ID `mapstructure:"authenticator"`
}
Authentication defines the auth settings for the receiver.
func NewDefaultAuthentication ¶ added in v0.99.0
func NewDefaultAuthentication() *Authentication
NewDefaultAuthentication returns a default authentication configuration.
func (Authentication) GetClientAuthenticator ¶
func (a Authentication) GetClientAuthenticator(extensions map[component.ID]component.Component) (auth.Client, error)
GetClientAuthenticator attempts to select the appropriate auth.Client from the list of extensions, based on the component id of the extension. If an authenticator is not found, an error is returned. This should be only used by HTTP clients.
func (Authentication) GetServerAuthenticator ¶
func (a Authentication) GetServerAuthenticator(extensions map[component.ID]component.Component) (auth.Server, error)
GetServerAuthenticator attempts to select the appropriate auth.Server from the list of extensions, based on the requested extension name. If an authenticator is not found, an error is returned.
Source Files