Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auth-context available for use in export-config #4814

Closed
DennisGlindhart opened this issue Feb 7, 2022 · 7 comments
Closed

Auth-context available for use in export-config #4814

DennisGlindhart opened this issue Feb 7, 2022 · 7 comments
Assignees
Labels
enhancement New feature or request release:after-ga

Comments

@DennisGlindhart
Copy link

When using a (Server)Authentication extension for OTEL-Collector (i.e. basic auth, oidc etc. from contrib), I would like it to be possible to somehow extract the username (or other auth-data/claim) and use it in i.e. exporter-headers.

The auth context seems to be returned from the extension in authenticate-method ( https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/extension/oidcauthextension/extension.go#L136 ) so it should already be available in the context.

Describe the solution you'd like
Ability to use the auth context in exporter-config.

exporters:
  otlp:
    headers:
      x-scope-orgid: <USERNAME FROM AUTH>

Additional context
One use case here could be to have only a singe OTEL-collector running on multitenant server/cluster-node etc and let software authenticate with the OTEL-collector and be exported with Multitentenancy-header (in this example Scope-header used Grafana Tempo/Loki).

@jpkrohling jpkrohling self-assigned this Feb 7, 2022
@jpkrohling
Copy link
Member

@bogdandrutu, @tigrannajaryan, do you think we could change the confighttp to accept a notation like context.user_id, which would make it look up the user_id key within the context? Or perhaps you have another suggestion? In any case, I would do it after GA.

@tigrannajaryan
Copy link
Member

use it in i.e. exporter-headers.

@jpkrohling how will this work? We don't maintain the context in batch processor or in queued_retry, so the incoming context won't be available in the exporters, right?

@jpkrohling
Copy link
Member

We don't yet, but I do plan on working on that soon (#4544).

@bogdandrutu
Copy link
Member

@tigrannajaryan we do maintain the context in queued_retry only in batching we have a problem, since we batch requests from multiple sources.

@kovrus
Copy link
Member

kovrus commented Aug 11, 2022

@DennisGlindhart does open-telemetry/opentelemetry-collector-contrib#12892 resolve this issue for you?

@DennisGlindhart
Copy link
Author

@kovrus Reading the README it would seem so, yes.

This configuration should fill the username from auth into User-ID header when sending to exporter if I understand correctly.

extensions:
  headers_setter:
    headers:
      - key: User-ID
        from_context: "user_id"

There is still the batch-limitation (Nice to have), but I guess in the future relying on the same work mentioned earlier could solve that? (#4544).

@kovrus
Copy link
Member

kovrus commented Aug 12, 2022

There is still the batch-limitation (Nice to have), but I guess in the future relying on the same work mentioned earlier could solve that? (#4544).

That's correct. See #5733 (comment), it could be potentially temporal workaround.

@jpkrohling can you please close this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request release:after-ga
Projects
None yet
Development

No branches or pull requests

5 participants