bearertokenauthextension

package module

v0.120.0 Latest Latest Go to latest Published: Feb 18, 2025 License: Apache-2.0 Imports: 15 Imported by: 6

README ¶

Authenticator - Bearer

Status
Stability	beta
Distributions	contrib, k8s
Issues
Code Owners	@jpkrohling, @frzifus
Emeritus	@pavankrish123

This extension implements both configauth.ServerAuthenticator and configauth.ClientAuthenticator. It can be used in both http and gRPC exporters inside the auth settings, as a means to embed a static token for every RPC call that will be made.

The authenticator type has to be set to bearertokenauth.

Configuration

scheme: Specifies the auth scheme name. Defaults to "Bearer". Optional.
token: Static authorization token that needs to be sent on every gRPC client call as metadata.
filename: Name of file that contains a authorization token that needs to be sent in every client call.

Either one of token or filename field is required. If both are specified, then the token field value is ignored. In any case, the value of the token will be prepended by ${scheme} before being sent as a value of "authorization" key in the request header in case of HTTP and metadata in case of gRPC.

Note: bearertokenauth requires transport layer security enabled on the exporter.

extensions:
  bearertokenauth:
    token: "somerandomtoken"
    filename: "file-containing.token"
  bearertokenauth/withscheme:
    scheme: "Bearer"
    token: "randomtoken"

receivers:
  hostmetrics:
    scrapers:
      memory:
  otlp:
    protocols:
      grpc:

exporters:
  otlp/withauth:
    endpoint: 0.0.0.0:5000
    ca_file: /tmp/certs/ca.pem
    auth:
      authenticator: bearertokenauth

  otlphttp/withauth:
    endpoint: http://localhost:9000
    auth:
      authenticator: bearertokenauth/withscheme

service:
  extensions: [bearertokenauth, bearertokenauth/withscheme]
  pipelines:
    metrics:
      receivers: [hostmetrics]
      processors: []
      exporters: [otlp/withauth, otlphttp/withauth]

Documentation ¶

Index ¶

func NewFactory() extension.Factory
type BearerAuthRoundTripper
- func (interceptor *BearerAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error)
type BearerTokenAuth
type Config
- func (cfg *Config) Validate() error
type PerRPCAuth
- func (c *PerRPCAuth) GetRequestMetadata(context.Context, ...string) (map[string]string, error)
- func (c *PerRPCAuth) RequireTransportSecurity() bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewFactory ¶

func NewFactory() extension.Factory

NewFactory creates a factory for the static bearer token Authenticator extension.

Types ¶

type BearerAuthRoundTripper ¶ added in v0.39.0

type BearerAuthRoundTripper struct {
	// contains filtered or unexported fields
}

BearerAuthRoundTripper intercepts and adds Bearer token Authorization headers to each http request.

func (*BearerAuthRoundTripper) RoundTrip ¶ added in v0.39.0

func (interceptor *BearerAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error)

RoundTrip modifies the original request and adds Bearer token Authorization headers.

type BearerTokenAuth ¶

type BearerTokenAuth struct {
	// contains filtered or unexported fields
}

BearerTokenAuth is an implementation of auth.Client. It embeds a static authorization "bearer" token in every rpc call.

func (*BearerTokenAuth) Authenticate ¶ added in v0.80.0

func (b *BearerTokenAuth) Authenticate(ctx context.Context, headers map[string][]string) (context.Context, error)

Authenticate checks whether the given context contains valid auth data.

func (*BearerTokenAuth) PerRPCCredentials ¶

func (b *BearerTokenAuth) PerRPCCredentials() (credentials.PerRPCCredentials, error)

PerRPCCredentials returns PerRPCAuth an implementation of credentials.PerRPCCredentials that

func (*BearerTokenAuth) RoundTripper ¶ added in v0.38.0

func (b *BearerTokenAuth) RoundTripper(base http.RoundTripper) (http.RoundTripper, error)

RoundTripper is not implemented by BearerTokenAuth

func (*BearerTokenAuth) Shutdown ¶

func (b *BearerTokenAuth) Shutdown(_ context.Context) error

Shutdown of BearerTokenAuth does nothing and returns nil

func (*BearerTokenAuth) Start ¶

func (b *BearerTokenAuth) Start(ctx context.Context, _ component.Host) error

Start of BearerTokenAuth does nothing and returns nil if no filename is specified. Otherwise a routine is started to monitor the file containing the token to be transferred.

type Config ¶

type Config struct {
	// Scheme specifies the auth-scheme for the token. Defaults to "Bearer"
	Scheme string `mapstructure:"scheme,omitempty"`

	// BearerToken specifies the bearer token to use for every RPC.
	BearerToken configopaque.String `mapstructure:"token,omitempty"`

	// Filename points to a file that contains the bearer token to use for every RPC.
	Filename string `mapstructure:"filename,omitempty"`
}

Config specifies how the Per-RPC bearer token based authentication data should be obtained.

func (*Config) Validate ¶

func (cfg *Config) Validate() error

Validate checks if the extension configuration is valid

type PerRPCAuth ¶

type PerRPCAuth struct {
	// contains filtered or unexported fields
}

PerRPCAuth is a gRPC credentials.PerRPCCredentials implementation that returns an 'authorization' header.

func (*PerRPCAuth) GetRequestMetadata ¶

func (c *PerRPCAuth) GetRequestMetadata(context.Context, ...string) (map[string]string, error)

GetRequestMetadata returns the request metadata to be used with the RPC.

func (*PerRPCAuth) RequireTransportSecurity ¶

func (c *PerRPCAuth) RequireTransportSecurity() bool

RequireTransportSecurity always returns true for this implementation. Passing bearer tokens in plain-text connections is a bad idea.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
internal
metadata

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL