From 4aa6af8b939da21e196ca7ff004d2cf8b043a2c0 Mon Sep 17 00:00:00 2001 From: Pete Wall Date: Thu, 21 Nov 2024 20:12:46 -0600 Subject: [PATCH] Add OAuth2 support to OTLP output (#938) Co-authored-by: Phil Kates Signed-off-by: Pete Wall --- .../alloy_config/_logs_service_otlp.alloy.txt | 29 +++++++++++++++++++ .../_metrics_service_otlp.alloy.txt | 29 +++++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/charts/k8s-monitoring-v1/templates/alloy_config/_logs_service_otlp.alloy.txt b/charts/k8s-monitoring-v1/templates/alloy_config/_logs_service_otlp.alloy.txt index 7111eeb85..6555bd56c 100644 --- a/charts/k8s-monitoring-v1/templates/alloy_config/_logs_service_otlp.alloy.txt +++ b/charts/k8s-monitoring-v1/templates/alloy_config/_logs_service_otlp.alloy.txt @@ -76,6 +76,33 @@ otelcol.auth.bearer "logs_service" { token = remote.kubernetes.secret.logs_service.data[{{ .bearerToken.tokenKey | quote }}] } {{- end }} +{{- else if eq .authMode "oauth2" }} +otelcol.auth.oauth2 "logs_service" { + {{- if eq .oauth2.clientId "" }} + client_id = nonsensitive(remote.kubernetes.secret.logs_service.data[{{ .oauth2.clientIdKey | quote }}]) + {{- else }} + client_id = {{ .oauth2.clientId | quote }} + {{- end }} + + {{- if eq .oauth2.clientSecretFile "" }} + client_secret = remote.kubernetes.secret.logs_service.data[{{ .oauth2.clientSecretKey | quote }}] + {{- else }} + client_secret_file = {{ .oauth2.clientSecretFile | quote }} + {{- end }} + {{- if .oauth2.endpointParams }} + endpoint_params = { + {{- range $k, $v := .oauth2.endpointParams }} + {{ $k }} = {{ $v | quote }}, + {{- end }} + } + {{- end }} + {{- if .oauth2.scopes }} + scopes = {{ .oauth2.scopes | toJson }} + {{- end }} + {{- if .oauth2.tokenURL }} + token_url = {{ required ".Values.oauth2.tokenURL is a required value when .Values.authMode is oauth2" .oauth2.tokenURL | quote }} + {{- end }} +} {{- end }} {{ if eq .protocol "otlp" }} otelcol.exporter.otlp "logs_service" { @@ -89,6 +116,8 @@ otelcol.exporter.otlphttp "logs_service" { auth = otelcol.auth.basic.logs_service.handler {{- else if eq .authMode "bearerToken" }} auth = otelcol.auth.bearer.logs_service.handler +{{- else if eq .authMode "oauth2" }} + auth = otelcol.auth.oauth2.logs_service.handler {{- end }} headers = { "X-Scope-OrgID" = nonsensitive(remote.kubernetes.secret.logs_service.data[{{ .tenantIdKey | quote }}]), diff --git a/charts/k8s-monitoring-v1/templates/alloy_config/_metrics_service_otlp.alloy.txt b/charts/k8s-monitoring-v1/templates/alloy_config/_metrics_service_otlp.alloy.txt index 88915a680..823283ad0 100644 --- a/charts/k8s-monitoring-v1/templates/alloy_config/_metrics_service_otlp.alloy.txt +++ b/charts/k8s-monitoring-v1/templates/alloy_config/_metrics_service_otlp.alloy.txt @@ -76,6 +76,33 @@ otelcol.auth.bearer "metrics_service" { token = remote.kubernetes.secret.metrics_service.data[{{ .bearerToken.tokenKey | quote }}] } {{- end }} +{{- else if eq .authMode "oauth2" }} +otelcol.auth.oauth2 "metrics_service" { + {{- if eq .oauth2.clientId "" }} + client_id = nonsensitive(remote.kubernetes.secret.metrics_service.data[{{ .oauth2.clientIdKey | quote }}]) + {{- else }} + client_id = {{ .oauth2.clientId | quote }} + {{- end }} + + {{- if eq .oauth2.clientSecretFile "" }} + client_secret = remote.kubernetes.secret.metrics_service.data[{{ .oauth2.clientSecretKey | quote }}] + {{- else }} + client_secret_file = {{ .oauth2.clientSecretFile | quote }} + {{- end }} + {{- if .oauth2.endpointParams }} + endpoint_params = { + {{- range $k, $v := .oauth2.endpointParams }} + {{ $k }} = {{ $v | quote }}, + {{- end }} + } + {{- end }} + {{- if .oauth2.scopes }} + scopes = {{ .oauth2.scopes | toJson }} + {{- end }} + {{- if .oauth2.tokenURL }} + token_url = {{ required ".Values.oauth2.tokenURL is a required value when .Values.authMode is oauth2" .oauth2.tokenURL | quote }} + {{- end }} +} {{- end }} {{ if eq .protocol "otlp" }} otelcol.exporter.otlp "metrics_service" { @@ -89,6 +116,8 @@ otelcol.exporter.otlphttp "metrics_service" { auth = otelcol.auth.basic.metrics_service.handler {{- else if eq .authMode "bearerToken" }} auth = otelcol.auth.bearer.metrics_service.handler +{{- else if eq .authMode "oauth2" }} + auth = otelcol.auth.oauth2.metrics_service.handler {{- end }} headers = { "X-Scope-OrgID" = nonsensitive(remote.kubernetes.secret.metrics_service.data[{{ .tenantIdKey | quote }}]),