feat(otelcol): add support for htpasswd file authentication #3916
Conversation
|
|
pkarakal
force-pushed
the
basic-auth-htpasswd
branch
from
920e168 to
f15ea16
Compare
pkarakal
force-pushed
the
basic-auth-htpasswd
branch
from
f15ea16 to
c9b7cb7
Compare
|
|
||
| htpasswd_file = "/etc/alloy/.htpasswd" |
There was a problem hiding this comment.
| htpasswd_file = "/etc/alloy/.htpasswd" |
The usage section only lists required attributes and blocks. You could add an example to the example section though.
| }, | ||
| }, nil | ||
| c := &basicauthextension.Config{ | ||
| Htpasswd: &basicauthextension.HtpasswdSettings{}, |
There was a problem hiding this comment.
It'd be better if this is only created if args.HtpasswdFile is not empty.
| Username string `alloy:"username,attr,optional"` | ||
| Password alloytypes.Secret `alloy:"password,attr,optional"` | ||
|
|
||
| HtpasswdFile string `alloy:"htpasswd_file,attr,optional"` |
There was a problem hiding this comment.
| HtpasswdFile string `alloy:"htpasswd_file,attr,optional"` | |
| HtpasswdFile string `alloy:"htpasswd_file,block,optional"` |
To match OTel, you'll need to create an htpasswd block which has two attributes - file and inline.
There was a problem hiding this comment.
so in case the htpasswd block is provided do you want to ignore the username password that may be provided? Asking mainly cause the extension supports having both file and inline, and inline is currently created by just combining username/password, which is a behavior I tried to keep.
There was a problem hiding this comment.
@ptodev feel free to let me know if that's what you had in mind.
| if args.HtpasswdFile != "" { | ||
| c.Htpasswd.File = args.HtpasswdFile | ||
| } |
There was a problem hiding this comment.
The best way to do the conversion is to make htpasswd a struct and make a convert function for it, similarly to KafkaExporterSignalConfig.
pkarakal
force-pushed
the
basic-auth-htpasswd
branch
from
c9b7cb7 to
b780c89
Compare
pkarakal
force-pushed
the
basic-auth-htpasswd
branch
from
b780c89 to
fa9cb16
Compare
PR Description
This adds support for using
htpasswdfor server authentication. Sinceotelcol.auth.basicis a wrapper aroundbasicauthextension, which already supports both inline and file based server authentication, this adds such support for alloy as well. This would be really useful when we want to have multiple users trying to send data to Alloy and we don't want to a reverse proxy for authenticating calls.This also makes the
usernameandpasswordfields optional since we should be able to just usehtpasswdfiles for server side authentication. They must be filled in when the handler is used for client authentication.PR Checklist