alloy/internal/component/otelcol/auth/basic/basic.go at 2389d55d07a9ff91f553cd12f135486af6c53876 · pkarakal/alloy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
// Package basic provides an otelcol.auth.basic component.
package basic

import (
	"errors"
	"fmt"

	"github.com/grafana/alloy/internal/component"
	"github.com/grafana/alloy/internal/component/otelcol/auth"
	otelcolCfg "github.com/grafana/alloy/internal/component/otelcol/config"
	"github.com/grafana/alloy/internal/featuregate"
	"github.com/grafana/alloy/syntax/alloytypes"
	"github.com/open-telemetry/opentelemetry-collector-contrib/extension/basicauthextension"
	otelcomponent "go.opentelemetry.io/collector/component"
	"go.opentelemetry.io/collector/config/configopaque"
	"go.opentelemetry.io/collector/pipeline"
)

var (
	errNoCredentialSource = errors.New("no credential source provided")
	errNoPasswordProvided = errors.New("no password provided")
)

func init() {
	component.Register(component.Registration{
		Name:      "otelcol.auth.basic",
		Stability: featuregate.StabilityGenerallyAvailable,
		Args:      Arguments{},
		Exports:   auth.Exports{},

		Build: func(opts component.Options, args component.Arguments) (component.Component, error) {
			fact := basicauthextension.NewFactory()
			return auth.New(opts, fact, args.(Arguments))
		},
	})
}

type HtpasswdConfig struct {
	File   string `alloy:"file,attr,optional"`
	Inline string `alloy:"inline,attr,optional"`
}

func (c HtpasswdConfig) convert() *basicauthextension.HtpasswdSettings {
	return &basicauthextension.HtpasswdSettings{
		File:   c.File,
		Inline: c.Inline,
	}
}

type ClientAuthConfig struct {
	Username string `alloy:"username,attr"`
	Password string `alloy:"password,attr"`
}

func (c ClientAuthConfig) convert() *basicauthextension.ClientAuthSettings {
	if c.Username == "" && c.Password == "" {
		return nil
	}
	return &basicauthextension.ClientAuthSettings{
		Username: c.Username,
		Password: configopaque.String(c.Password),
	}
}

// Arguments configures the otelcol.auth.basic component.
type Arguments struct {
	Username string            `alloy:"username,attr,optional"` // Deprecated: Use ClientAuth instead
	Password alloytypes.Secret `alloy:"password,attr,optional"` // Deprecated: Use ClientAuth instead

	ClientAuth *ClientAuthConfig `alloy:"client_auth,block,optional"`

	Htpasswd *HtpasswdConfig `alloy:"htpasswd,block,optional"`

	// DebugMetrics configures component internal metrics. Optional.
	DebugMetrics otelcolCfg.DebugMetricsArguments `alloy:"debug_metrics,block,optional"`
}

var _ auth.Arguments = Arguments{}

// SetToDefault implements syntax.Defaulter.
func (args *Arguments) SetToDefault() {
	args.DebugMetrics.SetToDefault()
}

// Validate implements syntax.Validator
func (args Arguments) Validate() error {
	// check if no argument was provided
	if args.Username == "" && args.Password == "" && args.Htpasswd == nil && args.ClientAuth == nil {
		return errNoCredentialSource
	}
	// the downstream basicauthextension package supports having both inline
	// and htpasswd files, so we should not error out in case both are
	// provided

	// check if password was not provided when username is provided
	if args.Username != "" && args.Password == "" {
		return errNoPasswordProvided
	}

	return nil
}

// ConvertClient implements auth.Arguments.
func (args Arguments) ConvertClient() (otelcomponent.Config, error) {
	c := &basicauthextension.Config{}
	// If the client config is specified, ignore the deprecated
	// username and password attributes.
	if args.ClientAuth != nil {
		c.ClientAuth = args.ClientAuth.convert()
		return c, nil
	}

	c.ClientAuth = &basicauthextension.ClientAuthSettings{
		Username: args.Username,
		Password: configopaque.String(args.Password),
	}
	return c, nil
}

// ConvertServer implements auth.Arguments.
func (args Arguments) ConvertServer() (otelcomponent.Config, error) {
	c := &basicauthextension.Config{
		Htpasswd: &basicauthextension.HtpasswdSettings{},
	}
	if args.Htpasswd != nil {
		c.Htpasswd = args.Htpasswd.convert()
	}
	// Keeping this to avoid breaking existing use cases. Remove this for v2
	if args.Username != "" && args.Password != "" {
		c.Htpasswd.Inline += fmt.Sprintf("\n%s:%s", args.Username, args.Password)
	}

	return c, nil
}

// AuthFeatures implements auth.Arguments.
func (args Arguments) AuthFeatures() auth.AuthFeature {
	return auth.ClientAndServerAuthSupported
}

// Extensions implements auth.Arguments.
func (args Arguments) Extensions() map[otelcomponent.ID]otelcomponent.Component {
	return nil
}

// Exporters implements auth.Arguments.
func (args Arguments) Exporters() map[pipeline.Signal]map[otelcomponent.ID]otelcomponent.Component {
	return nil
}

// DebugMetricsConfig implements auth.Arguments.
func (args Arguments) DebugMetricsConfig() otelcolCfg.DebugMetricsArguments {
	return args.DebugMetrics
}