diff --git a/CHANGELOG.md b/CHANGELOG.md index f98c9d5bf0dc..7b72c819de47 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ - `dockerstatsreceiver`: Add container.runtime attribute to container metrics (#8261) - `clickhouseexporter`: Implement consume log logic. (#9705) - `influxdbexporter`: Add support for cumulative, non-monotonic metrics. (#8348) +- `oauth2clientauthextension`: Add support for EndpointParams (#7307) ### 🛑 Breaking changes 🛑 diff --git a/extension/oauth2clientauthextension/README.md b/extension/oauth2clientauthextension/README.md index 3ca4eb2c3985..59856bd9cc16 100644 --- a/extension/oauth2clientauthextension/README.md +++ b/extension/oauth2clientauthextension/README.md @@ -13,6 +13,8 @@ extensions: oauth2client: client_id: someclientid client_secret: someclientsecret + endpoint_params: + audience: someaudience token_url: https://example.com/oauth2/default/v1/token scopes: ["api.metrics"] # tls settings for the token client @@ -58,6 +60,7 @@ Following are the configuration fields - [**token_url**](https://datatracker.ietf.org/doc/html/rfc6749#section-3.2) - The resource server's token endpoint URLs. - [**client_id**](https://datatracker.ietf.org/doc/html/rfc6749#section-2.2) - The client identifier issued to the client. - [**client_secret**](https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1) - The secret string associated with above identifier. +- [**endpoint_params**](https://github.com/golang/oauth2/blob/master/clientcredentials/clientcredentials.go#L44) - Additional parameters that are sent to the token endpoint. - [**scopes**](https://datatracker.ietf.org/doc/html/rfc6749#section-3.3) - **Optional** optional requested permissions associated for the client. - [**timeout**](https://golang.org/src/net/http/client.go#L90) - **Optional** specifies the timeout on the underlying client to authorization server for fetching the tokens (initial and while refreshing). This is optional and not setting this configuration implies there is no timeout on the client. diff --git a/extension/oauth2clientauthextension/config.go b/extension/oauth2clientauthextension/config.go index 4c7de3ae6487..541f5b914efb 100644 --- a/extension/oauth2clientauthextension/config.go +++ b/extension/oauth2clientauthextension/config.go @@ -16,6 +16,7 @@ package oauth2clientauthextension // import "github.com/open-telemetry/opentelem import ( "errors" + "net/url" "time" "go.opentelemetry.io/collector/config" @@ -40,6 +41,9 @@ type Config struct { // See https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1 ClientSecret string `mapstructure:"client_secret"` + // EndpointParams specifies additional parameters for requests to the token endpoint. + EndpointParams url.Values `mapstructure:"endpoint_params"` + // TokenURL is the resource server's token endpoint // URL. This is a constant specific to each server. // See https://datatracker.ietf.org/doc/html/rfc6749#section-3.2 diff --git a/extension/oauth2clientauthextension/config_test.go b/extension/oauth2clientauthextension/config_test.go index ae3c6fbe54a5..4394b3e8b145 100644 --- a/extension/oauth2clientauthextension/config_test.go +++ b/extension/oauth2clientauthextension/config_test.go @@ -15,6 +15,7 @@ package oauth2clientauthextension import ( + "net/url" "path/filepath" "testing" "time" @@ -50,6 +51,7 @@ func TestLoadConfig(t *testing.T) { ExtensionSettings: config.NewExtensionSettings(config.NewComponentIDWithName(typeStr, "1")), ClientSecret: "someclientsecret", ClientID: "someclientid", + EndpointParams: url.Values{"audience": []string{"someaudience"}}, Scopes: []string{"api.metrics"}, TokenURL: "https://example.com/oauth2/default/v1/token", Timeout: time.Second, diff --git a/extension/oauth2clientauthextension/extension.go b/extension/oauth2clientauthextension/extension.go index 18798bfeff57..ffd0c04265a8 100644 --- a/extension/oauth2clientauthextension/extension.go +++ b/extension/oauth2clientauthextension/extension.go @@ -72,10 +72,11 @@ func newClientCredentialsExtension(cfg *Config, logger *zap.Logger) (*ClientCred return &ClientCredentialsAuthenticator{ clientCredentials: &clientcredentials.Config{ - ClientID: cfg.ClientID, - ClientSecret: cfg.ClientSecret, - TokenURL: cfg.TokenURL, - Scopes: cfg.Scopes, + ClientID: cfg.ClientID, + ClientSecret: cfg.ClientSecret, + TokenURL: cfg.TokenURL, + Scopes: cfg.Scopes, + EndpointParams: cfg.EndpointParams, }, logger: logger, client: &http.Client{ diff --git a/extension/oauth2clientauthextension/extension_test.go b/extension/oauth2clientauthextension/extension_test.go index 167e51b87b1a..b5e3ce7632a6 100644 --- a/extension/oauth2clientauthextension/extension_test.go +++ b/extension/oauth2clientauthextension/extension_test.go @@ -47,11 +47,12 @@ func TestOAuthClientSettings(t *testing.T) { { name: "all_valid_settings", settings: &Config{ - ClientID: "testclientid", - ClientSecret: "testsecret", - TokenURL: "https://example.com/v1/token", - Scopes: []string{"resource.read"}, - Timeout: 2, + ClientID: "testclientid", + ClientSecret: "testsecret", + EndpointParams: url.Values{"audience": []string{"someaudience"}}, + TokenURL: "https://example.com/v1/token", + Scopes: []string{"resource.read"}, + Timeout: 2, TLSSetting: configtls.TLSClientSetting{ TLSSetting: configtls.TLSSetting{ CAFile: testCAFile, @@ -132,6 +133,7 @@ func TestOAuthClientSettings(t *testing.T) { assert.Equal(t, test.settings.ClientSecret, rc.clientCredentials.ClientSecret) assert.Equal(t, test.settings.ClientID, rc.clientCredentials.ClientID) assert.Equal(t, test.settings.Timeout, rc.client.Timeout) + assert.Equal(t, test.settings.EndpointParams, rc.clientCredentials.EndpointParams) // test tls settings transport := rc.client.Transport.(*http.Transport) diff --git a/extension/oauth2clientauthextension/testdata/config.yaml b/extension/oauth2clientauthextension/testdata/config.yaml index 44078feb5e98..be27f1a0102b 100644 --- a/extension/oauth2clientauthextension/testdata/config.yaml +++ b/extension/oauth2clientauthextension/testdata/config.yaml @@ -3,6 +3,8 @@ extensions: client_id: someclientid client_secret: someclientsecret token_url: https://example.com/oauth2/default/v1/token + endpoint_params: + audience: someaudience scopes: ["api.metrics"] timeout: 1s