Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New component: JWT server authenticator #20539

Closed
2 tasks
StarpTech opened this issue Apr 2, 2023 · 15 comments
Closed
2 tasks

New component: JWT server authenticator #20539

StarpTech opened this issue Apr 2, 2023 · 15 comments
Labels

Comments

@StarpTech
Copy link
Contributor

StarpTech commented Apr 2, 2023

The purpose and use-cases of the new component

This extension authenticates users who want to send data to your collector with a JWT, enabling multi-tenant use cases easier. Based on the auth claims data, you can use a processor like attributesprocessor to filter or enrich the data. Authenticity is ensured by signing the JWT token with the same secret before.

Example configuration for the component

extensions:
  jwt:
    secret: "secret"

receivers:
  otlp:
    protocols:
      grpc:
        auth:
          authenticator: jwt

processors:
  # Extract the project id from the auth context
  attributes/from_auth_context:
    actions:
      - key: project.id
        from_context: auth.project_id
        action: insert

exporters:
  logging:
    logLevel: debug

service:
  extensions: [jwt]
  pipelines:
    traces:
      receivers: [otlp]
      # Apply the processor
      processors: [attributes/from_auth_context]
      exporters: [logging]

Telemetry data types supported

traces, metrics and logs

Is this a vendor-specific component?

  • This is a vendor-specific component
  • If this is a vendor-specific component, I am proposing to contribute this as a representative of the vendor.

Sponsor (optional)

No response

Additional context

#20524

@StarpTech StarpTech added the needs triage New item requiring triage label Apr 2, 2023
@fatsheep9146 fatsheep9146 added the Sponsor Needed New component seeking sponsor label Apr 3, 2023
@atoulme
Copy link
Contributor

atoulme commented Apr 4, 2023

The sponsor should be an approver or maintainer of the opentelemetry collector contrib project. @wundergraph cannot be considered as a sponsor here.

@atoulme atoulme removed the needs triage New item requiring triage label Apr 4, 2023
@atoulme
Copy link
Contributor

atoulme commented Apr 4, 2023

How does this compare to the existing extensions bearertokenauthextension or oauth2clientauthextension ?

@fatsheep9146
Copy link
Contributor

@jpkrohling do you have any suggestions about this issue?

@StarpTech
Copy link
Contributor Author

StarpTech commented Apr 7, 2023

How does this compare to the existing extensions bearertokenauthextension or oauth2clientauthextension ?

Read the README's 😄

The new proposed component work with JWT's to authenticate a client. No third-party service is involved.

@StarpTech
Copy link
Contributor Author

The sponsor should be an approver or maintainer of the opentelemetry collector contrib project. https://github.com/wundergraph?type=source cannot be considered as a sponsor here.

How can we become one?

@jpkrohling
Copy link
Member

@perestoronin
Copy link

perestoronin commented May 4, 2023

git clone https://github.com/wundergraph/opentelemetry-collector-contrib.git
cd opentelemetry-collector-contrib
git checkout "dustin/add_jwt_authenticator"
cd cmd/otelcontribcol
go mod vendor
go build
./otelcontribcol components

expected jwt in list of extensions, but jwt extension not exists, why? @StarpTech

@StarpTech
Copy link
Contributor Author

@perestoronin no idea; I'm not very familiar with the setup of the repo. What do I need to update?

@github-actions
Copy link
Contributor

github-actions bot commented Jul 4, 2023

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

@github-actions github-actions bot added the Stale label Jul 4, 2023
@StarpTech
Copy link
Contributor Author

@perestoronin @jpkrohling I need help. The PR #20524 is open for over 30 days and no maintainer feels responsible.

@atoulme
Copy link
Contributor

atoulme commented Jul 4, 2023

You don’t have a sponsor. You need one before maintainers can help.

@github-actions github-actions bot removed the Stale label Jul 5, 2023
@MovieStoreGuy
Copy link
Contributor

You have a few options to try reach out to a potential sponser,

  • The weekly SIG calls are a great way to convey the need for this "in person"
  • Reach out within the CNCF slack space and ask if any approvers or maintainer would be will to sponsor this.

If you're able to help draw out some more use cases and examples, it greatly help me understand the desire for this beyond having JWT support.

@StarpTech
Copy link
Contributor Author

StarpTech commented Aug 18, 2023

Hi @MovieStoreGuy, I don't know what else I can say. I think I described the use case in the issue and here https://github.com/wundergraph/opentelemetry-collector-contrib/blob/dustin/add_jwt_authenticator/extension/jwtauthextension/README.md#description. In a nutshell: You can make your OTEL collector public and secure the ingestion with this extension through signed JWT's.
This is our use case at https://wundergraph.com/ I couldn't find any existing extension that makes that possible.

@github-actions
Copy link
Contributor

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

Copy link
Contributor

This issue has been closed as inactive because it has been stale for 120 days with no activity.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Dec 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants