Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
237ea44
feat(metrics): add HTTP authenticator support for Prometheus metric b…
SoumyaRaikwar Sep 24, 2025
e0ae488
feat(metrics): include SigV4 HTTP auth extension in Jaeger components
SoumyaRaikwar Sep 24, 2025
8134630
docs(metrics): document valid values for metric backend authenticator…
SoumyaRaikwar Sep 29, 2025
2bdbd3a
test: add comprehensive tests for SigV4 authentication support
SoumyaRaikwar Oct 5, 2025
9ac9b36
fix(lint): resolve golangci-lint errors
SoumyaRaikwar Oct 6, 2025
0e68eb5
refactor: move auth config to Prometheus configuration and eliminate …
Oct 10, 2025
a7bd21b
revert: remove unrelated test file formatting changes
SoumyaRaikwar Oct 12, 2025
18bcd36
refactor: consolidate factory and reader functions per code review
SoumyaRaikwar Oct 13, 2025
c08ee47
refactor: consolidate auth functions and simplify code per review
SoumyaRaikwar Oct 13, 2025
3dee417
chore: update dependencies for SigV4 and OTEL integration
SoumyaRaikwar Oct 13, 2025
89f7ddc
fix: correct indentation and Auth field access
SoumyaRaikwar Oct 13, 2025
c066f58
fix: resolve all linting and test issues for SigV4 auth
SoumyaRaikwar Oct 13, 2025
06d842d
Merge branch 'main' into feature/sigv4auth-storage-backend
SoumyaRaikwar Oct 13, 2025
cb294d3
Update internal/storage/metricstore/prometheus/metricstore/reader.go
SoumyaRaikwar Oct 13, 2025
c8d3ab8
Update internal/storage/metricstore/prometheus/metricstore/reader.go
SoumyaRaikwar Oct 14, 2025
357a9ec
Update internal/storage/metricstore/prometheus/metricstore/reader.go
SoumyaRaikwar Oct 14, 2025
a800f50
Merge branch 'main' into feature/sigv4auth-storage-backend
SoumyaRaikwar Oct 14, 2025
cf0ca47
refactor: address code review feedback
SoumyaRaikwar Oct 14, 2025
72f9c2e
Merge branch 'main' into feature/sigv4auth-storage-backend
SoumyaRaikwar Oct 14, 2025
4ac099b
Merge branch 'main' into feature/sigv4auth-storage-backend
SoumyaRaikwar Oct 14, 2025
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions cmd/jaeger/internal/components.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"github.com/open-telemetry/opentelemetry-collector-contrib/exporter/prometheusexporter"
"github.com/open-telemetry/opentelemetry-collector-contrib/extension/healthcheckv2extension"
"github.com/open-telemetry/opentelemetry-collector-contrib/extension/pprofextension"
"github.com/open-telemetry/opentelemetry-collector-contrib/extension/sigv4authextension"
"github.com/open-telemetry/opentelemetry-collector-contrib/processor/attributesprocessor"
"github.com/open-telemetry/opentelemetry-collector-contrib/processor/filterprocessor"
"github.com/open-telemetry/opentelemetry-collector-contrib/processor/tailsamplingprocessor"
Expand Down Expand Up @@ -72,6 +73,7 @@ func (b builders) build() (otelcol.Factories, error) {
zpagesextension.NewFactory(),

// add-ons
sigv4authextension.NewFactory(),
jaegerquery.NewFactory(),
jaegerstorage.NewFactory(),
remotesampling.NewFactory(),
Expand Down
33 changes: 29 additions & 4 deletions cmd/jaeger/internal/extension/jaegerstorage/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,11 +51,34 @@ type TraceBackend struct {
ClickHouse *clickhouse.Configuration `mapstructure:"clickhouse"`
}

// AuthConfig represents authentication configuration for metric backends.
//
// The Authenticator field expects the ID (name) of an HTTP authenticator
// extension that is registered in the running binary and implements
// go.opentelemetry.io/collector/extension/extensionauth.HTTPClient.
//
// Valid values:
// - "sigv4auth" in the stock Jaeger binary (built-in).
// - Any other extension name is valid only if that authenticator extension
// is included in the build; otherwise Jaeger will error at startup when
// resolving the extension.
// - Empty/omitted means no auth (default behavior).
type AuthConfig struct {
// Authenticator is the name (ID) of the HTTP authenticator extension to use.
Authenticator string `mapstructure:"authenticator"`
}

// PrometheusConfiguration wraps the base Prometheus configuration with auth support.
type PrometheusConfiguration struct {
promCfg.Configuration `mapstructure:",squash"`
Auth *AuthConfig `mapstructure:"auth,omitempty"`
}

// MetricBackend contains configuration for a single metric storage backend.
type MetricBackend struct {
Prometheus *promcfg.Configuration `mapstructure:"prometheus"`
Elasticsearch *escfg.Configuration `mapstructure:"elasticsearch"`
Opensearch *escfg.Configuration `mapstructure:"opensearch"`
Prometheus *PrometheusConfiguration `mapstructure:"prometheus"`
Elasticsearch *esCfg.Configuration `mapstructure:"elasticsearch"`
Opensearch *esCfg.Configuration `mapstructure:"opensearch"`
}

// Unmarshal implements confmap.Unmarshaler. This allows us to provide
Expand Down Expand Up @@ -118,7 +141,9 @@ func (cfg *MetricBackend) Unmarshal(conf *confmap.Conf) error {
// apply defaults
if conf.IsSet("prometheus") {
v := prometheus.DefaultConfig()
cfg.Prometheus = &v
cfg.Prometheus = &PrometheusConfiguration{
Configuration: v,
}
}

if conf.IsSet("elasticsearch") {
Expand Down
38 changes: 36 additions & 2 deletions cmd/jaeger/internal/extension/jaegerstorage/extension.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (

"go.opentelemetry.io/collector/component"
"go.opentelemetry.io/collector/extension"
"go.opentelemetry.io/collector/extension/extensionauth"

"github.com/jaegertracing/jaeger/internal/metrics"
esmetrics "github.com/jaegertracing/jaeger/internal/storage/metricstore/elasticsearch"
Expand Down Expand Up @@ -222,9 +223,28 @@ func (s *storageExt) Start(ctx context.Context, host component.Host) error {
case cfg.Prometheus != nil:
promTelset := telset
promTelset.Metrics = scopedMetricsFactory(metricStorageName, "prometheus", "metricstore")

// Resolve authenticator if configured
var httpAuthenticator extensionauth.HTTPClient
if cfg.Prometheus.Auth != nil && cfg.Prometheus.Auth.Authenticator != "" {
httpAuthenticator, err = s.getAuthenticator(host, cfg.Prometheus.Auth.Authenticator)
if err != nil {
return fmt.Errorf("failed to get HTTP authenticator '%s' for metric storage '%s': %w",
cfg.Prometheus.Auth.Authenticator, metricStorageName, err)
}
s.telset.Logger.Sugar().Infof("HTTP auth configured for metric storage '%s' with authenticator '%s'",
metricStorageName, cfg.Prometheus.Auth.Authenticator)
}

// Create factory with optional authenticator (nil if not configured)
metricStoreFactory, err = prometheus.NewFactoryWithConfig(
*cfg.Prometheus,
promTelset)
cfg.Prometheus.Configuration,
promTelset,
httpAuthenticator,
)
if err != nil {
return fmt.Errorf("failed to initialize metrics storage '%s': %w", metricStorageName, err)
}

case cfg.Elasticsearch != nil:
esTelset := telset
Expand Down Expand Up @@ -284,3 +304,17 @@ func (s *storageExt) MetricStorageFactory(name string) (storage.MetricStoreFacto
mf, ok := s.metricsFactories[name]
return mf, ok
}

// getAuthenticator retrieves an HTTP authenticator extension from the host by name
// authentication extension ID, or nil if no extension is configured.
func (*storageExt) getAuthenticator(host component.Host, authenticatorName string) (extensionauth.HTTPClient, error) {
for id, ext := range host.GetExtensions() {
if id.Name() == authenticatorName {
if httpAuth, ok := ext.(extensionauth.HTTPClient); ok {
return httpAuth, nil
}
return nil, fmt.Errorf("extension '%s' does not implement extensionauth.HTTPClient", authenticatorName)
}
}
return nil, fmt.Errorf("authenticator extension '%s' not found", authenticatorName)
}
Loading