Skip to content

[extension/headersetter] Add support for chaining with other auth extensions #44120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
songy23 merged 4 commits into from
Nov 19, 2025
Merged

[extension/headersetter] Add support for chaining with other auth extensions #44120

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3ce64e6
Added oauth header before writing to header
kushalShukla-web Nov 9, 2025
730b209
Modify some lingtin errors
kushalShukla-web Nov 11, 2025
98ed5da
Merge branch 'main' into chaining
kushalShukla-web Nov 18, 2025
ff84c9c
Merge branch 'main' into chaining
kushalShukla-web Nov 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions .chloggen/chaining.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Use this changelog template to create an entry for release notes.

# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
change_type: enhancement

# The name of the component, or a single word describing the area of concern, (e.g. receiver/filelog)
component: extension/headers_setter

# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
note: "Add support for chaining with other auth extensions via `additional_auth` configuration parameter. This allows combining multiple authentication methods, such as OAuth2 for bearer token authentication and custom headers for additional metadata."

# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
issues: [43797]

# (Optional) One or more lines of additional information to render under the primary note.
# These lines will be padded with 2 spaces and then inserted directly into the document.
# Use pipe (|) for multiline entries.
subtext: |
The `additional_auth` parameter enables the `headers_setter` extension to work in conjunction
with other authentication extensions like `oauth2client`. The additional auth extension is called
first to apply its authentication, then headers_setter adds its configured headers on top.

# If your change doesn't affect end users or the exported elements of any package,
# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
# Optional: The change log or logs in which this entry should be included.
# e.g. '[user]' or '[user, api]'
# Include 'user' if the change is relevant to end users.
# Include 'api' if there is a change to a library API.
# Default: '[user]'
change_logs: [user]
66 changes: 65 additions & 1 deletion extension/headerssetterextension/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,12 @@ header to the value extracted from the context.

## Configuration

The following settings are required:
The following settings are available:

- `additional_auth` (Optional): The ID of another auth extension to chain with.
When specified, this extension will call the additional auth extension first,
then apply its own headers on top. This allows combining multiple authentication
methods, such as OAuth2 for authorization and custom headers for additional metadata.

- `headers`: a list of header configuration objects that specify headers and
their value sources. Each configuration object has the following properties:
Expand Down Expand Up @@ -100,6 +105,65 @@ service:
exporters: [ loki ]
```

## Chaining with other Auth Extensions

The `headers_setter` extension can be chained with another authentication extension
using the `additional_auth` parameter. This allows combining multiple authentication
methods, such as OAuth2 for bearer token authentication and custom headers for
additional metadata or routing information.

### Example: Combining OAuth2 and Custom Headers

```yaml
extensions:
oauth2client:
client_id: someclientid
client_secret: someclientsecret
token_url: https://example.com/oauth2/default/v1/token
scopes: ["api.metrics"]
# The timeout parameter is optional
timeout: 2s

headers_setter:
# Chain with the oauth2client extension
additional_auth: oauth2client
headers:
- key: X-Scope-OrgID
value: acme-tenant
- key: X-Custom-Header
from_context: custom_metadata

receivers:
otlp:
protocols:
http:
include_metadata: true

exporters:
prometheusremotewrite:
endpoint: https://prometheus.example.com/api/v1/write
auth:
# Use headers_setter as the authenticator
# This will apply both OAuth2 and custom headers
authenticator: headers_setter

service:
extensions: [oauth2client, headers_setter]
pipelines:
metrics:
receivers: [otlp]
exporters: [prometheusremotewrite]
```

In this configuration:
1. The `oauth2client` extension provides OAuth2 bearer token authentication
2. The `headers_setter` extension adds custom headers on top of the OAuth2 authentication
3. When the exporter sends data, both authentication methods are applied:
- OAuth2 adds the `Authorization: Bearer <token>` header
- Headers setter adds `X-Scope-OrgID` and `X-Custom-Header` headers
4. The collector ensures the `oauth2client` extension starts before `headers_setter`
due to the dependency relationship

[batch-processor]: https://github.com/open-telemetry/opentelemetry-collector/tree/main/processor/batchprocessor/README.md
[batch-processor-preserve-metadata]: https://github.com/open-telemetry/opentelemetry-collector/tree/main/processor/batchprocessor/README.md#batching-and-client-metadata

Expand Down
Loading
Loading