feat: add first-class Basic Auth support to OTEL config

Author: i-naman

README.md

@@ -92,6 +92,11 @@ cfg := ion.Config{
         Enabled:  true,
         Endpoint: "otel-collector:4317", // gRPC by default
         Protocol: "grpc",
+        Username: "admin",        // Optional Basic Auth
+        Password: "supersecret",  // Optional Basic Auth
+        Headers: map[string]string{ // Optional custom headers
+            "X-Custom-Token": "value",
+        },
         BatchSize: 1000,
         Attributes: map[string]string{
             "env": "production",

config.go

@@ -95,6 +95,12 @@ type OTELConfig struct {
 	// Default: false
 	Insecure bool `yaml:"insecure" json:"insecure"`
 
+	// Username for Basic Authentication (optional).
+	Username string `yaml:"username" json:"username" env:"OTEL_USERNAME"`
+
+	// Password for Basic Authentication (optional).
+	Password string `yaml:"password" json:"password" env:"OTEL_PASSWORD"`
+
 	// Headers are additional headers to send (e.g., auth tokens).
 	Headers map[string]string `yaml:"headers" json:"headers"`
 

ion_auth_analysis.md.resolved

@@ -0,0 +1,42 @@
+# Ion Library OTel Authentication Analysis
+
+## Current Status
+The [ion](file:///Users/naman/JM/repos/JMDT-Sequencer-Orchestrator/internal/config/config.go#154-164) library's `OTELConfig` struct currently lacks explicit fields for authentication credentials (e.g., `Username` and `Password`). However, it exposes a `Headers` field (`map[string]string`) which is passed to the underlying OpenTelemetry exporter.
+
+## Authentication Implementation
+To support Basic Authentication (commonly used with OTel collectors/receivers):
+1.  **Manual Header Construction**: Users must manually construct the `Authorization` header.
+    -   Format: `Basic <base64(username:password)>`
+2.  **Configuration**: This header key-value pair is then added to `ion.OTELConfig.Headers`.
+
+## Implementation in Orchestrator
+We have successfully implemented this pattern in [cmd/orchestrator/main.go](file:///Users/naman/JM/repos/JMDT-Sequencer-Orchestrator/cmd/orchestrator/main.go):
+```go
+// Construct Basic Auth header manually
+if cfg.OTelUsername != "" && cfg.OTelPassword != "" {
+    auth := fmt.Sprintf("%s:%s", cfg.OTelUsername, cfg.OTelPassword)
+    encodedAuth := base64.StdEncoding.EncodeToString([]byte(auth))
+    otelHeaders["Authorization"] = "Basic " + encodedAuth
+}
+```
+
+## Recommendations for Ion Library Improvements
+To improve Developer Experience (DX) and reduce boilerplate code for consumers:
+
+1.  **Add First-Class Auth Fields**:
+    Extend `ion.OTELConfig` to include `Username` and `Password` fields.
+    ```go
+    type OTELConfig struct {
+        // ... existing fields
+        Username string
+        Password string
+    }
+    ```
+
+2.  **Internal Handling**:
+    Update `ion.NewWithOTEL` (or internal exporter setup) to automatically detect these fields.
+    -   If `Username` and `Password` are set, the library should generate the `Authorization` header internally.
+    -   This abstract away the base64 encoding requirement from the user.
+
+3.  **Documentation**:
+    Explicitly document that `Headers` can be used for custom auth tokens (e.g., Bearer tokens) if strict Basic Auth fields are not added.

zap.go

@@ -2,6 +2,8 @@ package ion
 
 import (
 	"context"
+	"encoding/base64"
+	"fmt"
 	"os"
 	"strings"
 	"sync"
@@ -29,14 +31,28 @@ func New(cfg Config) Logger {
 // NewWithOTEL creates a logger with OTEL export enabled.
 // This wires Zap logs to the OpenTelemetry log pipeline.
 func NewWithOTEL(cfg Config) (Logger, error) {
+	// 1. Handle Basic Auth Wrapper
+	// If Username/Password are provided, inject the Authorization header.
+	// This improves DX by removing the need for users to base64 encode manually.
+	headers := cfg.OTEL.Headers
+	if headers == nil {
+		headers = make(map[string]string)
+	}
+
+	if cfg.OTEL.Username != "" && cfg.OTEL.Password != "" {
+		auth := fmt.Sprintf("%s:%s", cfg.OTEL.Username, cfg.OTEL.Password)
+		encodedAuth := base64.StdEncoding.EncodeToString([]byte(auth))
+		headers["Authorization"] = "Basic " + encodedAuth
+	}
+
 	// Map config to internal OTEL config
 	otelCfg := otel.Config{
 		Enabled:        cfg.OTEL.Enabled,
 		Endpoint:       cfg.OTEL.Endpoint,
 		Protocol:       cfg.OTEL.Protocol,
 		Insecure:       cfg.OTEL.Insecure,
 		Timeout:        cfg.OTEL.Timeout,
-		Headers:        cfg.OTEL.Headers,
+		Headers:        headers,
 		Attributes:     cfg.OTEL.Attributes,
 		BatchSize:      cfg.OTEL.BatchSize,
 		ExportInterval: cfg.OTEL.ExportInterval,