New component: Add a headers_transform extension with support for authenticator

[constanca-m]

The purpose and use-cases of the new component

Use case: I am using awsfirehosereceiver. The receiver sets my API key in the header X-Amz-Firehose-Access-Key. However, my receiver is using an authenticator extension that expects the header authorization with the scheme ApiKey:

 extensions:
  bearertokenauth/withscheme:
    scheme: "ApiKey"
    token: "randomtoken"

Since the header is not present, even though there is one with the API key, the requests will keep failing.

Purpose: The purpose is to set the authorization in the expected Authorization header. The new extension should get:

• The name of an authenticator extension
• A list of OTTL statements to set the values of the headers

It will then execute each statement, before calling Authenticate of the authenticator extension given.

Example configuration for the component

Example configuration:

extensions:
  bearertokenauth/withscheme:
    scheme: "ApiKey"
    token: "randomtoken"

  headers_transform:
    server: # this is meant for receiver
      next_auth: bearertokenauth/withscheme
      statements:
        - set(headers["Authorization"], Format("ApiKey %s", [headers["X-Amz-Firehose-Access-Key"]]))
    # client: # this is meant for exporters

receivers:
  awsfirehosereceiver:
    auth: headers_transform      # <-- headers_transform instead of bearertokenauth/withscheme

Telemetry data types supported

All the supported by the chained authenticator.

Code Owner(s)

@axw

Sponsor (optional)

No response

Additional context

No response

[axw]

I'm happy to be a code owner for this if it's accepted. See #37870 (comment).

This may also be another candidate for open-telemetry/opentelemetry-collector#7441, similar to #35276

[axw]

@MovieStoreGuy @jpkrohling do either of you have an opinion on this? Should we be designing a middleware/interceptor extension framework first, and then building this on top?

[jpkrohling]

I believe the following PR would allow the bearer token auth to be used in this scenario: #36986

[constanca-m]

Thanks @jpkrohling, I believe the PR will cover this. But bearer token auth was just an example. This extension has support for every authenticator.

[jpkrohling]

Got it. I fail to see which other use-cases would be covered with this, but I'll let a potential sponsor chime in. For the moment, I'm not open to being a sponsor for new components.

[MovieStoreGuy]

I am not sure how much of a common issue this is for users that it should be accepted as a community component.

I am happy to revisit if more of the community expresses interest.