Authentication processor 1/4 - Add configauth (#1807)

Signed-off-by: Juraci Paixão Kröhling <[email protected]>

config/configauth/README.md

@@ -0,0 +1,17 @@
+# Authentication configuration for receivers
+
+This module allows server types, such as gRPC and HTTP, to be configured to perform authentication for requests and/or RPCs. Each server type is responsible for getting the request/RPC metadata and passing down to the authenticator. Currently, only bearer token authentication is supported, although the module is ready to accept new authenticators.
+
+Examples:
+```yaml
+receivers:
+  somereceiver:
+    grpc:
+      authentication:
+        attribute: authorization
+        oidc:
+          issuer_url: https://auth.example.com/
+          issuer_ca_path: /etc/pki/tls/cert.pem
+          client_id: my-oidc-client
+          username_claim: email
+```

config/configauth/configauth.go

@@ -0,0 +1,49 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package configauth
+
+// Authentication defines the auth settings for the receiver
+type Authentication struct {
+	// The attribute (header name) to look for auth data. Optional, default value: "authentication".
+	Attribute string `mapstructure:"attribute"`
+
+	// OIDC configures this receiver to use the given OIDC provider as the backend for the authentication mechanism.
+	// Required.
+	OIDC *OIDC `mapstructure:"oidc"`
+}
+
+// OIDC defines the OpenID Connect properties for this processor
+type OIDC struct {
+	// IssuerURL is the base URL for the OIDC provider.
+	// Required.
+	IssuerURL string `mapstructure:"issuer_url"`
+
+	// Audience of the token, used during the verification.
+	// For example: "https://accounts.google.com" or "https://login.salesforce.com".
+	// Required.
+	Audience string `mapstructure:"audience"`
+
+	// The local path for the issuer CA's TLS server cert.
+	// Optional.
+	IssuerCAPath string `mapstructure:"issuer_ca_path"`
+
+	// The claim to use as the username, in case the token's 'sub' isn't the suitable source.
+	// Optional.
+	UsernameClaim string `mapstructure:"username_claim"`
+
+	// The claim that holds the subject's group membership information.
+	// Optional.
+	GroupsClaim string `mapstructure:"groups_claim"`
+}

config/configauth/empty_test.go

@@ -0,0 +1,15 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package configauth