Tags: jaegertracing/jaeger
Tags
feat(storage): Add SigV4 authentication support for Elasticsearch/Ope… …nSearch storage backends (#7611) This PR enables Jaeger to use AWS Managed Elasticsearch/OpenSearch for trace and metrics storage by adding SigV4 HTTP authentication support to Elasticsearch and OpenSearch backends. ## Summary of changes **Configuration** - Add `jaeger_storage.backends.<name>.<elasticsearch|opensearch>.auth_extension.authenticator` to reference an OpenTelemetry HTTP authenticator extension by name - Add `jaeger_storage.metric_backends.<name>.<elasticsearch|opensearch>.auth_extension.authenticator` for metric storage backends **Elasticsearch/OpenSearch backends** - Thread the resolved HTTP authenticator through the factory chain (v1/v2 trace storage and metrics storage) - Wrap the HTTP RoundTripper used by ES/OS clients with the extension's RoundTripper (applies SigV4 signing when using `sigv4authextension` ) - Updated `GetHTTPRoundTripper()` to accept and apply the HTTP authenticator ## Configuration example ```yaml extensions: sigv4auth: region: us-east-1 service: es # or 'aoss' for OpenSearch Serverless # credentials/assume-role configuration per the extension's documentation service: extensions: [sigv4auth] jaeger_storage: backends: es-aws: elasticsearch: servers: ["https://my-domain.us-east-1.es.amazonaws.com/"] auth_extension: authenticator: sigv4auth indices: spans: shards: 5 replicas: 1 metric_backends: es-metrics: elasticsearch: servers: ["https://my-domain.us-east-1.es.amazonaws.com/"] auth_extension: authenticator: sigv4auth ``` ## Implementation - ES/OS backends now support optional HTTP authenticators via `auth_extension.authenticator` - The extension's RoundTripper wraps the base transport for SigV4 signing - Supports trace and metrics storage for Elasticsearch 7.x/8.x and OpenSearch ## Scope - Adds authentication support to: - Elasticsearch trace storage (v1 and v2) - OpenSearch trace storage (v1 and v2) - Elasticsearch metrics storage - OpenSearch metrics storage - Backward compatible - authentication is optional ## Related issue Part of #7468 --------- Signed-off-by: SoumyaRaikwar <[email protected]> Signed-off-by: Soumya Raikwar <[email protected]> Co-authored-by: Yuri Shkuro <[email protected]>
feat(storage): Add SigV4 authentication support for Elasticsearch/Ope… …nSearch storage backends (#7611) This PR enables Jaeger to use AWS Managed Elasticsearch/OpenSearch for trace and metrics storage by adding SigV4 HTTP authentication support to Elasticsearch and OpenSearch backends. ## Summary of changes **Configuration** - Add `jaeger_storage.backends.<name>.<elasticsearch|opensearch>.auth_extension.authenticator` to reference an OpenTelemetry HTTP authenticator extension by name - Add `jaeger_storage.metric_backends.<name>.<elasticsearch|opensearch>.auth_extension.authenticator` for metric storage backends **Elasticsearch/OpenSearch backends** - Thread the resolved HTTP authenticator through the factory chain (v1/v2 trace storage and metrics storage) - Wrap the HTTP RoundTripper used by ES/OS clients with the extension's RoundTripper (applies SigV4 signing when using `sigv4authextension` ) - Updated `GetHTTPRoundTripper()` to accept and apply the HTTP authenticator ## Configuration example ```yaml extensions: sigv4auth: region: us-east-1 service: es # or 'aoss' for OpenSearch Serverless # credentials/assume-role configuration per the extension's documentation service: extensions: [sigv4auth] jaeger_storage: backends: es-aws: elasticsearch: servers: ["https://my-domain.us-east-1.es.amazonaws.com/"] auth_extension: authenticator: sigv4auth indices: spans: shards: 5 replicas: 1 metric_backends: es-metrics: elasticsearch: servers: ["https://my-domain.us-east-1.es.amazonaws.com/"] auth_extension: authenticator: sigv4auth ``` ## Implementation - ES/OS backends now support optional HTTP authenticators via `auth_extension.authenticator` - The extension's RoundTripper wraps the base transport for SigV4 signing - Supports trace and metrics storage for Elasticsearch 7.x/8.x and OpenSearch ## Scope - Adds authentication support to: - Elasticsearch trace storage (v1 and v2) - OpenSearch trace storage (v1 and v2) - Elasticsearch metrics storage - OpenSearch metrics storage - Backward compatible - authentication is optional ## Related issue Part of #7468 --------- Signed-off-by: SoumyaRaikwar <[email protected]> Signed-off-by: Soumya Raikwar <[email protected]> Co-authored-by: Yuri Shkuro <[email protected]>
PreviousNext