Update agent config to be otlp token passthrough ready

cmd/otelcol/config/collector/agent_config.yaml

@@ -12,6 +12,12 @@
 # - SPLUNK_LISTEN_INTERFACE: The network interface the agent receivers listen on.
 
 extensions:
+  headers_setter:
+    headers:
+      - action: upsert
+        key: X-SF-TOKEN
+        from_context: X-SF-TOKEN
+        default_value: "${SPLUNK_ACCESS_TOKEN}"
   health_check:
     endpoint: "${SPLUNK_LISTEN_INTERFACE}:13133"
   http_forwarder:
@@ -61,8 +67,12 @@ receivers:
     protocols:
       grpc:
         endpoint: "${SPLUNK_LISTEN_INTERFACE}:4317"
+        # Uncomment below config to preserve incoming access token and use it instead of the token value set in exporter config
+        # include_metadata: true
       http:
         endpoint: "${SPLUNK_LISTEN_INTERFACE}:4318"
+        # Uncomment below config to preserve incoming access token and use it instead of the token value set in exporter config
+        # include_metadata: true
   # This section is used to collect the OpenTelemetry Collector metrics
   # Even if just a Splunk APM customer, these metrics are included
   prometheus/internal:
@@ -134,6 +144,8 @@ exporters:
     traces_endpoint: "${SPLUNK_INGEST_URL}/v2/trace/otlp"
     headers:
       "X-SF-Token": "${SPLUNK_ACCESS_TOKEN}"
+    auth:
+      authenticator: headers_setter
   # Metrics + Events
   signalfx:
     access_token: "${SPLUNK_ACCESS_TOKEN}"
@@ -149,6 +161,8 @@ exporters:
     logs_endpoint: "${SPLUNK_INGEST_URL}/v3/event"
     headers:
       "X-SF-Token": "${SPLUNK_ACCESS_TOKEN}"
+    auth:
+      authenticator: headers_setter
   # Logs
   splunk_hec:
     token: "${SPLUNK_HEC_TOKEN}"
@@ -166,12 +180,14 @@ exporters:
     endpoint: "${SPLUNK_GATEWAY_URL}:4317"
     tls:
       insecure: true
+    auth:
+      authenticator: headers_setter
   # Debug
   debug:
     verbosity: detailed
 
 service:
-  extensions: [health_check, http_forwarder, zpages, smartagent]
+  extensions: [headers_setter, health_check, http_forwarder, zpages, smartagent]
   pipelines:
     traces:
       receivers: [jaeger, otlp, zipkin]

cmd/otelcol/config/collector/ecs_ec2_config.yaml

@@ -6,6 +6,12 @@ config_sources:
       METRICS_TO_EXCLUDE: []
 
 extensions:
+  headers_setter:
+    headers:
+      - action: upsert
+        key: X-SF-TOKEN
+        from_context: X-SF-TOKEN
+        default_value: "${SPLUNK_ACCESS_TOKEN}"
   health_check:
     endpoint: 0.0.0.0:13133
   http_forwarder:
@@ -47,8 +53,12 @@ receivers:
     protocols:
       grpc:
         endpoint: 0.0.0.0:4317
+        # Uncomment below config to preserve incoming access token and use it instead of the token value set in exporter config
+        # include_metadata: true
       http:
         endpoint: 0.0.0.0:4318
+        # Uncomment below config to preserve incoming access token and use it instead of the token value set in exporter config
+        # include_metadata: true
   # This section is used to collect the OpenTelemetry Collector metrics
   # Even if just a Splunk APM customer, these metrics are included
   prometheus/internal:
@@ -110,6 +120,8 @@ exporters:
     traces_endpoint: "${SPLUNK_INGEST_URL}/v2/trace/otlp"
     headers:
       "X-SF-Token": "${SPLUNK_ACCESS_TOKEN}"
+    auth:
+      authenticator: headers_setter
   # Metrics + Events
   signalfx:
     access_token: "${SPLUNK_ACCESS_TOKEN}"
@@ -128,7 +140,7 @@ exporters:
     endpoint: "${SPLUNK_INGEST_URL}/v1/log"
     log_data_enabled: false
 service:
-  extensions: [health_check, http_forwarder, zpages]
+  extensions: [headers_setter, health_check, http_forwarder, zpages]
   pipelines:
     traces:
       receivers: [jaeger, otlp, zipkin]

cmd/otelcol/config/collector/fargate_config.yaml

@@ -1,6 +1,12 @@
 # This collector config file is designed for use within an ECS task.
 # The collector should run in a sidecar container within an ECS task.
 extensions:
+  headers_setter:
+    headers:
+      - action: upsert
+        key: X-SF-TOKEN
+        from_context: X-SF-TOKEN
+        default_value: "${SPLUNK_ACCESS_TOKEN}"
   health_check:
     endpoint: 0.0.0.0:13133
   http_forwarder:
@@ -22,8 +28,12 @@ receivers:
     protocols:
       grpc:
         endpoint: 0.0.0.0:4317
+        # Uncomment below config to preserve incoming access token and use it instead of the token value set in exporter config
+        # include_metadata: true
       http:
         endpoint: 0.0.0.0:4318
+        # Uncomment below config to preserve incoming access token and use it instead of the token value set in exporter config
+        # include_metadata: true
   # This section is used to collect the OpenTelemetry Collector metrics
   # Even if just a Splunk APM customer, these metrics are included
   prometheus/internal:
@@ -80,6 +90,8 @@ exporters:
     traces_endpoint: "${SPLUNK_INGEST_URL}/v2/trace/otlp"
     headers:
       "X-SF-Token": "${SPLUNK_ACCESS_TOKEN}"
+    auth:
+      authenticator: headers_setter
   # Metrics + Events
   signalfx:
     access_token: "${SPLUNK_ACCESS_TOKEN}"
@@ -99,7 +111,7 @@ exporters:
     log_data_enabled: false
 
 service:
-  extensions: [health_check, http_forwarder, zpages]
+  extensions: [headers_setter, health_check, http_forwarder, zpages]
   pipelines:
     traces:
       receivers: [jaeger, otlp, zipkin]

cmd/otelcol/config/collector/full_config_linux.yaml

@@ -43,8 +43,12 @@ receivers:
     protocols:
       grpc:
         endpoint: 0.0.0.0:4317
+        # Uncomment below config to preserve incoming access token and use it instead of the token value set in exporter config
+        # include_metadata: true
       http:
         endpoint: 0.0.0.0:4318
+        # Uncomment below config to preserve incoming access token and use it instead of the token value set in exporter config
+        # include_metadata: true
 
   #############################################################################
   # Traces
@@ -634,6 +638,8 @@ exporters:
   # WARN: https://ingest.${SPLUNK_REALM}.signalfx.com does NOT support gRPC at this time; use otlphttp exporter instead
   otlp:
     endpoint: otelcol2:4317
+    auth:
+      authenticator: headers_setter
 
   # Enables the otlp http exporter
   # Full configuration here: https://github.com/open-telemetry/opentelemetry-collector/tree/main/exporter/otlphttpexporter
@@ -643,6 +649,8 @@ exporters:
     compression: gzip
     headers:
       X-SF-TOKEN: "${SPLUNK_ACCESS_TOKEN}"
+    auth:
+      authenticator: headers_setter
 
   # Enables the zipkin exporter
   # Full configuration here: https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/exporter/zipkinexporter
@@ -706,6 +714,14 @@ exporters:
 # Some processors require configuration (e.g. attributes)
 ###############################################################################
 extensions:
+  # Enables the headers setter extension
+  # Full configuration here: https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/extension/headerssetterextension
+  headers_setter:
+    headers:
+      - action: upsert
+        key: X-SF-TOKEN
+        from_context: X-SF-TOKEN
+        default_value: "${SPLUNK_ACCESS_TOKEN}"
 
   # Enables the health check extension
   # Full configuration here: https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/extension/healthcheckextension
@@ -750,7 +766,7 @@ extensions:
 service:
 
   # Which extensions you want to enable
-  extensions: [health_check, http_forwarder, zpages]
+  extensions: [headers_setter, health_check, http_forwarder, zpages]
 
   # Pipelines are data source specific today
   # Every data source is made up of at least one receiver and one exporter

cmd/otelcol/config/collector/otlp_config_linux.yaml

@@ -16,8 +16,12 @@ receivers:
     protocols:
       grpc:
         endpoint: 0.0.0.0:4317
+        # Uncomment below config to preserve incoming access token and use it instead of the token value set in exporter config
+        # include_metadata: true
       http:
         endpoint: 0.0.0.0:4318
+        # Uncomment below config to preserve incoming access token and use it instead of the token value set in exporter config
+        # include_metadata: true
   # This section is used to collect the OpenTelemetry Collector metrics
   # Even if just a Splunk APM customer, these metrics are included
   prometheus/internal:
@@ -79,6 +83,8 @@ exporters:
     compression: gzip
     headers:
       "X-SF-Token": "${SPLUNK_ACCESS_TOKEN}"
+    auth:
+      authenticator: headers_setter
   # Metrics + Events
   signalfx:
     access_token: "${SPLUNK_ACCESS_TOKEN}"
@@ -88,6 +94,12 @@ exporters:
     #verbosity: detailed
 
 extensions:
+  headers_setter:
+    headers:
+      - action: upsert
+        key: X-SF-TOKEN
+        from_context: X-SF-TOKEN
+        default_value: "${SPLUNK_ACCESS_TOKEN}"
   health_check:
     endpoint: 0.0.0.0:13133
   http_forwarder:
@@ -99,7 +111,7 @@ extensions:
     endpoint: 0.0.0.0:55679
 
 service:
-  extensions: [health_check, http_forwarder, zpages]
+  extensions: [headers_setter, health_check, http_forwarder, zpages]
   pipelines:
     traces:
       receivers: [jaeger, otlp, zipkin]

cmd/otelcol/config/collector/upstream_agent_config.yaml

@@ -14,6 +14,12 @@
 # - SPLUNK_INGEST_URL: The Splunk ingest URL, e.g. https://ingest.us0.signalfx.com
 
 extensions:
+  headers_setter:
+    headers:
+      - action: upsert
+        key: X-SF-TOKEN
+        from_context: X-SF-TOKEN
+        default_value: "${SPLUNK_ACCESS_TOKEN}"
   health_check:
     endpoint: 0.0.0.0:13133
   http_forwarder:
@@ -59,8 +65,12 @@ receivers:
     protocols:
       grpc:
         endpoint: 0.0.0.0:4317
+        # Uncomment below config to preserve incoming access token and use it instead of the token value set in exporter config
+        # include_metadata: true
       http:
         endpoint: 0.0.0.0:4318
+        # Uncomment below config to preserve incoming access token and use it instead of the token value set in exporter config
+        # include_metadata: true
   # This section is used to collect the OpenTelemetry Collector metrics
   # Even if just a Splunk APM customer, these metrics are included
   prometheus/internal:
@@ -121,6 +131,8 @@ exporters:
     traces_endpoint: "${SPLUNK_INGEST_URL}/v2/trace/otlp"
     headers:
       "X-SF-Token": "${SPLUNK_ACCESS_TOKEN}"
+    auth:
+      authenticator: headers_setter
   # Metrics + Events
   signalfx:
     access_token: "${SPLUNK_ACCESS_TOKEN}"
@@ -136,6 +148,8 @@ exporters:
     logs_endpoint: "${SPLUNK_INGEST_URL}/v3/event"
     headers:
       "X-SF-Token": "${SPLUNK_ACCESS_TOKEN}"
+    auth:
+      authenticator: headers_setter
   splunk_hec/profiling:
     token: "${SPLUNK_ACCESS_TOKEN}"
     endpoint: "https://ingest.${SPLUNK_REALM}.signalfx.com/v1/log"
@@ -145,12 +159,14 @@ exporters:
     endpoint: "${SPLUNK_GATEWAY_URL}:4317"
     tls:
       insecure: true
+    auth:
+      authenticator: headers_setter
   # Debug
   debug:
     verbosity: detailed
 
 service:
-  extensions: [health_check, http_forwarder, zpages]
+  extensions: [headers_setter, health_check, http_forwarder, zpages]
   pipelines:
     # Required for Splunk APM
     traces:

cmd/otelcol/fips/config/agent_config.yaml

@@ -10,6 +10,12 @@
 # - SPLUNK_LISTEN_INTERFACE: The network interface the agent receivers listen on.
 
 extensions:
+  headers_setter:
+    headers:
+      - action: upsert
+        key: X-SF-TOKEN
+        from_context: X-SF-TOKEN
+        default_value: "${SPLUNK_ACCESS_TOKEN}"
   health_check:
     endpoint: "${SPLUNK_LISTEN_INTERFACE}:13133"
   http_forwarder:
@@ -55,8 +61,12 @@ receivers:
     protocols:
       grpc:
         endpoint: "${SPLUNK_LISTEN_INTERFACE}:4317"
+        # Uncomment below config to preserve incoming access token and use it instead of the token value set in exporter config
+        # include_metadata: true
       http:
         endpoint: "${SPLUNK_LISTEN_INTERFACE}:4318"
+        # Uncomment below config to preserve incoming access token and use it instead of the token value set in exporter config
+        # include_metadata: true
   # This section is used to collect the OpenTelemetry Collector metrics
   # Even if just a Splunk APM customer, these metrics are included
   prometheus/internal:
@@ -84,6 +94,8 @@ receivers:
 
 processors:
   batch:
+    metadata_keys:
+      - X-SF-Token
   # Enabling the memory_limiter is strongly recommended for every pipeline.
   # Configuration is based on the amount of memory allocated to the collector.
   # For more information about memory limiter, see
@@ -117,6 +129,8 @@ exporters:
     traces_endpoint: "${SPLUNK_INGEST_URL}/v2/trace/otlp"
     headers:
       "X-SF-Token": "${SPLUNK_ACCESS_TOKEN}"
+    auth:
+      authenticator: headers_setter
   # Metrics + Events
   signalfx:
     access_token: "${SPLUNK_ACCESS_TOKEN}"
@@ -132,6 +146,8 @@ exporters:
     logs_endpoint: "${SPLUNK_INGEST_URL}/v3/event"
     headers:
       "X-SF-Token": "${SPLUNK_ACCESS_TOKEN}"
+    auth:
+      authenticator: headers_setter
   # Logs
   splunk_hec:
     token: "${SPLUNK_HEC_TOKEN}"
@@ -149,12 +165,14 @@ exporters:
     endpoint: "${SPLUNK_GATEWAY_URL}:4317"
     tls:
       insecure: true
+    auth:
+      authenticator: headers_setter
   # Debug
   debug:
     verbosity: detailed
 
 service:
-  extensions: [health_check, http_forwarder, zpages]
+  extensions: [headers_setter, health_check, http_forwarder, zpages]
   pipelines:
     traces:
       receivers: [jaeger, otlp, zipkin]