From 825b346bbdb832fbe718ebdc71bf5609e932b558 Mon Sep 17 00:00:00 2001 From: Jan Korona Date: Mon, 29 Sep 2025 18:25:43 +0200 Subject: [PATCH 1/2] Remove usage of deprecated access_token_passthrough config option --- ...gnalfxreceiver_accesstokenpassthrough.yaml | 29 +++ receiver/signalfxreceiver/README.md | 12 +- receiver/signalfxreceiver/config.go | 8 - receiver/signalfxreceiver/config_test.go | 7 - receiver/signalfxreceiver/factory.go | 16 -- receiver/signalfxreceiver/receiver.go | 21 -- receiver/signalfxreceiver/receiver_test.go | 198 ------------------ .../signalfxreceiver/testdata/config.yaml | 1 - 8 files changed, 33 insertions(+), 259 deletions(-) create mode 100644 .chloggen/signalfxreceiver_accesstokenpassthrough.yaml diff --git a/.chloggen/signalfxreceiver_accesstokenpassthrough.yaml b/.chloggen/signalfxreceiver_accesstokenpassthrough.yaml new file mode 100644 index 0000000000000..c46430d52863e --- /dev/null +++ b/.chloggen/signalfxreceiver_accesstokenpassthrough.yaml @@ -0,0 +1,29 @@ +# Use this changelog template to create an entry for release notes. + +# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' +change_type: breaking + +# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver) +component: signalfxreceiver + +# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). +note: "Removed deprecated configuration option: access_token_passthrough" + +# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists. +issues: [43048] + +# (Optional) One or more lines of additional information to render under the primary note. +# These lines will be padded with 2 spaces and then inserted directly into the document. +# Use pipe (|) for multiline entries. +subtext: | + As access token passthrough option is no longer supported, to achieve similar behavior configure your collector + to use `headers_setter` extension to pass the access token. + +# If your change doesn't affect end users or the exported elements of any package, +# you should instead start your pull request title with [chore] or use the "Skip Changelog" label. +# Optional: The change log or logs in which this entry should be included. +# e.g. '[user]' or '[user, api]' +# Include 'user' if the change is relevant to end users. +# Include 'api' if there is a change to a library API. +# Default: '[user]' +change_logs: [] diff --git a/receiver/signalfxreceiver/README.md b/receiver/signalfxreceiver/README.md index 8d2131fa7617f..4aeb347d2260b 100644 --- a/receiver/signalfxreceiver/README.md +++ b/receiver/signalfxreceiver/README.md @@ -33,13 +33,6 @@ The following settings are required: The following settings are optional: -- `access_token_passthrough`: (default = `false`) Whether to preserve incoming - access token (`X-Sf-Token` header value) as - `"com.splunk.signalfx.access_token"` metric resource attribute. Should only be - used in tandem with identical configuration option for [SignalFx - exporter](../../exporter/signalfxexporter/README.md) to preserve datapoint - origin. Usage of any other exporter in a metric pipeline with this configuration - option enabled will reveal all organization access tokens contained in this attribute. - `tls_settings` (no default): This is an optional object used to specify if TLS should be used for incoming connections. Both `key_file` and `cert_file` are required to support incoming TLS connections. @@ -52,7 +45,6 @@ Example: receivers: signalfx: signalfx/advanced: - access_token_passthrough: true tls: cert_file: /test.crt key_file: /test.key @@ -75,3 +67,7 @@ service: processors: [memory_limiter, batch] exporters: [signalfx] ``` +## Access token passthrough + +Access token passthrough is no longer supported, to achieve similar behavior configure your collector +to use `headers_setter` extension to pass the access token. diff --git a/receiver/signalfxreceiver/config.go b/receiver/signalfxreceiver/config.go index 4aeee919f39ca..19c0fac922bed 100644 --- a/receiver/signalfxreceiver/config.go +++ b/receiver/signalfxreceiver/config.go @@ -7,8 +7,6 @@ import ( "errors" "go.opentelemetry.io/collector/config/confighttp" - - "github.com/open-telemetry/opentelemetry-collector-contrib/internal/splunk" ) var errEmptyEndpoint = errors.New("empty endpoint") @@ -16,12 +14,6 @@ var errEmptyEndpoint = errors.New("empty endpoint") // Config defines configuration for the SignalFx receiver. type Config struct { confighttp.ServerConfig `mapstructure:",squash"` // squash ensures fields are correctly decoded in embedded struct - - // Deprecated: `access_token_passthrough` is deprecated. - // Please enable include_metadata in the receiver and add the following config to the batch processor: - // batch: - // metadata_keys: [X-Sf-Token] - splunk.AccessTokenPassthroughConfig `mapstructure:",squash"` } // Validate verifies that the endpoint is valid and the configured port is not 0 diff --git a/receiver/signalfxreceiver/config_test.go b/receiver/signalfxreceiver/config_test.go index bb666d23afc9a..61478b7061ca8 100644 --- a/receiver/signalfxreceiver/config_test.go +++ b/receiver/signalfxreceiver/config_test.go @@ -16,7 +16,6 @@ import ( "go.opentelemetry.io/collector/confmap/confmaptest" "go.opentelemetry.io/collector/confmap/xconfmap" - "github.com/open-telemetry/opentelemetry-collector-contrib/internal/splunk" "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/signalfxreceiver/internal/metadata" ) @@ -40,9 +39,6 @@ func TestLoadConfig(t *testing.T) { ServerConfig: confighttp.ServerConfig{ Endpoint: "localhost:9943", }, - AccessTokenPassthroughConfig: splunk.AccessTokenPassthroughConfig{ - AccessTokenPassthrough: true, - }, }, }, { @@ -57,9 +53,6 @@ func TestLoadConfig(t *testing.T) { }, }), }, - AccessTokenPassthroughConfig: splunk.AccessTokenPassthroughConfig{ - AccessTokenPassthrough: false, - }, }, }, } diff --git a/receiver/signalfxreceiver/factory.go b/receiver/signalfxreceiver/factory.go index ac1e0bdde9b1b..e115f1d8d9a4d 100644 --- a/receiver/signalfxreceiver/factory.go +++ b/receiver/signalfxreceiver/factory.go @@ -70,14 +70,6 @@ func createMetricsReceiver( ) (receiver.Metrics, error) { rCfg := cfg.(*Config) - if rCfg.AccessTokenPassthrough { - params.Logger.Warn( - "access_token_passthrough is deprecated. " + - "Please enable include_metadata in the receiver and add " + - "`metadata_keys: [X-Sf-Token]` to the batch processor", - ) - } - receiverLock.Lock() r := receivers[rCfg] if r == nil { @@ -104,14 +96,6 @@ func createLogsReceiver( ) (receiver.Logs, error) { rCfg := cfg.(*Config) - if rCfg.AccessTokenPassthrough { - params.Logger.Warn( - "access_token_passthrough is deprecated. " + - "Please enable include_metadata in the receiver and add " + - "`metadata_keys: [X-Sf-Token]` to the batch processor", - ) - } - receiverLock.Lock() r := receivers[rCfg] if r == nil { diff --git a/receiver/signalfxreceiver/receiver.go b/receiver/signalfxreceiver/receiver.go index 96fe5220f0896..04295ce140d74 100644 --- a/receiver/signalfxreceiver/receiver.go +++ b/receiver/signalfxreceiver/receiver.go @@ -28,7 +28,6 @@ import ( "go.uber.org/zap" "github.com/open-telemetry/opentelemetry-collector-contrib/internal/coreinternal/errorutil" - "github.com/open-telemetry/opentelemetry-collector-contrib/internal/splunk" "github.com/open-telemetry/opentelemetry-collector-contrib/pkg/translator/signalfx" "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/signalfxreceiver/internal/metadata" ) @@ -269,8 +268,6 @@ func (r *sfxReceiver) handleDatapointReq(resp http.ResponseWriter, req *http.Req return } - r.addAccessTokenLabel(md, req) - err := r.metricsConsumer.ConsumeMetrics(ctx, md) r.obsrecv.EndMetricsOp(ctx, metadata.Type.String(), dataPointCount, err) @@ -317,12 +314,6 @@ func (r *sfxReceiver) handleEventReq(resp http.ResponseWriter, req *http.Request sl := rl.ScopeLogs().AppendEmpty() signalFxV2EventsToLogRecords(msg.Events, sl.LogRecords()) - if r.config.AccessTokenPassthrough { - if accessToken := req.Header.Get(splunk.SFxAccessTokenHeader); accessToken != "" { - rl.Resource().Attributes().PutStr(splunk.SFxAccessTokenLabel, accessToken) - } - } - err := r.logsConsumer.ConsumeLogs(ctx, ld) r.obsrecv.EndMetricsOp( ctx, @@ -364,18 +355,6 @@ func (r *sfxReceiver) failRequest( ) } -func (r *sfxReceiver) addAccessTokenLabel(md pmetric.Metrics, req *http.Request) { - if r.config.AccessTokenPassthrough { - if accessToken := req.Header.Get(splunk.SFxAccessTokenHeader); accessToken != "" { - for i := 0; i < md.ResourceMetrics().Len(); i++ { - rm := md.ResourceMetrics().At(i) - res := rm.Resource() - res.Attributes().PutStr(splunk.SFxAccessTokenLabel, accessToken) - } - } - } -} - func initJSONResponse(s string) []byte { respBody, err := json.Marshal(s) if err != nil { diff --git a/receiver/signalfxreceiver/receiver_test.go b/receiver/signalfxreceiver/receiver_test.go index 1a7bbeec26307..175d61056fe6b 100644 --- a/receiver/signalfxreceiver/receiver_test.go +++ b/receiver/signalfxreceiver/receiver_test.go @@ -701,204 +701,6 @@ func Test_sfxReceiver_TLS(t *testing.T) { require.NoError(t, pmetrictest.CompareMetrics(want, got)) } -func Test_sfxReceiver_DatapointAccessTokenPassthrough(t *testing.T) { - tests := []struct { - name string - passthrough bool - token string - otlp bool - }{ - { - name: "No token provided and passthrough false", - passthrough: false, - token: "", - otlp: false, - }, - { - name: "No token provided and passthrough true", - passthrough: true, - token: "", - otlp: false, - }, - { - name: "token provided and passthrough false", - passthrough: false, - token: "myToken", - otlp: false, - }, - { - name: "token provided and passthrough true", - passthrough: true, - token: "myToken", - otlp: false, - }, - { - name: "No token provided and passthrough false for OTLP payload", - passthrough: false, - token: "", - otlp: true, - }, - { - name: "No token provided and passthrough true for OTLP payload", - passthrough: true, - token: "", - otlp: true, - }, - { - name: "token provided and passthrough false for OTLP payload", - passthrough: false, - token: "myToken", - otlp: true, - }, - { - name: "token provided and passthrough true for OTLP payload", - passthrough: true, - token: "myToken", - otlp: true, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - config := createDefaultConfig().(*Config) - config.Endpoint = "localhost:0" - config.AccessTokenPassthrough = tt.passthrough - - sink := new(consumertest.MetricsSink) - rcv, err := newReceiver(receivertest.NewNopSettings(metadata.Type), *config) - require.NoError(t, err) - rcv.RegisterMetricsConsumer(sink) - - currentTime := time.Now().Unix() * 1e3 - - var msgBytes []byte - var contentHeader string - if tt.otlp { - marshaler := &pmetric.ProtoMarshaler{} - msgBytes, err = marshaler.MarshalMetrics(*buildOtlpMetrics(5)) - require.NoError(t, err) - contentHeader = otlpProtobufContentType - } else { - sFxMsg := buildSFxDatapointMsg(currentTime, 13, 3) - msgBytes, _ = sFxMsg.Marshal() - contentHeader = "application/x-protobuf" - } - req := httptest.NewRequest(http.MethodPost, "http://localhost", bytes.NewReader(msgBytes)) - req.Header.Set("Content-Type", contentHeader) - if tt.token != "" { - req.Header.Set("x-sf-token", tt.token) - } - - w := httptest.NewRecorder() - rcv.handleDatapointReq(w, req) - - resp := w.Result() - respBytes, err := io.ReadAll(resp.Body) - assert.NoError(t, err) - defer resp.Body.Close() - - var bodyStr string - assert.NoError(t, json.Unmarshal(respBytes, &bodyStr)) - - assert.Equal(t, http.StatusOK, resp.StatusCode) - assert.Equal(t, responseOK, bodyStr) - - mds := sink.AllMetrics() - require.Len(t, mds, 1) - resource := mds[0].ResourceMetrics().At(0).Resource() - tokenLabel := "" - if label, ok := resource.Attributes().Get("com.splunk.signalfx.access_token"); ok { - tokenLabel = label.Str() - } - - if tt.passthrough { - assert.Equal(t, tt.token, tokenLabel) - } else { - assert.Empty(t, tokenLabel) - } - }) - } -} - -func Test_sfxReceiver_EventAccessTokenPassthrough(t *testing.T) { - tests := []struct { - name string - passthrough bool - token string - }{ - { - name: "No token provided and passthrough false", - passthrough: false, - token: "", - }, - { - name: "No token provided and passthrough true", - passthrough: true, - token: "", - }, - { - name: "token provided and passthrough false", - passthrough: false, - token: "myToken", - }, - { - name: "token provided and passthrough true", - passthrough: true, - token: "myToken", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - config := (NewFactory()).CreateDefaultConfig().(*Config) - config.Endpoint = "localhost:0" - config.AccessTokenPassthrough = tt.passthrough - - sink := new(consumertest.LogsSink) - rcv, err := newReceiver(receivertest.NewNopSettings(metadata.Type), *config) - require.NoError(t, err) - rcv.RegisterLogsConsumer(sink) - - currentTime := time.Now().Unix() * 1e3 - sFxMsg := buildSFxEventMsg(currentTime, 3) - msgBytes, _ := sFxMsg.Marshal() - req := httptest.NewRequest(http.MethodPost, "http://localhost", bytes.NewReader(msgBytes)) - req.Header.Set("Content-Type", "application/x-protobuf") - if tt.token != "" { - req.Header.Set("x-sf-token", tt.token) - } - - w := httptest.NewRecorder() - rcv.handleEventReq(w, req) - - resp := w.Result() - respBytes, err := io.ReadAll(resp.Body) - assert.NoError(t, err) - defer resp.Body.Close() - - var bodyStr string - assert.NoError(t, json.Unmarshal(respBytes, &bodyStr)) - - assert.Equal(t, http.StatusOK, resp.StatusCode) - assert.Equal(t, responseOK, bodyStr) - - got := sink.AllLogs() - require.Len(t, got, 1) - - tokenLabel := "" - if accessTokenAttr, ok := got[0].ResourceLogs().At(0).Resource().Attributes().Get("com.splunk.signalfx.access_token"); ok { - tokenLabel = accessTokenAttr.Str() - } - - if tt.passthrough { - assert.Equal(t, tt.token, tokenLabel) - } else { - assert.Empty(t, tokenLabel) - } - }) - } -} - func buildSFxDatapointMsg(time, value int64, dimensions uint) *sfxpb.DataPointUploadMessage { return &sfxpb.DataPointUploadMessage{ Datapoints: []*sfxpb.DataPoint{ diff --git a/receiver/signalfxreceiver/testdata/config.yaml b/receiver/signalfxreceiver/testdata/config.yaml index 64051e14e7918..5e3b457f6c1ae 100644 --- a/receiver/signalfxreceiver/testdata/config.yaml +++ b/receiver/signalfxreceiver/testdata/config.yaml @@ -3,7 +3,6 @@ signalfx/allsettings: # endpoint specifies the network interface and port which will receive # SignalFx metrics. endpoint: localhost:9943 - access_token_passthrough: true signalfx/tls: tls: cert_file: /test.crt From 3bd4a8f610e7eacdc47917669b95aac656ef04ff Mon Sep 17 00:00:00 2001 From: Jan Korona Date: Thu, 2 Oct 2025 17:35:32 +0200 Subject: [PATCH 2/2] Remove usage of deprecated access_token_passthrough config option --- .chloggen/signalfxreceiver_accesstokenpassthrough.yaml | 2 +- receiver/signalfxreceiver/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.chloggen/signalfxreceiver_accesstokenpassthrough.yaml b/.chloggen/signalfxreceiver_accesstokenpassthrough.yaml index c46430d52863e..7a44a50854d86 100644 --- a/.chloggen/signalfxreceiver_accesstokenpassthrough.yaml +++ b/.chloggen/signalfxreceiver_accesstokenpassthrough.yaml @@ -17,7 +17,7 @@ issues: [43048] # Use pipe (|) for multiline entries. subtext: | As access token passthrough option is no longer supported, to achieve similar behavior configure your collector - to use `headers_setter` extension to pass the access token. + to use the `headers_setter` extension to pass the access token. # If your change doesn't affect end users or the exported elements of any package, # you should instead start your pull request title with [chore] or use the "Skip Changelog" label. diff --git a/receiver/signalfxreceiver/README.md b/receiver/signalfxreceiver/README.md index 4aeb347d2260b..f172dab4e14aa 100644 --- a/receiver/signalfxreceiver/README.md +++ b/receiver/signalfxreceiver/README.md @@ -70,4 +70,4 @@ service: ## Access token passthrough Access token passthrough is no longer supported, to achieve similar behavior configure your collector -to use `headers_setter` extension to pass the access token. +to use the `headers_setter` extension to pass the access token.