[exporter/pulsar] [receiver/pulsar] Fix pulsarexporter and pulsarreceiver oauth2 flow

[pepperkick]

Description

As part of our project we needed Pulsar Exporter to work with oauth2 based IAM. But during configuration it was found that there is no proper way to provide client_secret to the exporter. Going through the Pulsar Client code, I found the keys which are needed to add and updated the config of Pulsar Exporter and Receiver accordingly.

Changes

• Added scope config field to accept Oauth2 scope value
• Added private_key config field to accept path to a private client credentials json file

Testing

Tested with Pulsar Cluster which is configured to work with OIDC Auth only in Kubernetes. Created the following k8s secret and mounted it inside the pod and configured the private_key path to it.

{
  "type": "client_credentials",
  "client_id": "pulsar-client",
  "client_secret": "<REDACTED>",
  "issuer_url": "https://example.com/oauth2"
}

Config

pulsar:
  auth:
    oauth2:
      audience: default
      client_id: pulsar-client
      issuer_url: https://example.com/oauth2
      scope: default
      private_key: /etc/secrets/auth.json

Able to successfully connect with Pulsar Cluster with this.

NOTE: If there is any error in Oauth2 flow, then the error is ignored. This is because Pulsar Client drops the error and does not return it during the NewAuthenticationOAuth2 flow.

[atoulme]

Can you add a test?

[atoulme]

Rerunning the tests - I see a codeowner approved, so will move past this step.

[pepperkick]

Can you add a test?

There are no pre existing tests around the oauth2 auth.
Also this is only config changes and actual functionality is handled by the Pulsar Client.

[otelbot]

Thank you for your contribution @pepperkick! 🎉 We would like to hear from you about your experience contributing to OpenTelemetry by taking a few minutes to fill out this survey. If you are getting started contributing, you can also join the CNCF Slack channel #opentelemetry-new-contributors to ask for guidance and get help.