This is documentation for the next version of Grafana Alloy Documentation. For the latest stable release, go to the latest version.

Documentationbreadcrumb arrow Grafana Alloybreadcrumb arrow Referencebreadcrumb arrow Componentsbreadcrumb arrow otelcolbreadcrumb arrow otelcol.auth.google
Public preview Open source

otelcol.auth.google

Public preview: This is a public preview component. Public preview components are subject to breaking changes, and may be replaced with equivalent functionality that cover the same use case. To enable and use a public preview component, you must set the stability.level flag to public-preview or below.

otelcol.auth.google exposes a handler that other otelcol components can use to authenticate requests using Google Application Default Credentials.

This component only supports client authentication.

The authorization tokens can be used by HTTP and gRPC based OpenTelemetry exporters. This component can fetch and refresh expired tokens automatically. Refer to the Google Cloud Documentation for more information about Application Default Credentials.

Note

otelcol.auth.google is a wrapper over the upstream OpenTelemetry Collector googleclientauth extension. Bug reports or feature requests will be redirected to the upstream repository, if necessary.

You can specify multiple otelcol.auth.google components by giving them different labels.

Usage

Alloy 
otelcol.auth.google "<LABEL>" {
    project     = "<PROJECT_ID>"
}

Arguments

You can use the following arguments with otelcol.auth.google:

NameTypeDescriptionDefaultRequired
audiencestringThe audience claim used for generating an ID token.no
projectstringThe project telemetry is sent to.no
quota_projectstringA project for quota and billing purposes.no
scopeslist(string)Requested permissions associated with the client.[]no
token_typestringThe type of token to generate. One of access_token or id_tokenaccess_tokenno

If project isn’t set, Alloy uses the project from the Application Default Credentials.

Blocks

You can use the following blocks with otelcol.auth.google:

BlockDescriptionRequired
debug_metricsConfigures the metrics that this component generates to monitor its state.no

debug_metrics

The debug_metrics block configures the metrics that this component generates to monitor its state.

The following arguments are supported:

NameTypeDescriptionDefaultRequired
disable_high_cardinality_metricsbooleanWhether to disable certain high cardinality metrics.trueno

disable_high_cardinality_metrics is the Alloy equivalent to the telemetry.disableHighCardinalityMetrics feature gate in the OpenTelemetry Collector. It removes attributes that could cause high cardinality metrics. For example, attributes with IP addresses and port numbers in metrics about HTTP and gRPC connections are removed.

Note

If configured, disable_high_cardinality_metrics only applies to otelcol.exporter.* and otelcol.receiver.* components.

Exported fields

The following fields are exported and can be referenced by other components:

NameTypeDescription
handlercapsule(otelcol.Handler)A value that other components can use to authenticate requests.

Component health

otelcol.auth.google is only reported as unhealthy if given an invalid configuration.

Debug information

otelcol.auth.google doesn’t expose any component-specific debug information.

Example

This example configures otelcol.exporter.otlp to use otelcol.auth.google for authentication:

Alloy 
otelcol.exporter.otlp "google" {
  client {
    endpoint = "telemetry.googleapis.com"
    auth     = otelcol.auth.google.creds.handler
  }
}

otelcol.auth.google "creds" {
    project = "myproject"
}