feat: add prometheus.write.queue bearer token auth (#1914)

* feat: add prometheus.write.queue bearer token auth

* chore: add changelog entry

CHANGELOG.md

@@ -45,6 +45,8 @@ Main (unreleased)
 - `prometheus.exporter.cloudwatch`: The `discovery` block now has a `recently_active_only` configuration attribute 
   to return only metrics which have been active in the last 3 hours.
 
+- Add Prometheus bearer authentication to a `prometheus.write.queue` component (@freak12techno)
+
 ### Bugfixes
 
 - Fixed a bug in `import.git` which caused a `"non-fast-forward update"` error message. (@ptodev)

docs/sources/reference/components/prometheus/prometheus.write.queue.md

@@ -83,16 +83,17 @@ The `endpoint` block describes a single location to send metrics to. Multiple
 
 The following arguments are supported:
 
-Name | Type | Description                                                      | Default | Required
----- | ---- |------------------------------------------------------------------| ------ | --------
-`url` | `string` | Full URL to send metrics to.                                     | | yes
-`write_timeout` | `duration` | Timeout for requests made to the URL.                            | `"30s"` | no
-`retry_backoff` | `duration` | How often to wait between retries.                               | `1s` | no
-`max_retry_attempts` | Maximum number of retries before dropping the batch. | `0`                                                              | no
-`batch_count` | `uint` | How many series to queue in each queue.                          | `1000` | no
-`flush_interval` | `duration` | How often to wait until sending if `batch_count` is not trigger. | `1s` | no
-`parallelism` | `uint` | How many parallel batches to write.                              | 10 | no
-`external_labels` | `map(string)` | Labels to add to metrics sent over the network.                  | | no
+Name | Type | Description                                                        | Default | Required
+---- | ---- |--------------------------------------------------------------------| ------ | --------
+`url` | `string` | Full URL to send metrics to.                                       | | yes
+`bearer_token` | `secret` | Bearer token to authenticate with.                                 |  | no
+`write_timeout` | `duration` | Timeout for requests made to the URL.                              | `"30s"` | no
+`retry_backoff` | `duration` | How often to wait between retries.                                 | `1s` | no
+`max_retry_attempts` | Maximum number of retries before dropping the batch. | `0`                                                                | no
+`batch_count` | `uint` | How many series to queue in each queue.                            | `1000` | no
+`flush_interval` | `duration` | How often to wait until sending if `batch_count` is not triggered. | `1s` | no
+`parallelism` | `uint` | How many parallel batches to write.                                | 10 | no
+`external_labels` | `map(string)` | Labels to add to metrics sent over the network.                    | | no
 
 ### basic_auth block
 

internal/component/prometheus/write/queue/network/loop.go

@@ -197,6 +197,8 @@ func (l *loop) send(ctx context.Context, retryCount int) sendResult {
 	httpReq.Header.Set("X-Prometheus-Remote-Write-Version", "0.1.0")
 	if l.cfg.BasicAuth != nil {
 		httpReq.SetBasicAuth(l.cfg.BasicAuth.Username, l.cfg.BasicAuth.Password)
+	} else if l.cfg.BearerToken != "" {
+		httpReq.Header.Set("Authorization", "Bearer "+string(l.cfg.BearerToken))
 	}
 
 	if retryCount > 0 {

internal/component/prometheus/write/queue/types.go

@@ -73,10 +73,11 @@ func (r *Arguments) Validate() error {
 
 // EndpointConfig is the alloy specific version of ConnectionConfig.
 type EndpointConfig struct {
-	Name      string        `alloy:",label"`
-	URL       string        `alloy:"url,attr"`
-	BasicAuth *BasicAuth    `alloy:"basic_auth,block,optional"`
-	Timeout   time.Duration `alloy:"write_timeout,attr,optional"`
+	Name        string            `alloy:",label"`
+	URL         string            `alloy:"url,attr"`
+	BasicAuth   *BasicAuth        `alloy:"basic_auth,block,optional"`
+	BearerToken alloytypes.Secret `alloy:"bearer_token,attr,optional"`
+	Timeout     time.Duration     `alloy:"write_timeout,attr,optional"`
 	// How long to wait between retries.
 	RetryBackoff time.Duration `alloy:"retry_backoff,attr,optional"`
 	// Maximum number of retries.
@@ -95,6 +96,7 @@ var UserAgent = fmt.Sprintf("Alloy/%s", version.Version)
 func (cc EndpointConfig) ToNativeType() types.ConnectionConfig {
 	tcc := types.ConnectionConfig{
 		URL:              cc.URL,
+		BearerToken:      cc.BearerToken,
 		UserAgent:        UserAgent,
 		Timeout:          cc.Timeout,
 		RetryBackoff:     cc.RetryBackoff,

internal/component/prometheus/write/queue/types/network.go

@@ -2,6 +2,7 @@ package types
 
 import (
 	"context"
+	"github.com/grafana/alloy/syntax/alloytypes"
 	"reflect"
 	"time"
 )
@@ -18,6 +19,7 @@ type NetworkClient interface {
 type ConnectionConfig struct {
 	URL              string
 	BasicAuth        *BasicAuth
+	BearerToken      alloytypes.Secret
 	UserAgent        string
 	Timeout          time.Duration
 	RetryBackoff     time.Duration