From 8129921f8e0cf92d0b869336df3850ec4f4e9dde Mon Sep 17 00:00:00 2001
From: Eldar Nash <eldarnash80@gmail.com>
Date: Tue, 26 Sep 2023 18:54:48 +0200
Subject: [PATCH] Generalize gRPC authentication chunk

So it can be used both for opentelemetry and loki drivers
---
 .../destination-loki/_index.md                |  2 +-
 .../opentelemetry/_index.md                   |  2 +-
 .../chapter-sources/opentelemetry/_index.md   |  2 +-
 ...thentication.md => grpc-authentication.md} | 54 ++++++++++++++++---
 4 files changed, 49 insertions(+), 11 deletions(-)
 rename content/headless/chunk/{opentelemetry-authentication.md => grpc-authentication.md} (53%)

diff --git a/content/chapter-destinations/destination-loki/_index.md b/content/chapter-destinations/destination-loki/_index.md
index 5c1ca01f..0441120f 100644
--- a/content/chapter-destinations/destination-loki/_index.md
+++ b/content/chapter-destinations/destination-loki/_index.md
@@ -56,7 +56,7 @@ The `loki()` destination has the following options.
   { "target_service_accounts", KW_TARGET_SERVICE_ACCOUNTS },
    -->
 
-{{< include-headless "chunk/opentelemetry-authentication.md" >}}
+{{< include-headless "chunk/grpc-authentication.md" >}}
 <!-- FIXME generalize the authentication chunk, now it refers only to opentelemetry -->
 
 ## keep-alive()
diff --git a/content/chapter-destinations/opentelemetry/_index.md b/content/chapter-destinations/opentelemetry/_index.md
index 0539fd4e..ad6311a7 100644
--- a/content/chapter-destinations/opentelemetry/_index.md
+++ b/content/chapter-destinations/opentelemetry/_index.md
@@ -56,7 +56,7 @@ log non_otel_to_otel_tls {
 };
 ```
 
-{{< include-headless "chunk/opentelemetry-authentication.md" >}}
+{{< include-headless "chunk/grpc-authentication.md" >}}
 
 {{< include-headless "chunk/option-destination-threaded-batching.md" >}}
 
diff --git a/content/chapter-sources/opentelemetry/_index.md b/content/chapter-sources/opentelemetry/_index.md
index d73a77cc..febb76d1 100644
--- a/content/chapter-sources/opentelemetry/_index.md
+++ b/content/chapter-sources/opentelemetry/_index.md
@@ -29,7 +29,7 @@ log otel_forward_mode_alts {
 };
 ```
 
-{{< include-headless "chunk/opentelemetry-authentication.md" >}}
+{{< include-headless "chunk/grpc-authentication.md" >}}
 
 ## `port()` {#port}
 
diff --git a/content/headless/chunk/opentelemetry-authentication.md b/content/headless/chunk/grpc-authentication.md
similarity index 53%
rename from content/headless/chunk/opentelemetry-authentication.md
rename to content/headless/chunk/grpc-authentication.md
index 2cf8e27c..256ac51e 100644
--- a/content/headless/chunk/opentelemetry-authentication.md
+++ b/content/headless/chunk/grpc-authentication.md
@@ -1,20 +1,25 @@
 ---
 ---
 <!-- This file is under the copyright of Axoflow, and licensed under Apache License 2.0, except for using the Axoflow and AxoSyslog trademarks. -->
-## `auth()` {#auth}
 
-You can set authentication in the `auth()` option of the `opentelemetry()` driver. By default, authentication is disabled (`auth(insecure())`).
+<!-- Used in the opentelemetry() and loki() drivers -->
+## auth() {#auth}
+
+You can set authentication in the `auth()` option of the driver. By default, authentication is disabled (`auth(insecure())`).
 
 The following authentication methods are available in the `auth()` block:
 
-### `adc()` {#adc}
+### adc() {#adc}
 
 [Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). This authentication method is only available for destinations.
 
-### `alts()` {#alts}
+### alts() {#alts}
 
 [Application Layer Transport Security (ALTS)](https://grpc.io/docs/languages/cpp/alts/) is a simple to use authentication, only available within Google's infrastructure. It accepts the `target-service-account()` option, where you can list service accounts to match against when authenticating the server.
 
+{{< tabpane text=true right=true >}}
+{{% tab header="Driver:" disabled=true /%}}
+{{% tab header="`opentelemetry()`" lang="opentelemetry" %}}
 ```shell
 source {
     opentelemetry(
@@ -23,18 +28,33 @@ source {
     );
   };
 ```
+{{% /tab %}}
+{{% tab header="`loki()`" lang="loki" %}}
+```shell
+destination {
+    loki(
+      port(12345)
+      auth(alts())
+    );
+  };
+```
+{{% /tab %}}
+{{< /tabpane >}}
 
-### `insecure()` {#insecure}
+### insecure() {#insecure}
 
 This is the default method, authentication is disabled (`auth(insecure())`).
 
-### `tls()` {#tls}
+### tls() {#tls}
 
 <!-- FIXME xinclude these from the other tls blocks -->
 
 `tls()` accepts the `key-file()`, `cert-file()`, `ca-file()` and `peer-verify()` (possible values:
 `required-trusted`, `required-untrusted`, `optional-trusted` and `optional-untrusted`) options.
 
+{{< tabpane text=true right=true >}}
+{{% tab header="Driver:" disabled=true /%}}
+{{% tab header="`opentelemetry()`" lang="opentelemetry" %}}
 ```shell
 destination {
     opentelemetry(
@@ -49,8 +69,26 @@ destination {
     );
   };
 ```
+{{% /tab %}}
+{{% tab header="`loki()`" lang="loki" %}}
+```shell
+destination {
+    loki(
+      url("your-loki-server:12346")
+      auth(
+        tls(
+          ca-file("/path/to/ca.pem")
+          key-file("/path/to/key.pem")
+          cert-file("/path/to/cert.pem")
+        )
+      )
+    );
+  };
+```
+{{% /tab %}}
+{{< /tabpane >}}
 
 > Note:
 >
-> - `tls(peer-verify())` is not available for the `opentelemetry()` destination.
-> - The `opentelemetry()` drivers have a different `tls()` block implementation from the `network()` or `http()` drivers. Most features are the same.
+> - `tls(peer-verify())` is not available for the `opentelemetry()` and `loki()` destination.
+> - The gRPC-based drivers (`opentelemetry()` and `loki()`) have a different `tls()` block implementation from the `network()` or `http()` drivers. Most features are the same.