different authentication backends

[till]

I'd like to contribute another backend to do authentication based on IPs that I assemble from our cloud setup. Happy to write the code, I am guessing this would need some kind of "pluggable" auth mechanism.

My goal would be to do something like:

# tenant_config
- authentication: openstack
  os_username:
  os_password:
  the_usual_openstack_variables_here:

And then integrate that would some code to e.g. walk through a domain/tenant, assemble IPs based on tags/metadata and populate auth-gateway with the necessary settings. The rules to assign resources from OpenStack to tenants could/should be left for the downstream implementation when people use this. I wouldn't make assumptions about how people organize their setups or what kind of flexibility they need.

We currently have a service in-house which is very similar to auth-gateway. The service acts as an IP-firewall and sits in front of our cortext setup. On the side we walk through different tenants on openstack (on an interval) and assign them to tenants for cortex based on instance metadata or networks resources are attached to.

The data is then used to allow remote write to Cortex.