[extension/headersetter] Add support for chaining with other auth extensions (#44120)

#### Description
This PR adds support for chaining the `headersetter` extension with
other authentication extensions (e.g., OAuth2).
It introduces a new configuration parameter `additional_auth` in
headersetter and ensures that the additional auth extension is started
first using the Dependent interface.

#### Link to tracking issue
Fixes
[#43935](#43935)

---------

Signed-off-by: Kushal Shukla <[email protected]>

Author: kushalShukla-web

.chloggen/chaining.yaml

@@ -0,0 +1,30 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the component, or a single word describing the area of concern, (e.g. receiver/filelog)
+component: extension/headers_setter
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: "Add support for chaining with other auth extensions via `additional_auth` configuration parameter. This allows combining multiple authentication methods, such as OAuth2 for bearer token authentication and custom headers for additional metadata."
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [43797]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext: |
+  The `additional_auth` parameter enables the `headers_setter` extension to work in conjunction
+  with other authentication extensions like `oauth2client`. The additional auth extension is called
+  first to apply its authentication, then headers_setter adds its configured headers on top.
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: [user]

extension/headerssetterextension/README.md

@@ -23,7 +23,12 @@ header to the value extracted from the context.
 
 ## Configuration
 
-The following settings are required:
+The following settings are available:
+
+- `additional_auth` (Optional): The ID of another auth extension to chain with.
+  When specified, this extension will call the additional auth extension first,
+  then apply its own headers on top. This allows combining multiple authentication
+  methods, such as OAuth2 for authorization and custom headers for additional metadata.
 
 - `headers`: a list of header configuration objects that specify headers and
   their value sources. Each configuration object has the following properties:
@@ -100,6 +105,65 @@ service:
       exporters: [ loki ]
 ```
 
+## Chaining with other Auth Extensions
+
+The `headers_setter` extension can be chained with another authentication extension
+using the `additional_auth` parameter. This allows combining multiple authentication
+methods, such as OAuth2 for bearer token authentication and custom headers for
+additional metadata or routing information.
+
+### Example: Combining OAuth2 and Custom Headers
+
+```yaml
+extensions:
+  oauth2client:
+    client_id: someclientid
+    client_secret: someclientsecret
+    token_url: https://example.com/oauth2/default/v1/token
+    scopes: ["api.metrics"]
+    # The timeout parameter is optional
+    timeout: 2s
+
+  headers_setter:
+    # Chain with the oauth2client extension
+    additional_auth: oauth2client
+    headers:
+      - key: X-Scope-OrgID
+        value: acme-tenant
+      - key: X-Custom-Header
+        from_context: custom_metadata
+
+receivers:
+  otlp:
+    protocols:
+      http:
+        include_metadata: true
+
+exporters:
+  prometheusremotewrite:
+    endpoint: https://prometheus.example.com/api/v1/write
+    auth:
+      # Use headers_setter as the authenticator
+      # This will apply both OAuth2 and custom headers
+      authenticator: headers_setter
+
+service:
+  extensions: [oauth2client, headers_setter]
+  pipelines:
+    metrics:
+      receivers: [otlp]
+      exporters: [prometheusremotewrite]
+```
+
+In this configuration:
+1. The `oauth2client` extension provides OAuth2 bearer token authentication
+2. The `headers_setter` extension adds custom headers on top of the OAuth2 authentication
+3. When the exporter sends data, both authentication methods are applied:
+   - OAuth2 adds the `Authorization: Bearer <token>` header
+   - Headers setter adds `X-Scope-OrgID` and `X-Custom-Header` headers
+4. The collector ensures the `oauth2client` extension starts before `headers_setter`
+   due to the dependency relationship
+
 [batch-processor]: https://github.com/open-telemetry/opentelemetry-collector/tree/main/processor/batchprocessor/README.md
 [batch-processor-preserve-metadata]: https://github.com/open-telemetry/opentelemetry-collector/tree/main/processor/batchprocessor/README.md#batching-and-client-metadata