Skip to content

Add credentials option to OTLP gRPC client #3402

New issue
New issue
Closed
#3403
Closed
Add credentials option to OTLP gRPC client#3402
#3403
Labels
triage/acceptedIndicates an issue or PR is ready to be actively worked on.
@DouglasHeriot

Description

@DouglasHeriot
DouglasHeriot
opened on May 12, 2025

The Problem

There is no way to specify gRPC “call credentials” for the OTLP exporter. This is required when using short-lived tokens that must be refreshed which cannot be set at creation time using the metadata option.

This is required by the Google Cloud OTLP endpoint that uses Access Token credentials.

Proposed Solution

I would like to add a credentials option to OtlpGrpcClientOptions that allows specifying a ChannelCredentials object, rather than it being created in OtlpGrpcClient::MakeChannel with either grpc::SslCredentials() or grpc::InsecureChannelCredentials().

It would allow using a custom MetadataCredentialsPlugin subclass to support arbitrary authentication methods, or an existing implementation like GoogleDefaultCredentials() for use with GCP APIs.
This is similar to the solution used by OpenTelemetry Python – its OTLP exporters have a credentials parameter.

Alternatives Considered

  • Allow passing a gRPC channel into the exporter, rather than just its credentials. This would be similar to the Go implementation, and has the additional benefit of better supporting mocking the client for unit testing. However it’s slightly more effort for users, so could be added in addition to the credentials option?
  • Support subclassing OtlpGrpcClient – currently there are no virtual methods, and the method I’d like to override MakeChannel is static. If it was made virtual, users could subclass the client to produce the gRPC channel however they need. However this could be harder to maintain compatilibity if the implementaiton of the client needs to change in the future.
  • Change existing exporter constructors from private to public, that allow passing a gRPC service stub. These are currently used in tests – I’m not sure what happens here if the OtlpGrpcClient is different to the stub actually used by the exporter.
  • Allow calling a function to generate headers like Java implementation. This is not easily compatible with gRPC credentials objects without boilerplate to extract from them and insert into metadata.

Metadata

Metadata

Assignees

No one assigned

    Labels

    triage/acceptedIndicates an issue or PR is ready to be actively worked on.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions