Merge branch 'main' into update-auth-extension-config

Author: psx95

.github/workflows/auto-spotless-check.yml

@@ -25,7 +25,7 @@ jobs:
           java-version: 17
 
       - name: Set up gradle
-        uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
+        uses: gradle/actions/setup-gradle@8379f6a1328ee0e06e2bb424dadb7b159856a326 # v4.4.0
         with:
           cache-read-only: true
 

buildSrc/build.gradle.kts

@@ -1,7 +1,7 @@
 plugins {
   `kotlin-dsl`
   // When updating, update below in dependencies too
-  id("com.diffplug.spotless") version "7.0.3"
+  id("com.diffplug.spotless") version "7.0.4"
 }
 
 repositories {
@@ -12,7 +12,7 @@ repositories {
 
 dependencies {
   // When updating, update above in plugins too
-  implementation("com.diffplug.spotless:spotless-plugin-gradle:7.0.3")
+  implementation("com.diffplug.spotless:spotless-plugin-gradle:7.0.4")
   implementation("net.ltgt.gradle:gradle-errorprone-plugin:4.2.0")
   implementation("net.ltgt.gradle:gradle-nullaway-plugin:2.2.0")
   implementation("org.owasp:dependency-check-gradle:12.1.1")

dependencyManagement/build.gradle.kts

@@ -28,7 +28,7 @@ dependencies {
     api("com.google.errorprone:error_prone_annotations:2.38.0")
     api("com.google.errorprone:error_prone_core:2.38.0")
     api("io.github.netmikey.logunit:logunit-jul:2.0.0")
-    api("io.opentelemetry.proto:opentelemetry-proto:1.5.0-alpha")
+    api("io.opentelemetry.proto:opentelemetry-proto:1.7.0-alpha")
     api("io.prometheus:simpleclient:0.16.0")
     api("io.prometheus:simpleclient_common:0.16.0")
     api("io.prometheus:simpleclient_httpserver:0.16.0")

disk-buffering/build.gradle.kts

@@ -28,7 +28,7 @@ dependencies {
   testImplementation("org.mockito:mockito-inline")
   testImplementation("io.opentelemetry:opentelemetry-sdk-testing")
 
-  protos("io.opentelemetry.proto:opentelemetry-proto:1.5.0-alpha@jar")
+  protos("io.opentelemetry.proto:opentelemetry-proto:1.7.0-alpha@jar")
 }
 
 animalsniffer {

gcp-auth-extension/README.md

@@ -47,6 +47,10 @@ Here is a list of required and optional configuration available for the extensio
 
   - Can also be configured using `google.cloud.quota.project` system property.
 
+- `GOOGLE_OTEL_AUTH_TARGET_SIGNALS`: Environment variable that specifies a comma-separated list of OpenTelemetry signals for which this authentication extension should be active. Valid values contain - `metrics`, `traces` or `all`. If left unspecified, `all` is assumed meaning the extension will attempt to apply authentication to exports for all signals.
+
+  - Can also be configured using `google.otel.auth.target.signals` system property.
+
 ## Usage
 
 ### With OpenTelemetry Java agent

gcp-auth-extension/build.gradle.kts

@@ -41,7 +41,7 @@ dependencies {
   testImplementation("org.mockito:mockito-inline")
   testImplementation("org.mockito:mockito-junit-jupiter")
   testImplementation("org.mock-server:mockserver-netty:5.15.0")
-  testImplementation("io.opentelemetry.proto:opentelemetry-proto:1.5.0-alpha")
+  testImplementation("io.opentelemetry.proto:opentelemetry-proto:1.7.0-alpha")
   testImplementation("org.springframework.boot:spring-boot-starter-web:2.7.18")
   testImplementation("org.springframework.boot:spring-boot-starter:2.7.18")
   testImplementation("org.springframework.boot:spring-boot-starter-test:2.7.18")

gcp-auth-extension/src/main/java/io/opentelemetry/contrib/gcp/auth/ConfigurableOption.java

@@ -31,7 +31,27 @@ enum ConfigurableOption {
    * href="https://cloud.google.com/docs/quotas/set-quota-project">official GCP client
    * libraries</a>.
    */
-  GOOGLE_CLOUD_QUOTA_PROJECT("Google Cloud Quota Project ID");
+  GOOGLE_CLOUD_QUOTA_PROJECT("Google Cloud Quota Project ID"),
+
+  /**
+   * Specifies a comma-separated list of OpenTelemetry signals for which this authentication
+   * extension should be active. The authentication mechanisms provided by this extension will only
+   * be applied to the listed signals. If not set, {@code all} is assumed to be set which means
+   * authentication is enabled for all supported signals.
+   *
+   * <p>Valid signal values are:
+   *
+   * <ul>
+   *   <li>{@code metrics} - Enables authentication for metric exports.
+   *   <li>{@code traces} - Enables authentication for trace exports.
+   *   <li>{@code all} - Enables authentication for all exports.
+   * </ul>
+   *
+   * <p>The values are case-sensitive. Whitespace around commas and values is ignored. Can be
+   * configured using the environment variable `GOOGLE_OTEL_AUTH_TARGET_SIGNALS` or the system
+   * property `google.otel.auth.target.signals`.
+   */
+  GOOGLE_OTEL_AUTH_TARGET_SIGNALS("Target Signals for Google Auth Extension");
 
   private final String userReadableName;
   private final String environmentVariableName;

gcp-auth-extension/src/main/java/io/opentelemetry/contrib/gcp/auth/GcpAuthAutoConfigurationCustomizerProvider.java

@@ -10,21 +10,28 @@
 import io.opentelemetry.api.common.AttributeKey;
 import io.opentelemetry.api.common.Attributes;
 import io.opentelemetry.contrib.gcp.auth.GoogleAuthException.Reason;
+import io.opentelemetry.exporter.otlp.http.metrics.OtlpHttpMetricExporter;
+import io.opentelemetry.exporter.otlp.http.metrics.OtlpHttpMetricExporterBuilder;
 import io.opentelemetry.exporter.otlp.http.trace.OtlpHttpSpanExporter;
 import io.opentelemetry.exporter.otlp.http.trace.OtlpHttpSpanExporterBuilder;
+import io.opentelemetry.exporter.otlp.metrics.OtlpGrpcMetricExporter;
+import io.opentelemetry.exporter.otlp.metrics.OtlpGrpcMetricExporterBuilder;
 import io.opentelemetry.exporter.otlp.trace.OtlpGrpcSpanExporter;
 import io.opentelemetry.exporter.otlp.trace.OtlpGrpcSpanExporterBuilder;
 import io.opentelemetry.sdk.autoconfigure.spi.AutoConfigurationCustomizer;
 import io.opentelemetry.sdk.autoconfigure.spi.AutoConfigurationCustomizerProvider;
 import io.opentelemetry.sdk.autoconfigure.spi.ConfigProperties;
+import io.opentelemetry.sdk.metrics.export.MetricExporter;
 import io.opentelemetry.sdk.resources.Resource;
 import io.opentelemetry.sdk.trace.export.SpanExporter;
 import java.io.IOException;
+import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.stream.Collectors;
+import javax.annotation.Nonnull;
 
 /**
  * An AutoConfigurationCustomizerProvider for Google Cloud Platform (GCP) OpenTelemetry (OTLP)
@@ -46,13 +53,29 @@ public class GcpAuthAutoConfigurationCustomizerProvider
   static final String QUOTA_USER_PROJECT_HEADER = "x-goog-user-project";
   static final String GCP_USER_PROJECT_ID_KEY = "gcp.project_id";
 
+  static final String SIGNAL_TYPE_TRACES = "traces";
+  static final String SIGNAL_TYPE_METRICS = "metrics";
+  static final String SIGNAL_TYPE_ALL = "all";
+
   /**
-   * Customizes the provided {@link AutoConfigurationCustomizer}.
+   * Customizes the provided {@link AutoConfigurationCustomizer} such that authenticated exports to
+   * GCP Telemetry API are possible from the configured OTLP exporter.
    *
    * <p>This method attempts to retrieve Google Application Default Credentials (ADC) and performs
-   * the following: - Adds authorization headers to the configured {@link SpanExporter} based on the
-   * retrieved credentials. - Adds default properties for OTLP endpoint and resource attributes for
-   * GCP integration.
+   * the following:
+   *
+   * <ul>
+   *   <li>Verifies whether the configured OTLP endpoint (base or signal specific) is a known GCP
+   *       endpoint.
+   *   <li>If the configured base OTLP endpoint is a known GCP Telemetry API endpoint, customizes
+   *       both the configured OTLP {@link SpanExporter} and {@link MetricExporter}.
+   *   <li>If the configured signal specific endpoint is a known GCP Telemetry API endpoint,
+   *       customizes only the signal specific exporter.
+   * </ul>
+   *
+   * The 'customization' performed includes customizing the exporters by adding required headers to
+   * the export calls made and customizing the resource by adding required resource attributes to
+   * enable GCP integration.
    *
    * @param autoConfiguration the AutoConfigurationCustomizer to customize.
    * @throws GoogleAuthException if there's an error retrieving Google Application Default
@@ -61,7 +84,7 @@ public class GcpAuthAutoConfigurationCustomizerProvider
    *     not configured through environment variables or system properties.
    */
   @Override
-  public void customize(AutoConfigurationCustomizer autoConfiguration) {
+  public void customize(@Nonnull AutoConfigurationCustomizer autoConfiguration) {
     GoogleCredentials credentials;
     try {
       credentials = GoogleCredentials.getApplicationDefault();
@@ -70,8 +93,11 @@ public void customize(AutoConfigurationCustomizer autoConfiguration) {
     }
     autoConfiguration
         .addSpanExporterCustomizer(
-            (exporter, configProperties) ->
-                addAuthorizationHeaders(exporter, credentials, configProperties))
+            (spanExporter, configProperties) ->
+                customizeSpanExporter(spanExporter, credentials, configProperties))
+        .addMetricExporterCustomizer(
+            (metricExporter, configProperties) ->
+                customizeMetricExporter(metricExporter, credentials, configProperties))
         .addResourceCustomizer(GcpAuthAutoConfigurationCustomizerProvider::customizeResource);
   }
 
@@ -80,6 +106,34 @@ public int order() {
     return Integer.MAX_VALUE - 1;
   }
 
+  private static SpanExporter customizeSpanExporter(
+      SpanExporter exporter, GoogleCredentials credentials, ConfigProperties configProperties) {
+    if (isSignalTargeted(SIGNAL_TYPE_TRACES, configProperties)) {
+      return addAuthorizationHeaders(exporter, credentials, configProperties);
+    }
+    return exporter;
+  }
+
+  private static MetricExporter customizeMetricExporter(
+      MetricExporter exporter, GoogleCredentials credentials, ConfigProperties configProperties) {
+    if (isSignalTargeted(SIGNAL_TYPE_METRICS, configProperties)) {
+      return addAuthorizationHeaders(exporter, credentials, configProperties);
+    }
+    return exporter;
+  }
+
+  // Checks if the auth extension is configured to target the passed signal for authentication.
+  private static boolean isSignalTargeted(String checkSignal, ConfigProperties configProperties) {
+    String userSpecifiedTargetedSignals =
+        ConfigurableOption.GOOGLE_OTEL_AUTH_TARGET_SIGNALS.getConfiguredValueWithFallback(
+            configProperties, () -> SIGNAL_TYPE_ALL);
+    return Arrays.stream(userSpecifiedTargetedSignals.split(","))
+        .map(String::trim)
+        .anyMatch(
+            targetedSignal ->
+                targetedSignal.equals(checkSignal) || targetedSignal.equals(SIGNAL_TYPE_ALL));
+  }
+
   // Adds authorization headers to the calls made by the OtlpGrpcSpanExporter and
   // OtlpHttpSpanExporter.
   private static SpanExporter addAuthorizationHeaders(
@@ -98,6 +152,24 @@ private static SpanExporter addAuthorizationHeaders(
     return exporter;
   }
 
+  // Adds authorization headers to the calls made by the OtlpGrpcMetricExporter and
+  // OtlpHttpMetricExporter.
+  private static MetricExporter addAuthorizationHeaders(
+      MetricExporter exporter, GoogleCredentials credentials, ConfigProperties configProperties) {
+    if (exporter instanceof OtlpHttpMetricExporter) {
+      OtlpHttpMetricExporterBuilder builder =
+          ((OtlpHttpMetricExporter) exporter)
+              .toBuilder().setHeaders(() -> getRequiredHeaderMap(credentials, configProperties));
+      return builder.build();
+    } else if (exporter instanceof OtlpGrpcMetricExporter) {
+      OtlpGrpcMetricExporterBuilder builder =
+          ((OtlpGrpcMetricExporter) exporter)
+              .toBuilder().setHeaders(() -> getRequiredHeaderMap(credentials, configProperties));
+      return builder.build();
+    }
+    return exporter;
+  }
+
   private static Map<String, String> getRequiredHeaderMap(
       GoogleCredentials credentials, ConfigProperties configProperties) {
     Map<String, List<String>> gcpHeaders;