Add GCP auth extension implementation

Author: psx95

gcp-auth-extension/build.gradle.kts

@@ -1,13 +1,25 @@
 plugins {
   id("otel.java-conventions")
-
   id("otel.publish-conventions")
+  id("com.github.johnrengelman.shadow")
 }
 
 description = "OpenTelemetry Java Agent Extension that enables authentication support for OTLP exporters"
 otelJava.moduleName.set("io.opentelemetry.contrib.gcp.auth")
 
 dependencies {
+  annotationProcessor("com.google.auto.service:auto-service")
+  compileOnly("com.google.auto.service:auto-service-annotations")
+
+  // We use `compileOnly` dependency because during runtime all necessary classes are provided by
+  // javaagent itself.
+  compileOnly("io.opentelemetry:opentelemetry-api")
+  compileOnly("io.opentelemetry:opentelemetry-sdk-extension-autoconfigure")
+  compileOnly("io.opentelemetry:opentelemetry-exporter-otlp")
+
+  // Only dependencies added to `implementation` configuration will be picked up by Shadow plugin
+  implementation("com.google.auth:google-auth-library-oauth2-http:1.30.1")
+
   testImplementation("org.junit.jupiter:junit-jupiter")
   testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
 }

gcp-auth-extension/src/main/java/io/opentelemetry/contrib/gcp/auth/ConfigurableOption.java

@@ -0,0 +1,93 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.contrib.gcp.auth;
+
+import io.opentelemetry.sdk.autoconfigure.spi.ConfigurationException;
+import java.util.Locale;
+import java.util.function.Supplier;
+
+/**
+ * An enum representing configurable options for a GCP Authentication Extension. Each option has a
+ * user-readable name and can be configured using environment variables or system properties.
+ */
+public enum ConfigurableOption {
+  /**
+   * Represents the Google Cloud Project ID option. Can be configured using the environment variable
+   * `GOOGLE_CLOUD_PROJECT` or the system property `google.cloud.project`.
+   */
+  GOOGLE_CLOUD_PROJECT("Google Cloud Project ID");
+
+  private final String userReadableName;
+  private final String environmentVariableName;
+  private final String systemPropertyName;
+
+  ConfigurableOption(String userReadableName) {
+    this.userReadableName = userReadableName;
+    this.environmentVariableName = this.name();
+    this.systemPropertyName =
+        this.environmentVariableName.toLowerCase(Locale.ENGLISH).replace('_', '.');
+  }
+
+  /**
+   * Returns the environment variable name associated with this option.
+   *
+   * @return the environment variable name (e.g., GOOGLE_CLOUD_PROJECT)
+   */
+  String getEnvironmentVariable() {
+    return this.environmentVariableName;
+  }
+
+  /**
+   * Returns the system property name associated with this option.
+   *
+   * @return the system property name (e.g., google.cloud.project)
+   */
+  String getSystemProperty() {
+    return this.systemPropertyName;
+  }
+
+  /**
+   * Retrieves the configured value for this option. This method checks the environment variable
+   * first and then the system property.
+   *
+   * @return The configured value as a string, or throws an exception if not configured.
+   * @throws ConfigurationException if neither the environment variable nor the system property is
+   *     set.
+   */
+  String getConfiguredValue() {
+    String envVar = System.getenv(this.getEnvironmentVariable());
+    String sysProp = System.getProperty(this.getSystemProperty());
+
+    if (envVar != null && !envVar.isEmpty()) {
+      return envVar;
+    } else if (sysProp != null && !sysProp.isEmpty()) {
+      return sysProp;
+    } else {
+      throw new ConfigurationException(
+          String.format(
+              "GCP Authentication Extension not configured properly: %s not configured. Configure it by exporting environment variable %s or system property %s",
+              this.userReadableName, this.getEnvironmentVariable(), this.getSystemProperty()));
+    }
+  }
+
+  /**
+   * Retrieves the value for this option, prioritizing environment variables and system properties.
+   * If neither an environment variable nor a system property is set for this option, the provided
+   * fallback function is used to determine the value.
+   *
+   * @param fallback A {@link Supplier} that provides the default value for the option when it is
+   *     not explicitly configured via an environment variable or system property.
+   * @return The configured value for the option, obtained from the environment variable, system
+   *     property, or the fallback function, in that order of precedence.
+   */
+  String getConfiguredValueWithFallback(Supplier<String> fallback) {
+    try {
+      return this.getConfiguredValue();
+    } catch (ConfigurationException e) {
+      return fallback.get();
+    }
+  }
+}

gcp-auth-extension/src/main/java/io/opentelemetry/contrib/gcp/auth/GcpAuthAutoConfigurationCustomizerProvider.java

@@ -0,0 +1,126 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.contrib.gcp.auth;
+
+import com.google.auth.oauth2.GoogleCredentials;
+import com.google.auto.service.AutoService;
+import io.opentelemetry.api.common.AttributeKey;
+import io.opentelemetry.api.common.Attributes;
+import io.opentelemetry.contrib.gcp.auth.GoogleAuthException.Reason;
+import io.opentelemetry.exporter.otlp.http.trace.OtlpHttpSpanExporter;
+import io.opentelemetry.exporter.otlp.http.trace.OtlpHttpSpanExporterBuilder;
+import io.opentelemetry.exporter.otlp.trace.OtlpGrpcSpanExporter;
+import io.opentelemetry.exporter.otlp.trace.OtlpGrpcSpanExporterBuilder;
+import io.opentelemetry.sdk.autoconfigure.spi.AutoConfigurationCustomizer;
+import io.opentelemetry.sdk.autoconfigure.spi.AutoConfigurationCustomizerProvider;
+import io.opentelemetry.sdk.autoconfigure.spi.ConfigProperties;
+import io.opentelemetry.sdk.resources.Resource;
+import io.opentelemetry.sdk.trace.export.SpanExporter;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * An AutoConfigurationCustomizerProvider for Google Cloud Platform (GCP) OpenTelemetry (OTLP)
+ * integration.
+ *
+ * <p>This class is registered as a service provider using {@link AutoService} and is responsible
+ * for customizing the OpenTelemetry configuration for GCP specific behavior. It retrieves Google
+ * Application Default Credentials (ADC) and adds them as authorization headers to the configured
+ * {@link SpanExporter}. It also sets default properties and resource attributes for GCP
+ * integration.
+ *
+ * @see AutoConfigurationCustomizerProvider
+ * @see GoogleCredentials
+ */
+@AutoService(AutoConfigurationCustomizerProvider.class)
+public class GcpAuthAutoConfigurationCustomizerProvider
+    implements AutoConfigurationCustomizerProvider {
+
+  static final String QUOTA_USER_PROJECT_HEADER = "X-Goog-User-Project";
+  static final String GCP_USER_PROJECT_ID_KEY = "gcp.project_id";
+
+  /**
+   * Customizes the provided {@link AutoConfigurationCustomizer}.
+   *
+   * <p>This method attempts to retrieve Google Application Default Credentials (ADC) and performs
+   * the following: - Adds authorization headers to the configured {@link SpanExporter} based on the
+   * retrieved credentials. - Adds default properties for OTLP endpoint and resource attributes for
+   * GCP integration.
+   *
+   * @param autoConfiguration the AutoConfigurationCustomizer to customize.
+   * @throws GoogleAuthException if there's an error retrieving Google Application Default
+   *     Credentials.
+   * @throws io.opentelemetry.sdk.autoconfigure.spi.ConfigurationException if required options are
+   *     not configured through environment variables or system properties.
+   */
+  @Override
+  public void customize(AutoConfigurationCustomizer autoConfiguration) {
+    try {
+      GoogleCredentials credentials = GoogleCredentials.getApplicationDefault();
+      autoConfiguration
+          .addSpanExporterCustomizer(
+              (exporter, configProperties) -> addAuthorizationHeaders(exporter, credentials))
+          .addResourceCustomizer(GcpAuthAutoConfigurationCustomizerProvider::customizeResource);
+    } catch (IOException e) {
+      throw new GoogleAuthException(Reason.FAILED_ADC_RETRIEVAL, e);
+    }
+  }
+
+  @Override
+  public int order() {
+    return Integer.MAX_VALUE - 1;
+  }
+
+  // Adds authorization headers to the calls made by the OtlpGrpcSpanExporter and
+  // OtlpHttpSpanExporter.
+  private static SpanExporter addAuthorizationHeaders(
+      SpanExporter exporter, GoogleCredentials credentials) {
+    if (exporter instanceof OtlpHttpSpanExporter) {
+      OtlpHttpSpanExporterBuilder builder =
+          ((OtlpHttpSpanExporter) exporter)
+              .toBuilder().setHeaders(() -> getRequiredHeaderMap(credentials));
+      return builder.build();
+    } else if (exporter instanceof OtlpGrpcSpanExporter) {
+      OtlpGrpcSpanExporterBuilder builder =
+          ((OtlpGrpcSpanExporter) exporter)
+              .toBuilder().setHeaders(() -> getRequiredHeaderMap(credentials));
+      return builder.build();
+    }
+    return exporter;
+  }
+
+  private static Map<String, String> getRequiredHeaderMap(GoogleCredentials credentials) {
+    Map<String, String> gcpHeaders = new HashMap<>();
+    try {
+      credentials.refreshIfExpired();
+    } catch (IOException e) {
+      throw new GoogleAuthException(Reason.FAILED_ADC_REFRESH, e);
+    }
+    gcpHeaders.put(QUOTA_USER_PROJECT_HEADER, credentials.getQuotaProjectId());
+    gcpHeaders.put("Authorization", "Bearer " + credentials.getAccessToken().getTokenValue());
+    return gcpHeaders;
+  }
+
+  // Updates the current resource with the attributes required for ingesting OTLP data on GCP.
+  private static Resource customizeResource(Resource resource, ConfigProperties configProperties) {
+    String gcpProjectId =
+        ConfigurableOption.GOOGLE_CLOUD_PROJECT.getConfiguredValueWithFallback(
+            () -> {
+              try {
+                GoogleCredentials googleCredentials = GoogleCredentials.getApplicationDefault();
+                return googleCredentials.getQuotaProjectId();
+              } catch (IOException e) {
+                throw new GoogleAuthException(Reason.FAILED_ADC_RETRIEVAL, e);
+              }
+            });
+
+    Resource res =
+        Resource.create(
+            Attributes.of(AttributeKey.stringKey(GCP_USER_PROJECT_ID_KEY), gcpProjectId));
+    return resource.merge(res);
+  }
+}

gcp-auth-extension/src/main/java/io/opentelemetry/contrib/gcp/auth/GoogleAuthException.java

@@ -0,0 +1,54 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.contrib.gcp.auth;
+
+/**
+ * An unchecked exception indicating a failure during Google authentication. This exception is
+ * thrown when there are issues with retrieving or refreshing Google Application Default Credentials
+ * (ADC).
+ */
+public class GoogleAuthException extends RuntimeException {
+
+  private static final long serialVersionUID = 149908685226796448L;
+
+  /**
+   * Constructs a new {@code GoogleAuthException} with the specified reason and cause.
+   *
+   * @param reason the reason for the authentication failure.
+   * @param cause the underlying cause of the exception (e.g., an IOException).
+   */
+  GoogleAuthException(Reason reason, Throwable cause) {
+    super(reason.message, cause);
+  }
+
+  /** Enumerates the possible reasons for a Google authentication failure. */
+  enum Reason {
+    /** Indicates a failure to retrieve Google Application Default Credentials. */
+    FAILED_ADC_RETRIEVAL("Unable to retrieve Google Application Default Credentials."),
+    /** Indicates a failure to retrieve Google Application Default Credentials. */
+    FAILED_ADC_REFRESH("Unable to refresh Google Application Default Credentials.");
+
+    private final String message;
+
+    /**
+     * Constructs a new {@code Reason} with the specified message.
+     *
+     * @param message the message describing the reason.
+     */
+    Reason(String message) {
+      this.message = message;
+    }
+
+    /**
+     * Returns the message associated with this reason.
+     *
+     * @return the message describing the reason.
+     */
+    public String getMessage() {
+      return message;
+    }
+  }
+}