From b1253a7484ad33ac3b66f493cd9291afb2d99337 Mon Sep 17 00:00:00 2001 From: Douglas Heriot Date: Sat, 7 Jun 2025 19:10:50 +1000 Subject: [PATCH] [SDK] Add credentials option to OTLP gRPC client (#3402) (#3403) This allows passing custom `ChannelCredentials` when creating gRPC channels, to support authentication protocols that require short-lived tokens. --- CHANGELOG.md | 6 ++++++ CMakeLists.txt | 8 +++++++- api/CMakeLists.txt | 5 +++++ ci/do_ci.ps1 | 2 ++ ci/do_ci.sh | 9 ++++++--- exporters/otlp/BUILD | 17 +++++++++++++++++ .../exporters/otlp/otlp_grpc_client_options.h | 11 +++++++++++ exporters/otlp/src/otlp_grpc_client.cc | 13 +++++++++++++ 8 files changed, 67 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 765038b362..999a67dd80 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,12 @@ Increment the: * [TEST] Test examples in CI with CMake Part 1 [#3449](https://github.com/open-telemetry/opentelemetry-cpp/pull/3449) +* [EXPORTER] Add `credentials` option to OTLP Exporter’s gRPC Client + [#3403](https://github.com/open-telemetry/opentelemetry-cpp/pull/3403) + + * To enable with CMake: `-DWITH_OTLP_GRPC_CREDENTIAL_PREVIEW=ON` + * To enable with Bazel: `--@io_opentelemetry_cpp//exporters/otlp:with_otlp_grpc_credential_preview=true` + ## [1.21 2025-05-28] * [BUILD] Remove WITH_ABSEIL diff --git a/CMakeLists.txt b/CMakeLists.txt index 4e65f0493a..89343f6ffc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -222,7 +222,10 @@ option(WITH_OTLP_RETRY_PREVIEW "Whether to enable experimental retry functionality" OFF) option(WITH_OTLP_GRPC_SSL_MTLS_PREVIEW - "Whether to enable mTLS support fro gRPC" OFF) + "Whether to enable mTLS support for gRPC" OFF) + +option(WITH_OTLP_GRPC_CREDENTIAL_PREVIEW + "Whether to enable gRPC credentials option in OTLP gRPC Exporter" OFF) option(WITH_OTLP_GRPC "Whether to include the OTLP gRPC exporter in the SDK" OFF) @@ -793,6 +796,9 @@ message( message(STATUS "WITH_REMOVE_METER_PREVIEW: ${WITH_REMOVE_METER_PREVIEW}") message( STATUS "WITH_OTLP_GRPC_SSL_MTLS_PREVIEW: ${WITH_OTLP_GRPC_SSL_MTLS_PREVIEW}") +message( + STATUS + "WITH_OTLP_GRPC_CREDENTIAL_PREVIEW: ${WITH_OTLP_GRPC_CREDENTIAL_PREVIEW}") message(STATUS "WITH_OTLP_RETRY_PREVIEW: ${WITH_OTLP_RETRY_PREVIEW}") message(STATUS "---------------------------------------------") message(STATUS "third-party options") diff --git a/api/CMakeLists.txt b/api/CMakeLists.txt index d9d5873cf5..8430a52250 100644 --- a/api/CMakeLists.txt +++ b/api/CMakeLists.txt @@ -116,6 +116,11 @@ if(WITH_OTLP_GRPC_SSL_MTLS_PREVIEW) INTERFACE ENABLE_OTLP_GRPC_SSL_MTLS_PREVIEW) endif() +if(WITH_OTLP_GRPC_CREDENTIAL_PREVIEW) + target_compile_definitions(opentelemetry_api + INTERFACE ENABLE_OTLP_GRPC_CREDENTIAL_PREVIEW) +endif() + if(WITH_METRICS_EXEMPLAR_PREVIEW) target_compile_definitions(opentelemetry_api INTERFACE ENABLE_METRICS_EXEMPLAR_PREVIEW) diff --git a/ci/do_ci.ps1 b/ci/do_ci.ps1 index a5d3b2044f..42dd1c0140 100644 --- a/ci/do_ci.ps1 +++ b/ci/do_ci.ps1 @@ -348,6 +348,7 @@ switch ($action) { -DWITH_METRICS_EXEMPLAR_PREVIEW=ON ` -DWITH_ASYNC_EXPORT_PREVIEW=ON ` -DWITH_OTLP_GRPC_SSL_MTLS_PREVIEW=ON ` + -DWITH_OTLP_GRPC_CREDENTIAL_PREVIEW=ON ` -DWITH_OTLP_RETRY_PREVIEW=ON ` -DWITH_OTLP_GRPC=ON ` -DWITH_OTLP_HTTP=ON ` @@ -453,6 +454,7 @@ switch ($action) { -DWITH_ETW=ON ` -DOPENTELEMETRY_INSTALL=ON ` -DWITH_OTLP_GRPC_SSL_MTLS_PREVIEW=OFF ` + -DWITH_OTLP_GRPC_CREDENTIAL_PREVIEW=OFF ` -DWITH_OTLP_RETRY_PREVIEW=OFF ` -DWITH_OTLP_GRPC=OFF ` -DWITH_OTLP_HTTP=OFF ` diff --git a/ci/do_ci.sh b/ci/do_ci.sh index 10b4f98216..a7ed4945eb 100755 --- a/ci/do_ci.sh +++ b/ci/do_ci.sh @@ -69,7 +69,7 @@ MAKE_COMMAND="make -k -j \$(nproc)" echo "make command: ${MAKE_COMMAND}" -BAZEL_OPTIONS_DEFAULT="--copt=-DENABLE_METRICS_EXEMPLAR_PREVIEW" +BAZEL_OPTIONS_DEFAULT="--copt=-DENABLE_METRICS_EXEMPLAR_PREVIEW --//exporters/otlp:with_otlp_grpc_credential_preview=true" BAZEL_OPTIONS="$BAZEL_OPTIONS_DEFAULT" BAZEL_TEST_OPTIONS="$BAZEL_OPTIONS --test_output=errors" @@ -381,6 +381,7 @@ elif [[ "$1" == "cmake.exporter.otprotocol.test" ]]; then -DWITH_OTLP_HTTP=ON \ -DWITH_OTLP_FILE=ON \ -DWITH_OTLP_GRPC_SSL_MTLS_PREVIEW=ON \ + -DWITH_OTLP_GRPC_CREDENTIAL_PREVIEW=ON \ -DWITH_OTLP_RETRY_PREVIEW=ON \ "${SRC_DIR}" grpc_cpp_plugin=`which grpc_cpp_plugin` @@ -467,6 +468,7 @@ elif [[ "$1" == "cmake.install.test" ]]; then -DWITH_ASYNC_EXPORT_PREVIEW=ON \ -DWITH_THREAD_INSTRUMENTATION_PREVIEW=ON \ -DWITH_OTLP_GRPC_SSL_MTLS_PREVIEW=ON \ + -DWITH_OTLP_GRPC_CREDENTIAL_PREVIEW=ON \ -DWITH_OTLP_RETRY_PREVIEW=ON \ -DWITH_OTLP_GRPC=ON \ -DWITH_OTLP_HTTP=ON \ @@ -534,6 +536,7 @@ elif [[ "$1" == "cmake.fetch_content.test" ]]; then -DWITH_ASYNC_EXPORT_PREVIEW=ON \ -DWITH_THREAD_INSTRUMENTATION_PREVIEW=ON \ -DWITH_OTLP_GRPC_SSL_MTLS_PREVIEW=ON \ + -DWITH_OTLP_GRPC_CREDENTIAL_PREVIEW=ON \ -DWITH_OTLP_RETRY_PREVIEW=ON \ -DWITH_OTLP_GRPC=ON \ -DWITH_OTLP_HTTP=ON \ @@ -592,8 +595,8 @@ elif [[ "$1" == "bazel.no_bzlmod.test" ]]; then bazel $BAZEL_STARTUP_OPTIONS test --enable_bzlmod=false $BAZEL_TEST_OPTIONS //... exit 0 elif [[ "$1" == "bazel.test" ]]; then - bazel $BAZEL_STARTUP_OPTIONS build $BAZEL_OPTIONS //... - bazel $BAZEL_STARTUP_OPTIONS test $BAZEL_TEST_OPTIONS //... + bazel $BAZEL_STARTUP_OPTIONS build $BAZEL_OPTIONS $BAZEL_WITH_PREVIEW //... + bazel $BAZEL_STARTUP_OPTIONS test $BAZEL_TEST_OPTIONS $BAZEL_WITH_PREVIEW //... exit 0 elif [[ "$1" == "bazel.with_async_export.test" ]]; then bazel $BAZEL_STARTUP_OPTIONS build $BAZEL_OPTIONS_ASYNC //... diff --git a/exporters/otlp/BUILD b/exporters/otlp/BUILD index 6198e39fe4..2b841954a6 100644 --- a/exporters/otlp/BUILD +++ b/exporters/otlp/BUILD @@ -1,6 +1,7 @@ # Copyright The OpenTelemetry Authors # SPDX-License-Identifier: Apache-2.0 +load("@bazel_skylib//rules:common_settings.bzl", "bool_flag") load("//bazel:otel_cc_benchmark.bzl", "otel_cc_benchmark") package(default_visibility = ["//visibility:public"]) @@ -54,6 +55,10 @@ cc_library( "include/opentelemetry/exporters/otlp/protobuf_include_prefix.h", "include/opentelemetry/exporters/otlp/protobuf_include_suffix.h", ], + defines = select({ + ":enable_otlp_grpc_credential_preview": ["ENABLE_OTLP_GRPC_CREDENTIAL_PREVIEW"], + "//conditions:default": [], + }), strip_include_prefix = "include", tags = [ "otlp", @@ -70,6 +75,18 @@ cc_library( ], ) +config_setting( + name = "enable_otlp_grpc_credential_preview", + flag_values = { + ":with_otlp_grpc_credential_preview": "true", + }, +) + +bool_flag( + name = "with_otlp_grpc_credential_preview", + build_setting_default = False, +) + cc_library( name = "otlp_grpc_exporter", srcs = [ diff --git a/exporters/otlp/include/opentelemetry/exporters/otlp/otlp_grpc_client_options.h b/exporters/otlp/include/opentelemetry/exporters/otlp/otlp_grpc_client_options.h index babb4cac54..0ffe5ba72e 100644 --- a/exporters/otlp/include/opentelemetry/exporters/otlp/otlp_grpc_client_options.h +++ b/exporters/otlp/include/opentelemetry/exporters/otlp/otlp_grpc_client_options.h @@ -7,8 +7,14 @@ #include "opentelemetry/version.h" #include +#include #include +namespace grpc +{ +class ChannelCredentials; +} + OPENTELEMETRY_BEGIN_NAMESPACE namespace exporter { @@ -43,6 +49,11 @@ struct OtlpGrpcClientOptions std::string ssl_client_cert_string; #endif +#ifdef ENABLE_OTLP_GRPC_CREDENTIAL_PREVIEW + /** Use custom ChannelCredentials, instead of the SSL options above. */ + std::shared_ptr credentials; +#endif + /** Export timeout. */ std::chrono::system_clock::duration timeout; diff --git a/exporters/otlp/src/otlp_grpc_client.cc b/exporters/otlp/src/otlp_grpc_client.cc index b520d1bd06..5a331b3be8 100644 --- a/exporters/otlp/src/otlp_grpc_client.cc +++ b/exporters/otlp/src/otlp_grpc_client.cc @@ -433,6 +433,19 @@ std::shared_ptr OtlpGrpcClient::MakeChannel(const OtlpGrpcClientO grpc::CreateCustomChannel(grpc_target, grpc::InsecureChannelCredentials(), grpc_arguments); } +#ifdef ENABLE_OTLP_GRPC_CREDENTIAL_PREVIEW + if (options.credentials) + { + if (options.use_ssl_credentials) + { + OTEL_INTERNAL_LOG_WARN( + "[OTLP GRPC Client] Both 'credentials' and 'use_ssl_credentials' options are set. " + "The former takes priority."); + } + channel = grpc::CreateCustomChannel(grpc_target, options.credentials, grpc_arguments); + } +#endif // ENABLE_OTLP_GRPC_CREDENTIAL_PREVIEW + return channel; }