Update otlp-spring example to use auth extension (#392)

* Add required dependencies

* Use auth extension for OTLP example

* Make empty classifier name more apparent

* Udpate otlp-spring sample to use GCP Auth extension

* Update instructions to reflect auth extension usage

* Add instructions for GKE workload identity

* Add missing steps to update gradle file

Author: psx95

examples/otlp-spring/README.md

@@ -12,6 +12,8 @@ gcloud auth application-default login
 
 ##### Export the Google Cloud Project ID to `GOOGLE_CLOUD_PROJECT` environment variable:
 
+This comes in handy when creating resources for deployment on Google Cloud.
+
 ```shell
 export GOOGLE_CLOUD_PROJECT="my-awesome-gcp-project-id"
 ```
@@ -21,20 +23,12 @@ export GOOGLE_CLOUD_PROJECT="my-awesome-gcp-project-id"
 Update [`build.gradle`](build.grade) to set the following:
 
 ```
-	'-Dotel.resource.attributes=gcp.project_id=<YOUR_PROJECT_ID>,
-	'-Dotel.exporter.otlp.headers=X-Goog-User-Project=<YOUR_QUOTA_PROJECT>',
-	# Optional - if you want to export using gRPC protocol
-	'-Dotel.exporter.otlp.protocol=grpc',
+	'-Dgoogle.cloud.project=your-gcp-project-id',
+	'-Dotel.exporter.otlp.endpoint=https://your-api-endpoint:port',,
 ```
 
 ## Running Locally on your machine
 
-Setup your endpoint with the `OTEL_EXPORTER_OTLP_ENDPOINT` environment variable:
-
-```shell
-export OTEL_EXPORTER_OTLP_ENDPOINT="http://your-endpoint:port"
-```
-
 To run the spring boot application from project root:
 
 ```shell
@@ -61,7 +55,7 @@ gcloud auth configure-docker us-central1-docker.pkg.dev
 
 Build and push your image to the Artifact Registry.
 ```shell
-./gradlew :examples:otlp-spring:jib --image="us-central1-docker.pkg.dev/$GOOGLE_CLOUD_PROJECT/otlp-samples/spring-otlp-trace-example:v1"
+./gradlew :examples-otlp-spring:jib --image="us-central1-docker.pkg.dev/$GOOGLE_CLOUD_PROJECT/otlp-samples/spring-otlp-trace-example:v1"
 ```
 
 Deploy the image on your Kubernetes cluster and setup port forwarding to interact with your cluster:
@@ -78,6 +72,21 @@ After successfully setting up port-forwarding, you can send requests to your clu
 curl http://localhost:8080/work?desc=test
 ```
 
+> [!IMPORTANT]
+> If your cluster has GKE Workload Identity enabled, you will need to grant the `telemetry.traces.write` permission to the service account used by
+> the application deployment.
+
+This running this command will bind the `telemetry-export` service account used by the application deployment to the `telemetry.tracesWriter` role that grants the `telemetry.traces.write`
+permission required to export traces to Google Cloud.
+
+```shell
+# Replace the <GCP-PROJECT-NUMBER> with the project number of your GCP Project ID.
+gcloud projects add-iam-policy-binding projects/$GOOGLE_CLOUD_PROJECT \
+    --role=roles/telemetry.tracesWriter \
+    --member=principal://iam.googleapis.com/projects/<GCP-PROJECT-NUMBER>/locations/global/workloadIdentityPools/$GOOGLE_CLOUD_PROJECT.svc.id.goog/subject/ns/default/sa/telemetry-export \
+    --condition=None
+```
+
 ### Sending continuous requests
 
 The sample comes with a [client program](src/test/java/com/google/cloud/opentelemetry/examples/otlpspring/MainClient.java) which sends requests to deployed application on your cluster at a fixed rate.

examples/otlp-spring/build.gradle

@@ -28,21 +28,23 @@ repositories {
 	mavenCentral()
 }
 
+// the shaded variant name for gcp auth extension is an empty string
+def gcp_auth_extension_shaded_classifier = ''
+
 dependencies {
 	implementation(libraries.opentelemetry_api)
 	implementation(libraries.opentelemetry_sdk)
 	implementation(libraries.opentelemetry_otlp_exporter)
 	implementation(libraries.opentelemetry_sdk_autoconf)
-	implementation(libraries.google_auth)
+	implementation("${libraries.opentelemetry_gcp_auth_extension}:${gcp_auth_extension_shaded_classifier}")
+	implementation(libraries.opentelemetry_gcp_resources)
 
 	implementation(libraries.spring_boot_starter_web)
 }
 
-// Provide headers from env variable
-// export OTEL_EXPORTER_OTLP_ENDPOINT="http://path/to/yourendpoint:port"
 def autoconf_config = [
-	'-Dotel.resource.attributes=gcp.project_id=<YOUR_PROJECT>',
-	'-Dotel.exporter.otlp.headers=X-Goog-User-Project=<YOUR_QUOTA_PROJECT>',
+	'-Dgoogle.cloud.project=your-gcp-project-id',
+	'-Dotel.exporter.otlp.endpoint=https://your-api-endpoint:port',
 	'-Dotel.traces.exporter=otlp',
 	'-Dotel.metrics.exporter=none',
 	'-Dotel.exporter.otlp.protocol=http/protobuf',
@@ -60,9 +62,6 @@ jib {
 	containerizingMode = "packaged"
 	container.jvmFlags = autoconf_config as List
 	container.ports = ["8080"]
-	container.environment = [
-		"OTEL_EXPORTER_OTLP_ENDPOINT":"http://path/to/yourendpoint:port",
-	]
 }
 
 tasks.register('runClient', JavaExec) {

examples/otlp-spring/k8s/deployment.yaml

@@ -1,3 +1,9 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: telemetry-export
+  namespace: default
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -17,6 +23,7 @@ spec:
         app: spring-otlp-trace-example
         tier: backend
     spec:
+      serviceAccountName: telemetry-export
       containers:
         - name: spring-otlp-trace-example
           image: us-central1-docker.pkg.dev/%GOOGLE_CLOUD_PROJECT%/otlp-samples/spring-otlp-trace-example:v1

examples/otlp-spring/src/main/java/com/google/cloud/opentelemetry/examples/otlpspring/ApplicationController.java

@@ -60,9 +60,11 @@ public String simulateWork(@RequestParam(name = "desc") Optional<String> descrip
       span.addEvent("Event A");
       // Do some work for the use case
       // Simulate work: this could be simulating a network request or an expensive disk operation
-      workDurationMillis = 100 + random.nextInt(5) * 100;
+      int randomSleepDuration = random.nextInt(5) * 100;
+      workDurationMillis = 100 + randomSleepDuration;
       Thread.sleep(workDurationMillis);
       span.addEvent("Event B");
+      span.setAttribute("RandomSleep", randomSleepDuration);
     } catch (InterruptedException e) {
       logger.debug("Error while sleeping: {}", e.getMessage());
       throw new RuntimeException(e);

examples/otlp-spring/src/main/java/com/google/cloud/opentelemetry/examples/otlpspring/configuration/OpenTelemetryConfiguration.java

@@ -15,17 +15,8 @@
  */
 package com.google.cloud.opentelemetry.examples.otlpspring.configuration;
 
-import com.google.auth.oauth2.GoogleCredentials;
-import io.opentelemetry.exporter.otlp.http.trace.OtlpHttpSpanExporter;
-import io.opentelemetry.exporter.otlp.http.trace.OtlpHttpSpanExporterBuilder;
-import io.opentelemetry.exporter.otlp.trace.OtlpGrpcSpanExporter;
-import io.opentelemetry.exporter.otlp.trace.OtlpGrpcSpanExporterBuilder;
 import io.opentelemetry.sdk.OpenTelemetrySdk;
 import io.opentelemetry.sdk.autoconfigure.AutoConfiguredOpenTelemetrySdk;
-import io.opentelemetry.sdk.trace.export.SpanExporter;
-import java.io.IOException;
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.config.ConfigurableBeanFactory;
@@ -40,74 +31,8 @@ public class OpenTelemetryConfiguration {
   @Bean
   @Scope(value = ConfigurableBeanFactory.SCOPE_SINGLETON)
   public OpenTelemetrySdk getOpenTelemetrySdk() {
-    GoogleCredentials googleCredentials = getCredentials();
-    AutoConfiguredOpenTelemetrySdk autoConfOTelSdk =
-        AutoConfiguredOpenTelemetrySdk.builder()
-            .addSpanExporterCustomizer(
-                (exporter, configProperties) ->
-                    addAuthorizationHeaders(exporter, googleCredentials))
-            .build();
+    logger.info("Initializing Autoconfigured OpenTelemetry SDK");
+    AutoConfiguredOpenTelemetrySdk autoConfOTelSdk = AutoConfiguredOpenTelemetrySdk.initialize();
     return autoConfOTelSdk.getOpenTelemetrySdk();
   }
-
-  private GoogleCredentials getCredentials() {
-    try {
-      return GoogleCredentials.getApplicationDefault();
-    } catch (IOException e) {
-      throw new RuntimeException(e);
-    }
-  }
-
-  private SpanExporter addAuthorizationHeaders(
-      SpanExporter exporter, GoogleCredentials credentials) {
-    Map<String, String> authHeaders = new ConcurrentHashMap<>();
-    if (exporter instanceof OtlpHttpSpanExporter) {
-      try {
-        credentials.refreshIfExpired();
-        OtlpHttpSpanExporterBuilder builder =
-            ((OtlpHttpSpanExporter) exporter)
-                .toBuilder()
-                    .setHeaders(
-                        () -> {
-                          authHeaders.put("Authorization", refreshToken(credentials));
-                          return authHeaders;
-                        });
-        return builder.build();
-      } catch (IOException e) {
-        logger.error("Error while adding headers : {}", e.getMessage());
-        throw new RuntimeException(e);
-      }
-    } else if (exporter instanceof OtlpGrpcSpanExporter) {
-      try {
-        credentials.refreshIfExpired();
-        OtlpGrpcSpanExporterBuilder builder =
-            ((OtlpGrpcSpanExporter) exporter)
-                .toBuilder()
-                    .setHeaders(
-                        () -> {
-                          authHeaders.put("Authorization", refreshToken(credentials));
-                          return authHeaders;
-                        });
-        return builder.build();
-      } catch (IOException e) {
-        logger.error("Error while adding headers: {}", e.getMessage());
-        throw new RuntimeException(e);
-      }
-    }
-    return exporter;
-  }
-
-  private String refreshToken(GoogleCredentials credentials) {
-    logger.info("Refreshing Google Credentials");
-    try {
-      logger.info(
-          "Current access token expires at {}", credentials.getAccessToken().getExpirationTime());
-      credentials.refreshIfExpired();
-      logger.info("Credential refresh check complete");
-      return String.format("Bearer %s", credentials.getAccessToken().getTokenValue());
-    } catch (IOException e) {
-      logger.error("Error while refreshing credentials: {}", e.getMessage());
-      throw new RuntimeException(e);
-    }
-  }
 }

examples/otlptrace/README.md

@@ -11,10 +11,14 @@ Executing this command will save your application credentials to default path wh
  - Linux, macOS: `$HOME/.config/gcloud/application_default_credentials.json`
  - Windows: `%APPDATA%\gcloud\application_default_credentials.json`
 
-Next, set your endpoint with the `OTEL_EXPORTER_OTLP_ENDPOINT` environment variable:
+Next, update the `build.gradle` file to modify required JVM arguments:
 
-```shell
-export OTEL_EXPORTER_OTLP_ENDPOINT="http://your-endpoint:port"
+```groovy
+def autoconf_config = [
+    '-Dgoogle.cloud.project=your-gcp-project-id',
+	'-Dotel.exporter.otlp.endpoint=https://your-api-endpoint:port',
+    // other arguments
+    ]
 ```
 
 Finally, to run the sample from the project root: