ntp/common
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(tracing): add bearer token authentication for OTLP exporters

Browse Source 
Add BearerTokenFunc to support dynamic bearer token authentication
for OTLP gRPC exporters. Tokens are injected via gRPC PerRPCCredentials
on each export request.

- Add BearerTokenFunc type and Config field in tracerconfig
- Implement bearerCredentials (gRPC) and bearerRoundTripper (HTTP)
- Wire bearer auth into all three gRPC exporter creation functions
- Add token verification before flushing buffered logs
- Fix race condition in buffering exporter initialization

Note: HTTP exporters don't support dynamic bearer tokens due to
OpenTelemetry SDK limitations (no WithHTTPClient option). Use gRPC
protocol for dynamic tokens.
This commit is contained in:
Ask Bjørn Hansen
2025-12-27 12:52:37 -08:00
parent d43ff0f2a9
commit fc3617b7d8
5 changed files with 496 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tracing/tracing.go
View File

@@ -112,6 +112,10 @@ func Start(ctx context.Context, spanName string, opts ...trace.SpanStartOption)
// This maintains backward compatibility for existing code.
type GetClientCertificate = tracerconfig.GetClientCertificate
// BearerTokenFunc is an alias for the type defined in tracerconfig.
// It retrieves a bearer token for OTLP authentication.
type BearerTokenFunc = tracerconfig.BearerTokenFunc
// TracerConfig provides configuration options for OpenTelemetry tracing setup.
// It supplements standard OpenTelemetry environment variables with additional
// NTP Pool-specific configuration including TLS settings for secure OTLP export.
@@ -123,6 +127,7 @@ type TracerConfig struct {
CertificateProvider GetClientCertificate // Client certificate provider for mutual TLS
RootCAs *x509.CertPool // CA certificate pool for server verification
BearerTokenFunc BearerTokenFunc // Token provider for bearer authentication
}
// InitTracer initializes the OpenTelemetry SDK with the provided configuration.
@@ -160,6 +165,7 @@ func SetupSDK(ctx context.Context, cfg *TracerConfig) (shutdown TpShutdownFunc,
EndpointURL: cfg.EndpointURL,
CertificateProvider: cfg.CertificateProvider,
RootCAs: cfg.RootCAs,
BearerTokenFunc: cfg.BearerTokenFunc,
}
tracerconfig.Store(ctx, bridgeConfig, createOTLPLogExporter, createOTLPMetricExporter, createOTLPTraceExporter)