feat(gcp-auth-extension): Support custom credentials via configuration properties

[keshavdandeva]

feat(gcp-auth-extension): Support custom credentials via configuration properties

Description

Currently, the gcp-auth-extension is hardcoded to use Google Application Default Credentials (ADC) via GoogleCredentials.getApplicationDefault(). While this works well for standard environments (like GCE or environments with GOOGLE_APPLICATION_CREDENTIALS set), it poses limitations in scenarios where credentials need to be provided explicitly at runtime. For example, a JDBC driver integrating OpenTelemetry often receives credentials explicitly from the user (e.g., a path to a specific Service Account JSON file or a raw JSON string passed in the JDBC connection properties) and cannot easily rely on ambient environment variables.

This PR adds support for specifying custom credentials via configuration properties, allowing users to provide a service account JSON file path or the raw JSON content directly, while maintaining backward compatibility by falling back to ADC.

Proposed Changes

gcp-auth-extension

ConfigurableOption.java

• Added two new configuration options to the enum:
  • GOOGLE_CLOUD_CREDENTIALS_PATH (System property: google.cloud.credentials.path, Env var: GOOGLE_CLOUD_CREDENTIALS_PATH)
  • GOOGLE_CLOUD_CREDENTIALS_JSON (System property: google.cloud.credentials.json, Env var: GOOGLE_CLOUD_CREDENTIALS_JSON)

GcpAuthAutoConfigurationCustomizerProvider.java

• Lazy Resolution: Moved the credentials resolution logic from the eager customize method to a lazy resolveCredentials method called within the customizer lambdas. This was necessary because customize only receives AutoConfigurationCustomizer and does not have access to ConfigProperties to read user-specified options.
• Prioritized Resolution Chain: Implemented a fallback chain in resolveCredentials:
  1. Check for explicit file path via google.cloud.credentials.path.
  2. Check for explicit JSON string via google.cloud.credentials.json.
  3. Fallback to GoogleCredentials.getApplicationDefault().
• Token Refreshing: Maintained the use of dynamic header suppliers (setHeaders(() -> ...)), ensuring that credentials loaded from custom sources still benefit from automatic token refreshing provided by the google-auth library.

GcpAuthAutoConfigurationCustomizerProviderTest.java

• Added three new unit tests to verify:
  • Loading credentials from a file path.
  • Loading credentials from a JSON string.
  • Correct fallback to ADC when no custom properties are set.
• Fixed pre-existing compilation warnings (unnecessarily fully qualified names and use of default charset) that failed the build due to -Werror.

Verification Results

Automated Tests

• Executed unit tests for the module: ./gradlew :gcp-auth-extension:test
• Result: BUILD SUCCESSFUL (All existing tests and the 3 new tests passed).

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: Copilot / name: Copilot Autofix powered by AI (ef176b5)
• ✅ login: keshavdandeva / name: Keshav Dandeva (ef176b5, a25296c, a28b0be)

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds support for supplying Google Cloud credentials via configuration (file path or inline JSON) for the GCP auth extension, with tests covering the new resolution behavior.

Changes:

• Add new configuration options for credentials file path and inline JSON.
• Resolve credentials from config properties before falling back to Application Default Credentials.
• Add unit tests validating credential loading and fallback behavior.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 8 comments.

File	Description
gcp-auth-extension/src/main/java/io/opentelemetry/contrib/gcp/auth/GcpAuthAutoConfigurationCustomizerProvider.java	Adds credential resolution from config properties (file/JSON) with ADC fallback.
gcp-auth-extension/src/main/java/io/opentelemetry/contrib/gcp/auth/ConfigurableOption.java	Introduces new configurable options for credentials path and JSON.
gcp-auth-extension/src/test/java/io/opentelemetry/contrib/gcp/auth/GcpAuthAutoConfigurationCustomizerProviderTest.java	Adds tests for credentials loading from file path/JSON and ADC fallback.

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds configuration-driven credential loading to gcp-auth-extension, allowing users to supply Google Cloud credentials via file path or raw JSON while preserving ADC fallback behavior.

Changes:

• Added new configuration options for credentials path and credentials JSON.
• Implemented lazy, prioritized credential resolution (path → JSON → ADC) with caching.
• Added unit tests covering custom credential sources and fallback behavior.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File	Description
gcp-auth-extension/src/main/java/io/opentelemetry/contrib/gcp/auth/ConfigurableOption.java	Adds new configuration enum entries for credentials path/JSON.
gcp-auth-extension/src/main/java/io/opentelemetry/contrib/gcp/auth/GcpAuthAutoConfigurationCustomizerProvider.java	Adds lazy credential resolution with a small cache and a defined precedence chain.
gcp-auth-extension/src/test/java/io/opentelemetry/contrib/gcp/auth/GcpAuthAutoConfigurationCustomizerProviderTest.java	Adds tests for credentials loading from path/JSON and ADC fallback.

[jaydeluca]

@keshavdandeva are you able to sign the CLA?

[keshavdandeva]

@keshavdandeva are you able to sign the CLA?

Yes, done