Motivation

With PR #5570, OAuth2 authentication is available to HTTP based destinations. Currently, OAuth2 authentication is not available for gRPC-based destinations.

Changes

This change extends the OAuth2 authentication support introduced in PR #5570 to gRPC-based destinations (opentelemetry, loki, bigquery, pubsub, clickhouse, etc.).

The implementation mirrors the existing HTTP pattern by introducing a signal/slot mechanism for gRPC metadata injection, allowing the cloud-auth module to inject OAuth2 tokens into gRPC requests.

Key Features

• New grpc-signals.h header defining GrpcMetadataRequestSignalData for plugin communication.
• Signal emission in grpc-dest-worker.cpp to collect metadata from authentication plugins.
• gRPC signal handlers in cloud-auth module for token injection.

Configuration

destination d_grpc {
  opentelemetry(
    url("example.com:443")
    cloud-auth(
      oauth2(
        client_id("client-id")
        client_secret("client-secret")
        token_url("https://auth.example.com/token")
        scope("api-scope")
      )
    )
  );
};

Testing

• Verified the OAuth2 module works with existing HTTP destinations to verify no regressions are introduced.
• Verified the OAuth2 module works with gRPC destinations to verify the newly added functionality works.

Notes

• The signal/slot mechanism enables future extensibility for gRPC destinations.
• All existing and future gRPC destinations automatically gain OAuth2 support.
• Google authentication (google-auth) can be extended to support gRPC destinations using the same pattern if needed.
• No breaking changes to existing configurations.
• Follows the design pattern established in PR #5570.