From 9b7a02cab50766613aee9600fb8d997a0f460a34 Mon Sep 17 00:00:00 2001
From: Tinco Andringa <mail@tinco.nl>
Date: Thu, 23 Jan 2025 23:59:10 +0100
Subject: [PATCH] Add support for gRPC OpenTelemetry over TLS

---
 Cargo.lock           |  4 ++++
 Cargo.toml           |  4 +++-
 kwaak.toml           |  7 ++++---
 src/kwaak_tracing.rs | 26 ++++++++++++++++++++++++--
 4 files changed, 35 insertions(+), 6 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 99467316..fa3388c5 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4045,6 +4045,7 @@ dependencies = [
  "tokio",
  "tokio-util",
  "toml",
+ "tonic",
  "tracing",
  "tracing-appender",
  "tracing-opentelemetry",
@@ -8403,8 +8404,11 @@ dependencies = [
  "percent-encoding",
  "pin-project",
  "prost",
+ "rustls-native-certs 0.8.1",
+ "rustls-pemfile 2.2.0",
  "socket2 0.5.8",
  "tokio",
+ "tokio-rustls 0.26.1",
  "tokio-stream",
  "tower 0.4.13",
  "tower-layer",
diff --git a/Cargo.toml b/Cargo.toml
index c214ee4e..a40feb79 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -46,8 +46,9 @@ opentelemetry_sdk = { version = "0.27.1", optional = true, features = [
 ] }
 opentelemetry = { version = "0.27.1", optional = true }
 opentelemetry-otlp = { version = "0.27.0", optional = true, features = [
-  "tonic",
+  "tonic", "tls"
 ] }
+tonic = { version = "0.12.3", optional = true, features = ["tls-roots"] }
 
 tui-markdown = "0.3.1"
 uuid = { version = "1.11.0", features = ["v4"] }
@@ -128,6 +129,7 @@ default = ["otel"]
   "dep:opentelemetry_sdk",
   "dep:opentelemetry",
   "dep:opentelemetry-otlp",
+  "dep:tonic",
 ]
 
 
diff --git a/kwaak.toml b/kwaak.toml
index 3f101dbb..d00fed1b 100644
--- a/kwaak.toml
+++ b/kwaak.toml
@@ -1,16 +1,17 @@
 language = "rust"
 
 tavily_api_key = "env:TAVILY_API_KEY"
-github_api_key = "env:KWAAK_GITHUB_TOKEN"
-openai_api_key = "env:KWAAK_OPENAI_API_KEY"
+github_api_key = "env:GITHUB_TOKEN"
+openai_api_key = "env:OPENAI_API_KEY"
 
 tool_executor = "docker"
 otel_enabled = true
+skip_indexing = true
 
 [commands]
 test = "RUST_LOG=kwaak=debug,swiftide=debug RUST_BACKTRACE=1 cargo nextest run --no-fail-fast --color=never"
 coverage = "cargo +nightly llvm-cov nextest --no-clean --summary-only"
-lint_and_fix = "cargo clippy --fix --allow-dirty --allow-staged; cargo fmt"
+# lint_and_fix = "cargo clippy --fix --allow-dirty --allow-staged; cargo fmt"
 
 [git]
 owner = "bosun-ai"
diff --git a/src/kwaak_tracing.rs b/src/kwaak_tracing.rs
index d34afad3..1e442866 100644
--- a/src/kwaak_tracing.rs
+++ b/src/kwaak_tracing.rs
@@ -96,11 +96,33 @@ use opentelemetry_sdk::trace::TracerProvider;
 
 #[cfg(feature = "otel")]
 fn init_otel() -> TracerProvider {
+    use opentelemetry_otlp::WithTonicConfig;
     use opentelemetry_sdk::runtime;
     use opentelemetry_sdk::trace::TracerProvider;
 
-    let exporter = opentelemetry_otlp::SpanExporter::builder()
-        .with_tonic()
+    let mut exporter_builder = opentelemetry_otlp::SpanExporter::builder().with_tonic();
+
+    let endpoint = std::env::var("OTEL_EXPORTER_OTLP_ENDPOINT").unwrap_or_default();
+    let insecure = std::env::var("OTEL_EXPORTER_OTLP_INSECURE").unwrap_or_default();
+
+    // This logic is based on https://opentelemetry.io/docs/specs/otel/protocol/exporter/
+    let needs_tls = if endpoint.starts_with("https:") {
+        true
+    } else if endpoint.starts_with("http:") {
+        false
+    } else if insecure == "true" {
+        false
+    } else {
+        true
+    };
+
+    if needs_tls {
+        // TODO: This only supports native roots. We should support custom TLS certificates as well.
+        exporter_builder = exporter_builder
+            .with_tls_config(tonic::transport::ClientTlsConfig::new().with_native_roots());
+    }
+
+    let exporter = exporter_builder
         .build()
         .expect("failed to create otlp exporter");