feat: configure TLS with environment variables. #2465
Conversation
jvanz
force-pushed
the
tls-envvars
branch
3 times, most recently
from
50894e9 to
5031002
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2465 +/- ##
=======================================
- Coverage 77.9% 77.4% -0.5%
=======================================
Files 123 123
Lines 22944 23168 +224
=======================================
+ Hits 17880 17948 +68
- Misses 5064 5220 +156 ☔ View full report in Codecov by Sentry. |
jvanz
force-pushed
the
tls-envvars
branch
3 times, most recently
from
9458a03 to
093a1ce
Compare
|
@TommyCpp , how can we move this forward? 😄 |
Updates the opentelemetry-otlp crate to allow users to configure TLS using environment variables. Removing the need to crating the TLS config object and defining it with the `with_tls_config` method. In the same way other OTLP libraries does (e.g. go lang). Signed-off-by: José Guilherme Vanz <[email protected]>
|
👀 Will take a look today |
Fix typo in the changelog. Signed-off-by: José Guilherme Vanz <[email protected]>
Add missing TLS configuration directives. Signed-off-by: José Guilherme Vanz <[email protected]>
Add comments formatting adding missing periods at the end. Signed-off-by: José Guilherme Vanz <[email protected]>
| @@ -136,3 +151,150 @@ async fn smoke_tracer() { | |||
| let first_event = first_span.events.first().unwrap(); | |||
| assert_eq!("my-test-event", first_event.name); | |||
| } | |||
|
|
|||
| #[tokio::test(flavor = "multi_thread")] | |||
There was a problem hiding this comment.
we now have automated integration tests. Could these tests be added there? It does not have anything validating the TLS code paths..
https://github.com/open-telemetry/opentelemetry-rust/tree/main/opentelemetry-otlp/tests/integration_test/tests
There was a problem hiding this comment.
+1., this needs to be moved to integrations tests.
There was a problem hiding this comment.
https://github.com/open-telemetry/opentelemetry-dotnet/blob/main/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/gen_test_cert.sh we can steal some scripts from here to generate the needed artifacts.
| { | ||
| let insecure = config.insecure.unwrap_or_else(|| { | ||
| env::var(signal_insecure_var) | ||
| .or_else(|_| env::var(OTEL_EXPORTER_OTLP_INSECURE)) |
There was a problem hiding this comment.
haven't done a full look, but wondering what is the priority order when signal specific ENV variables and this is present?
There was a problem hiding this comment.
Looking at the code (specifically resolve_tls_config), the priority order seems to be:
ClientTlsConfig -> signal_specific_env -> otlp_generic_env
But need @jvanz to confirm :)
| @@ -27,6 +27,18 @@ pub const OTEL_EXPORTER_OTLP_HEADERS: &str = "OTEL_EXPORTER_OTLP_HEADERS"; | |||
| pub const OTEL_EXPORTER_OTLP_PROTOCOL: &str = "OTEL_EXPORTER_OTLP_PROTOCOL"; | |||
| /// Compression algorithm to use, defaults to none. | |||
| pub const OTEL_EXPORTER_OTLP_COMPRESSION: &str = "OTEL_EXPORTER_OTLP_COMPRESSION"; | |||
| /// Certificate file to validate the OTLP server connection. | |||
| #[cfg(feature = "tls")] | |||
There was a problem hiding this comment.
tls feature flag is specific to grpc-tonic. Just to be clear -this PR is only adding TLS support for grpc, and not http?
| @@ -217,6 +268,34 @@ impl<B: HasExportConfig> WithExportConfig for B { | |||
| self.export_config().endpoint = exporter_config.endpoint; | |||
| self.export_config().protocol = exporter_config.protocol; | |||
| self.export_config().timeout = exporter_config.timeout; | |||
| #[cfg(feature = "tls")] | |||
| { | |||
| self.export_config().insecure = Some(true); | |||
There was a problem hiding this comment.
As per the specs, the connection should be secure by default.
https://github.com/open-telemetry/opentelemetry-specification/blob/3b037be082915f29766a87c01141c72fb0fb5f1b/specification/protocol/exporter.md
| .map_err(crate::Error::from)?, | ||
| None => endpoint, | ||
| { | ||
| let insecure = config.insecure.unwrap_or_else(|| { |
There was a problem hiding this comment.
Please correct me - there would always be a default value associated with the insecure, which means else part will never execute?
Updates the opentelemetry-otlp crate to allow users to configure TLS using environment variables. Removing the need to crating the TLS config object and defining it with the
with_tls_configmethod. In the same way other OTLP libraries does (e.g. go lang).Partially fixes #774
Merge requirement checklist
CHANGELOG.mdfiles updated for non-trivial, user-facing changes