From 81d67a37f37802d6bc7fcdcf388460518f48b4a3 Mon Sep 17 00:00:00 2001 From: Min Xia Date: Fri, 17 Sep 2021 11:25:40 -0700 Subject: [PATCH] Fix TLS related docs and TLS config name for Server side settings commit 4607209b4dfe26f5419fcba9a667848caf41fc8f Author: Min Xia Date: Thu Sep 16 13:33:52 2021 -0700 Do not squash `configtls.TLSClientSetting` in `confighttp` and `cnofiggrpc` config --- CHANGELOG.md | 2 ++ config/configauth/README.md | 4 ++-- config/configgrpc/README.md | 11 ++++++++--- config/configgrpc/configgrpc.go | 4 ++-- config/confighttp/README.md | 11 ++++++++--- config/confighttp/confighttp.go | 4 ++-- config/configtls/README.md | 19 ++++++++++--------- exporter/otlpexporter/testdata/config.yaml | 3 ++- .../otlphttpexporter/testdata/config.yaml | 9 +++++---- receiver/otlpreceiver/config.md | 4 ++-- receiver/otlpreceiver/testdata/config.yaml | 4 ++-- 11 files changed, 45 insertions(+), 30 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cae2ba47d11..b1813f40833 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ - Remove AttributeMessageType (#4020) - Remove `mem-ballast-size-mib`, already deprecated and no-op (#4005). - Remove `AttributeHTTPStatusText` const, replaced with `"http.status_text"` (#4015, contrib/#5182). +- Remove squash on `configtls.TLSClientSetting` and move TLS client configs under `tls` (#4063). +- Rename TLS server config `*configtls.TLSServerSetting` from `tls_settings` to `tls` (#4063). ## v0.35.0 Beta diff --git a/config/configauth/README.md b/config/configauth/README.md index c8bf9f0f6c0..54c5fa6c9a7 100644 --- a/config/configauth/README.md +++ b/config/configauth/README.md @@ -4,7 +4,7 @@ This module allows server types, such as gRPC and HTTP, to be configured to perf The currently known authenticators: -- [oidc](../../extension/oidcauthextension) +- [oidc](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/extension/oidcauthextension) Examples: ```yaml @@ -22,7 +22,7 @@ receivers: protocols: grpc: endpoint: localhost:4318 - tls_settings: + tls: cert_file: /tmp/certs/cert.pem key_file: /tmp/certs/cert-key.pem auth: diff --git a/config/configgrpc/README.md b/config/configgrpc/README.md index a2d28d2f6af..7b82bb5f62e 100644 --- a/config/configgrpc/README.md +++ b/config/configgrpc/README.md @@ -10,14 +10,15 @@ adjusted. [Exporters](https://github.com/open-telemetry/opentelemetry-collector/blob/main/exporter/README.md) leverage client configuration. -Note that client configuration supports TLS configuration, however -configuration parameters are not defined under `tls_settings` like server +Note that client configuration supports TLS configuration, the +configuration parameters are also defined under `tls` like server configuration. For more information, see [configtls README](../configtls/README.md). - [`balancer_name`](https://github.com/grpc/grpc-go/blob/master/examples/features/load_balancing/README.md) - `compression` (default = gzip): Compression type to use (only gzip is supported today) - `endpoint`: Valid value syntax available [here](https://github.com/grpc/grpc/blob/master/doc/naming.md) +- [`tls`](../configtls/README.md) - `headers`: name/value pairs added to the request - [`keepalive`](https://godoc.org/google.golang.org/grpc/keepalive#ClientParameters) - `permit_without_stream` @@ -34,6 +35,10 @@ Example: exporters: otlp: endpoint: otelcol2:55690 + tls: + ca_file: ca.pem + cert_file: cert.pem + key_file: key.pem headers: test1: "value1" "test 2": "value 2" @@ -60,5 +65,5 @@ see [confignet README](../confignet/README.md). - [`max_concurrent_streams`](https://godoc.org/google.golang.org/grpc#MaxConcurrentStreams) - [`max_recv_msg_size_mib`](https://godoc.org/google.golang.org/grpc#MaxRecvMsgSize) - [`read_buffer_size`](https://godoc.org/google.golang.org/grpc#ReadBufferSize) -- [`tls_settings`](../configtls/README.md) +- [`tls`](../configtls/README.md) - [`write_buffer_size`](https://godoc.org/google.golang.org/grpc#WriteBufferSize) diff --git a/config/configgrpc/configgrpc.go b/config/configgrpc/configgrpc.go index bc5082db709..8643e310207 100644 --- a/config/configgrpc/configgrpc.go +++ b/config/configgrpc/configgrpc.go @@ -73,7 +73,7 @@ type GRPCClientSettings struct { Compression string `mapstructure:"compression"` // TLSSetting struct exposes TLS client configuration. - TLSSetting configtls.TLSClientSetting `mapstructure:",squash"` + TLSSetting configtls.TLSClientSetting `mapstructure:"tls,omitempty"` // The keepalive parameters for gRPC client. See grpc.WithKeepaliveParams. // (https://godoc.org/google.golang.org/grpc#WithKeepaliveParams). @@ -134,7 +134,7 @@ type GRPCServerSettings struct { // Configures the protocol to use TLS. // The default value is nil, which will cause the protocol to not use TLS. - TLSSetting *configtls.TLSServerSetting `mapstructure:"tls_settings,omitempty"` + TLSSetting *configtls.TLSServerSetting `mapstructure:"tls,omitempty"` // MaxRecvMsgSizeMiB sets the maximum size (in MiB) of messages accepted by the server. MaxRecvMsgSizeMiB uint64 `mapstructure:"max_recv_msg_size_mib"` diff --git a/config/confighttp/README.md b/config/confighttp/README.md index ead126dc4a3..460951f2fcd 100644 --- a/config/confighttp/README.md +++ b/config/confighttp/README.md @@ -9,12 +9,13 @@ receivers or exporters. [Exporters](https://github.com/open-telemetry/opentelemetry-collector/blob/main/exporter/README.md) leverage client configuration. -Note that client configuration supports TLS configuration, however -configuration parameters are not defined under `tls_settings` like server +Note that client configuration supports TLS configuration, the +configuration parameters are also defined under `tls` like server configuration. For more information, see [configtls README](../configtls/README.md). - `endpoint`: address:port +- [`tls`](../configtls/README.md) - `headers`: name/value pairs added to the HTTP request headers - [`read_buffer_size`](https://golang.org/pkg/net/http/#Transport) - [`timeout`](https://golang.org/pkg/net/http/#Client) @@ -26,6 +27,10 @@ Example: exporter: otlp: endpoint: otelcol2:55690 + tls: + ca_file: ca.pem + cert_file: cert.pem + key_file: key.pem headers: test1: "value1" "test 2": "value 2" @@ -44,7 +49,7 @@ leverage server configuration. `Content-Type`, `X-Requested-With`. `Origin` is also always added to the list. A wildcard (`*`) can be used to match any header. - `endpoint`: Valid value syntax available [here](https://github.com/grpc/grpc/blob/master/doc/naming.md) -- [`tls_settings`](../configtls/README.md) +- [`tls`](../configtls/README.md) Example: diff --git a/config/confighttp/confighttp.go b/config/confighttp/confighttp.go index d51664e4c06..19291792250 100644 --- a/config/confighttp/confighttp.go +++ b/config/confighttp/confighttp.go @@ -38,7 +38,7 @@ type HTTPClientSettings struct { Endpoint string `mapstructure:"endpoint"` // TLSSetting struct exposes TLS client configuration. - TLSSetting configtls.TLSClientSetting `mapstructure:",squash"` + TLSSetting configtls.TLSClientSetting `mapstructure:"tls,omitempty"` // ReadBufferSize for HTTP client. See http.Transport.ReadBufferSize. ReadBufferSize int `mapstructure:"read_buffer_size"` @@ -140,7 +140,7 @@ type HTTPServerSettings struct { Endpoint string `mapstructure:"endpoint"` // TLSSetting struct exposes TLS client configuration. - TLSSetting *configtls.TLSServerSetting `mapstructure:"tls_settings, omitempty"` + TLSSetting *configtls.TLSServerSetting `mapstructure:"tls, omitempty"` // CorsOrigins are the allowed CORS origins for HTTP/JSON requests to grpc-gateway adapter // for the OTLP receiver. See github.com/rs/cors diff --git a/config/configtls/README.md b/config/configtls/README.md index 60be861dcf0..2af6b830602 100644 --- a/config/configtls/README.md +++ b/config/configtls/README.md @@ -48,8 +48,8 @@ See below for examples. [Exporters](https://github.com/open-telemetry/opentelemetry-collector/blob/main/exporter/README.md) leverage client configuration. -Note that client configuration supports TLS configuration, however -configuration parameters are not defined under `tls_settings` like server +Note that client configuration supports TLS configuration, the +configuration parameters are also defined under `tls` like server configuration. For more information, see [configtls README](../configtls/README.md). @@ -66,11 +66,12 @@ exporters: otlp: endpoint: myserver.local:55690 insecure: false - ca_file: server.crt - cert_file: client.crt - key_file: client.key - min_version: "1.1" - max_version: "1.2" + tls: + ca_file: server.crt + cert_file: client.crt + key_file: client.key + min_version: "1.1" + max_version: "1.2" otlp/insecure: endpoint: myserver.local:55690 insecure: true @@ -101,14 +102,14 @@ receivers: protocols: grpc: endpoint: mysite.local:55690 - tls_settings: + tls: cert_file: server.crt key_file: server.key otlp/mtls: protocols: grpc: endpoint: mysite.local:55690 - tls_settings: + tls: client_ca_file: client.pem cert_file: server.crt key_file: server.key diff --git a/exporter/otlpexporter/testdata/config.yaml b/exporter/otlpexporter/testdata/config.yaml index 1a9679f87af..33e4c1c35ed 100644 --- a/exporter/otlpexporter/testdata/config.yaml +++ b/exporter/otlpexporter/testdata/config.yaml @@ -12,7 +12,8 @@ exporters: otlp/2: endpoint: "1.2.3.4:1234" compression: "on" - ca_file: /var/lib/mycert.pem + tls: + ca_file: /var/lib/mycert.pem timeout: 10s sending_queue: enabled: true diff --git a/exporter/otlphttpexporter/testdata/config.yaml b/exporter/otlphttpexporter/testdata/config.yaml index ca25dfe6e31..61de8891da9 100644 --- a/exporter/otlphttpexporter/testdata/config.yaml +++ b/exporter/otlphttpexporter/testdata/config.yaml @@ -8,10 +8,11 @@ exporters: otlphttp: otlphttp/2: endpoint: "https://1.2.3.4:1234" - insecure: true - ca_file: /var/lib/mycert.pem - cert_file: certfile - key_file: keyfile + tls: + ca_file: /var/lib/mycert.pem + cert_file: certfile + key_file: keyfile + insecure: true timeout: 10s read_buffer_size: 123 write_buffer_size: 345 diff --git a/receiver/otlpreceiver/config.md b/receiver/otlpreceiver/config.md index 0e30e5e2521..4b4b5a360cb 100644 --- a/receiver/otlpreceiver/config.md +++ b/receiver/otlpreceiver/config.md @@ -22,7 +22,7 @@ Config defines configuration for OTLP receiver. | ---- | ---- | ------- | ---- | | endpoint |string| 0.0.0.0:4317 | Endpoint configures the address for this network connection. For TCP and UDP networks, the address has the form "host:port". The host must be a literal IP address, or a host name that can be resolved to IP addresses. The port must be a literal port number or a service name. If the host is a literal IPv6 address it must be enclosed in square brackets, as in "[2001:db8::1]:80" or "[fe80::1%zone]:80". The zone specifies the scope of the literal IPv6 address as defined in RFC 4007. | | transport |string| tcp | Transport to use. Known protocols are "tcp", "tcp4" (IPv4-only), "tcp6" (IPv6-only), "udp", "udp4" (IPv4-only), "udp6" (IPv6-only), "ip", "ip4" (IPv4-only), "ip6" (IPv6-only), "unix", "unixgram" and "unixpacket". | -| tls_settings |[configtls-TLSServerSetting](#configtls-TLSServerSetting)| | Configures the protocol to use TLS. The default value is nil, which will cause the protocol to not use TLS. | +| tls |[configtls-TLSServerSetting](#configtls-TLSServerSetting)| | Configures the protocol to use TLS. The default value is nil, which will cause the protocol to not use TLS. | | max_recv_msg_size_mib |uint64| | MaxRecvMsgSizeMiB sets the maximum size (in MiB) of messages accepted by the server. | | max_concurrent_streams |uint32| | MaxConcurrentStreams sets the limit on the number of concurrent streams to each ServerTransport. It has effect only for streaming RPCs. | | read_buffer_size |int| 524288 | ReadBufferSize for gRPC server. See grpc.ReadBufferSize (https://godoc.org/google.golang.org/grpc#ReadBufferSize). | @@ -74,7 +74,7 @@ Config defines configuration for OTLP receiver. | Name | Type | Default | Docs | | ---- | ---- | ------- | ---- | | endpoint |string| 0.0.0.0:4318 | Endpoint configures the listening address for the server. | -| tls_settings |[configtls-TLSServerSetting](#configtls-TLSServerSetting)| | TLSSetting struct exposes TLS client configuration. | +| tls |[configtls-TLSServerSetting](#configtls-TLSServerSetting)| | TLSSetting struct exposes TLS client configuration. | | cors_allowed_origins |[]string| | CorsOrigins are the allowed CORS origins for HTTP/JSON requests to grpc-gateway adapter for the OTLP receiver. See github.com/rs/cors An empty list means that CORS is not enabled at all. A wildcard (*) can be used to match any origin or one or more characters of an origin. | | cors_allowed_headers |[]string| | CorsHeaders are the allowed CORS headers for HTTP/JSON requests to grpc-gateway adapter for the OTLP receiver. See github.com/rs/cors CORS needs to be enabled first by providing a non-empty list in CorsOrigins A wildcard (*) can be used to match any header. | diff --git a/receiver/otlpreceiver/testdata/config.yaml b/receiver/otlpreceiver/testdata/config.yaml index 7e9a8ab94e0..568df9e713a 100644 --- a/receiver/otlpreceiver/testdata/config.yaml +++ b/receiver/otlpreceiver/testdata/config.yaml @@ -54,11 +54,11 @@ receivers: otlp/tlscredentials: protocols: grpc: - tls_settings: + tls: cert_file: test.crt key_file: test.key http: - tls_settings: + tls: cert_file: test.crt key_file: test.key # The following entry demonstrates how to specify a Unix Domain Socket for the server.