[EXPORTER] OTLP GRPC mTLS support #2120
Conversation
| @@ -6,13 +6,44 @@ | |||
| #include "opentelemetry/exporters/otlp/otlp_environment.h" | |||
|
|
|||
| #include <memory> | |||
| // TODO: These requires C++17, is that OK? It seems like we need to support C++0x? | |||
There was a problem hiding this comment.
We need support c++11. You can use absl::variant and absl::optional for alternative.
|
|
||
| // TODO: Check if this strong-typing is ok. It seems nice, and allows variant typing. | ||
| struct FilePath { | ||
| std::string value; |
There was a problem hiding this comment.
I think we'd better use nostd::string_view here.
There was a problem hiding this comment.
Just note that the existing options in OtlpGrpcExporterOptions all use std::string, hence why I used that. If this should be different, so be it - just checking before changing it.
|
The trace is already stable. I think we need discuss this approch because it break the API and also we need it to support environment variables in specification. |
|
Thanks for the comments! Based on my understanding of Stable, compilation breakages are not allowed except for major version changes (reasonable). Is it reasonable to still make things compatible, but mark Supporting the environment variables sounds good to me, can do so. Also, a related thing related to what I'm interested in - is gRPC actually has experimental support refreshing certificates every X seconds from disk. If that seems reasonable, while it could be a separate PR, given it may effect the API, it may be worth discussing now. And of course feel free to give me your opinions on style and such, once we agree on the high-level, I'll take another pass on the code:
|
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #2120 +/- ##
==========================================
- Coverage 87.53% 87.50% -0.02%
==========================================
Files 169 169
Lines 4889 4888 -1
==========================================
- Hits 4279 4277 -2
- Misses 610 611 +1 |
|
@kylepl Why do we want to deprecate the existing members - |
|
@lalitb Just to be precise, and is likely what you mean, There are few pieces to the change:
But, there is a cost of changing what is already there even if we did agree on what to do if this was entirely new code. Thus my proposal is to support the new format and the old format, with a deprecation warning - but this is where I defer to everyone on what makes sense. So if you want the two existing options to remain where they are, and potentially just have |
|
I've switched to using absl::variant/optional, thus the compilation should be fixed for earlier versions. |
| @@ -17,7 +16,7 @@ namespace otlp | |||
| { | |||
|
|
|||
| // This type allows the variants to be default-constructed to neither type. | |||
| // This avoids needing deeper template if std::optional<std::variant<>>. | |||
| // This avoids needing deeper template if absl::optional<absl::variant<>>. | |||
| struct Unset {}; | |||
There was a problem hiding this comment.
Note to self: This is what nostd::monostate is for, remove this,
|
First, thanks for picking this up, support for mTLS in the gRPC exporter is Please find here some comments and guidance. struct OtlpGrpcExporterOptionsThe ca_cert is already implemented with ssl_credentials_cacert_path and For the client cert and key, please use a flat structure, with different Using a std::variant is technically correct, and more type safe, but it Please follow the pattern from struct OtlpHttpExporterOptions, for In the long term, configurations using environment variables is going to be
When this change is implemented for all opentelemetry repositories, the For now, consistency with the existing HTTP pattern will avoid too many intermediate changes. Environment variablesstruct OtlpGrpcExporterOptions should by default read environment variables, Please call:
Likewise, see struct OtlpHttpExporterOptions. CMakeThis is a new feature, so it needs a CMake option, for optional adoption. Something like:
See existing options for the OTLP HTTP exporter. In the implementation:
In other words, the code should still build with old gRPC libraries, See build failures in CI related to gcc 4.8 with a very old gRPC library, it C++11 support, and support for old libraries, will go away over time, but for Unit testsFor unit tests for the option struct itself, see file Examples of units tests for the HTTP exporter can be found in file Functional testsSee functional/otlp for existing OTLP HTTP functional tests. Either in the same PR, or in subsequent work, functional tests talking to an |
marcalff
changed the title
kylepl
force-pushed
the
support-client-certs
branch
from
f55a83a
to
8dc2ca9
Compare
TODO: Add tests. I have not run or written any tests, other than verifying it worked once in my production system.
kylepl
force-pushed
the
support-client-certs
branch
from
8dc2ca9
to
355def3
Compare
|
Apologies for the long delay. I've taken another pass - doing everything except for the tests - which I can do once this LGTY. |
|
There were a number of failures - I think because of the unnecessary variant/optional include. I've removed them, so hopefully the bazel versions pass now. For formatting, is there a script I should run to do the auto-formatting? Also, I wasn't sure if the thumbs-up meant review seemed reasonable, but I'll wait for an explicit comment before doing the tests. :) |
"SSL" to the mTLS macros since evenetually there will be something named TLS on the gRPC side.
|
And I've put in one more fix for Windows not liking initializer lists for structs. Should just be the formatting errors to resolve (once I know what to run for it). |
There was a problem hiding this comment.
Thanks for the PR, this is looking much better already.
Right now, the build fails (to fix), and does not use the new MTLS_PREVIEW option anyway.
Please look for:
-DWITH_OTLP_HTTP_SSL_PREVIEW=ON \
-DWITH_OTLP_HTTP_SSL_TLS_PREVIEW=ON \
in file ci/do_ci.sh,
and add both WITH_OTLP_GRPC and WITH_OTLP_GRPC_SSL_MTLS_PREVIEW at the same places, to have some CI coverage of the new code.
|
To fix format errors, run clang-format version 10. See docs/using-clang-format.md |
|
I've done clang-format on the .cc/.h files, and enabled this path in the CI. |
|
I've done another pass of fixing format errors. There are also now failures about gRPC inputs not being included, I think because more options must be specified - but I'm not sure what exactly needs to be copied over (seems like a lot?). e.g. |
Indeed, a lot more setup is needed beside just adding This was bad guidance from me, sorry about that. Let's revert this changes to This should be simpler as the |
arleady has GRPC enabled on it.
|
No worries, done. |
There was a problem hiding this comment.
Looks good. Thanks for the contribution.
Perhaps as separate PR, we can add the functional tests for validating OTLP gRPC with client certificate chain + Server ca certificate.
Ref- https://github.com/open-telemetry/opentelemetry-cpp/tree/main/functional/otlp
marcalff
changed the title
Fixes #1785
Changes
Please provide a brief description of the changes here.
For significant contributions please make sure you have completed the following items:
CHANGELOG.mdupdated for non-trivial changes