Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Fail fast when insecure channel is not configured for .NET Core 3.1 with gRPC #2691

Merged
merged 35 commits into from
Dec 17, 2021
Merged
Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
d064536
feat: Fail fast when unsecure channel is not configured for .NET Core…
tomkerkhove Nov 26, 2021
c00bbfe
Update changelog
tomkerkhove Nov 26, 2021
b5883b5
NotSupportedException -> InvalidOperationException
tomkerkhove Nov 26, 2021
1cf66f5
Code quality
tomkerkhove Nov 26, 2021
f93630f
Use static class, instead of base class
tomkerkhove Nov 26, 2021
6760ab0
Revert change
tomkerkhove Nov 26, 2021
75a163a
Add missing file header
tomkerkhove Nov 26, 2021
e452bce
Change build directive
tomkerkhove Nov 29, 2021
cece9c5
Code linting
tomkerkhove Nov 29, 2021
9fc1d86
Remove redundant check
tomkerkhove Nov 29, 2021
0979d55
Update changelog
tomkerkhove Nov 29, 2021
45c5f7f
Merge remote-tracking branch 'upstream/main' into ssl-check
tomkerkhove Nov 30, 2021
57790cf
Fix build errors after rebase
tomkerkhove Nov 30, 2021
d56cfbe
Use previous build directives
tomkerkhove Nov 30, 2021
fcb826e
Update changelog with latest RC
tomkerkhove Nov 30, 2021
9971645
Check for version, instead of build directive
tomkerkhove Dec 2, 2021
16fd4da
Align tests
tomkerkhove Dec 2, 2021
351f89e
Change error message
tomkerkhove Dec 4, 2021
4eeab06
Change comment
tomkerkhove Dec 4, 2021
dfb1099
Change test name
tomkerkhove Dec 4, 2021
9c8e44c
Change test name
tomkerkhove Dec 4, 2021
ce662f4
fix: Build integration test image with SDK of specified .NET version
tomkerkhove Dec 4, 2021
bc71cf5
revert: Build in 6.0 due to language version
tomkerkhove Dec 4, 2021
102a349
Merge branch 'main' into ssl-check
tomkerkhove Dec 4, 2021
3626c4b
Merge branch 'main' into ssl-check
cijothomas Dec 7, 2021
c139b40
Use version check instead of build directive
tomkerkhove Dec 7, 2021
d3901d4
Fix formatting
tomkerkhove Dec 7, 2021
5e74b8e
Fix check on version
tomkerkhove Dec 7, 2021
b541f3d
Remove flaky test
tomkerkhove Dec 8, 2021
edb1b58
Incorporate @pellared's feedback
tomkerkhove Dec 8, 2021
3dd01b3
Change code style
tomkerkhove Dec 8, 2021
49b39d3
Code review remarks
tomkerkhove Dec 9, 2021
8df0df8
Update changelog
tomkerkhove Dec 10, 2021
f8c3668
Update changelog
tomkerkhove Dec 10, 2021
b7446aa
Merge branch 'main' into ssl-check
alanwest Dec 16, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@
* Added configuration options for `MetricReaderType` to allow for configuring
the `OtlpMetricExporter` to export either manually or periodically.
([#2674](https://github.com/open-telemetry/opentelemetry-dotnet/pull/2674))
* Added validation that unsecure channel is configured correctly when using
.NET Core 3.1 for gRPC & HTTP exporting.
([#2691](https://github.com/open-telemetry/opentelemetry-dotnet/pull/2691))

## 1.2.0-beta2

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,10 @@
using System.Threading;
using System.Threading.Tasks;
using Grpc.Core;
using OpenTelemetry.Internal;
#if NETSTANDARD2_1 || NET5_0_OR_GREATER
using Grpc.Net.Client;
#endif
using OpenTelemetry.Internal;

namespace OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.ExportClient
{
Expand All @@ -33,6 +33,10 @@ protected BaseOtlpGrpcExportClient(OtlpExporterOptions options)
Guard.Null(options, nameof(options));
Guard.InvalidTimeout(options.TimeoutMilliseconds, nameof(options.TimeoutMilliseconds));

#if !NETSTANDARD2_1 && !NET5_0_OR_GREATER
tomkerkhove marked this conversation as resolved.
Show resolved Hide resolved
ExporterClientValidation.EnsureUnencryptedSupportIsEnabled(options);
#endif

this.Options = options;
this.Headers = options.GetMetadataFromHeaders();
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,10 @@ protected BaseOtlpHttpExportClient(OtlpExporterOptions options, HttpClient httpC
Guard.Null(options, nameof(options));
Guard.InvalidTimeout(options.TimeoutMilliseconds, $"{nameof(options)}.{nameof(options.TimeoutMilliseconds)}");

#if !NETSTANDARD2_1 && !NET5_0_OR_GREATER
ExporterClientValidation.EnsureUnencryptedSupportIsEnabled(options);
#endif
tomkerkhove marked this conversation as resolved.
Show resolved Hide resolved

this.Options = options;
this.Headers = options.GetHeaders<Dictionary<string, string>>((d, k, v) => d.Add(k, v));
this.HttpClient = httpClient ?? new HttpClient { Timeout = TimeSpan.FromMilliseconds(this.Options.TimeoutMilliseconds) };
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
// <copyright file="ExporterClientValidation.cs" company="OpenTelemetry Authors">
// Copyright The OpenTelemetry Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// </copyright>

using System;

namespace OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.ExportClient
{
internal static class ExporterClientValidation
{
internal static void EnsureUnencryptedSupportIsEnabled(OtlpExporterOptions options)
{
if (options.Endpoint.Scheme.Equals("http", StringComparison.InvariantCultureIgnoreCase))
{
if (AppContext.TryGetSwitch(
"System.Net.Http.SocketsHttpHandler.Http2UnencryptedSupport", out var unencryptedIsSupported) == false
|| unencryptedIsSupported == false)
{
throw new InvalidOperationException(
"'System.Net.Http.SocketsHttpHandler.Http2UnencryptedSupport' must be enabled for using HTTP with .NET 3.1");
tomkerkhove marked this conversation as resolved.
Show resolved Hide resolved
}
}
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
// <copyright file="ExporterClientValidationTests.cs" company="OpenTelemetry Authors">
// Copyright The OpenTelemetry Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// </copyright>

using System;
using OpenTelemetry.Exporter.OpenTelemetryProtocol.Implementation.ExportClient;
using Xunit;

namespace OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests
{
public class ExporterClientValidationTests
{
#if NETCOREAPP3_1
tomkerkhove marked this conversation as resolved.
Show resolved Hide resolved
[Fact]
public void ExporterClientValidation_FlagIsEnabledForHttpEndpoint()
{
var initialFlagStatus = this.DetermineInitialFlagStatus();
tomkerkhove marked this conversation as resolved.
Show resolved Hide resolved

try
{
var options = new OtlpExporterOptions
{
Endpoint = new Uri("http://localhost:4173"),
tomkerkhove marked this conversation as resolved.
Show resolved Hide resolved
};

AppContext.SetSwitch("System.Net.Http.SocketsHttpHandler.Http2UnencryptedSupport", true);
ExporterClientValidation.EnsureUnencryptedSupportIsEnabled(options);
tomkerkhove marked this conversation as resolved.
Show resolved Hide resolved

}
finally
{
AppContext.SetSwitch("System.Net.Http.SocketsHttpHandler.Http2UnencryptedSupport", initialFlagStatus);
}
}

[Fact]
public void ExporterClientValidation_FlagIsNotEnabledForHttpEndpoint()
{
var initialFlagStatus = this.DetermineInitialFlagStatus();

try
{
var options = new OtlpExporterOptions
{
Endpoint = new Uri("http://localhost:4173"),
};

AppContext.SetSwitch("System.Net.Http.SocketsHttpHandler.Http2UnencryptedSupport", false);
Assert.Throws<InvalidOperationException>(() => ExporterClientValidation.EnsureUnencryptedSupportIsEnabled(options));
}
finally
{
AppContext.SetSwitch("System.Net.Http.SocketsHttpHandler.Http2UnencryptedSupport", initialFlagStatus);
}
}

[Fact]
public void ExporterClientValidation_FlagIsNotEnabledForHttpsEndpoint()
{
var options = new OtlpExporterOptions
{
Endpoint = new Uri("https://localhost:4173"),
};

ExporterClientValidation.EnsureUnencryptedSupportIsEnabled(options);
tomkerkhove marked this conversation as resolved.
Show resolved Hide resolved
}

private bool DetermineInitialFlagStatus()
{
if (AppContext.TryGetSwitch("System.Net.Http.SocketsHttpHandler.Http2UnencryptedSupport", out var flag))
{
return flag;
}

return false;
}
#endif
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -62,5 +62,40 @@ public void ExportResultIsSuccess()
Assert.Single(delegatingExporter.ExportResults);
Assert.Equal(ExportResult.Success, delegatingExporter.ExportResults[0]);
}

#if NETCOREAPP3_1
[Trait("CategoryName", "CollectorIntegrationTests")]
[SkipUnlessEnvVarFoundFact(CollectorEndpointEnvVarName)]
public void ExportResultIsFailedBecauseEncryptedHttpSupportIsDisabled()
{
// Adding the OtlpExporter creates a GrpcChannel.
// This switch must be set before creating a GrpcChannel/HttpClient when calling an insecure gRPC service.
// We want to fail fast so we are disabling it
// See: https://docs.microsoft.com/aspnet/core/grpc/troubleshoot#call-insecure-grpc-services-with-net-core-client
AppContext.SetSwitch("System.Net.Http.SocketsHttpHandler.Http2UnencryptedSupport", false);

var exporterOptions = new OtlpExporterOptions
{
Endpoint = new Uri($"http://{CollectorEndpoint}"),
};

Assert.Throws<InvalidOperationException>(() => new OtlpTraceExporter(exporterOptions));
}

[Trait("CategoryName", "CollectorIntegrationTests")]
[SkipUnlessEnvVarFoundFact(CollectorEndpointEnvVarName)]
public void ExportResultIsFailedBecauseEncryptedHttpSupportIsNotConfigured()
{
// Adding the OtlpExporter creates a GrpcChannel.
// This switch must be set before creating a GrpcChannel/HttpClient when calling an insecure gRPC service.
// We want to fail fast so not setting it to ensure it fails
tomkerkhove marked this conversation as resolved.
Show resolved Hide resolved
var exporterOptions = new OtlpExporterOptions
{
Endpoint = new Uri($"http://{CollectorEndpoint}"),
};

Assert.Throws<InvalidOperationException>(() => new OtlpTraceExporter(exporterOptions));
}
#endif
}
}