open-telemetry · lzchen · Jan 11, 2022 · Jan 2, 2022 · Jan 2, 2022 · Jan 2, 2022
@@ -25,6 +25,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   ([#2334](https://github.com/open-telemetry/opentelemetry-python/pull/2334))
 - Add otlp entrypoint for log exporter
   ([#2322](https://github.com/open-telemetry/opentelemetry-python/pull/2322))
+- Support insecure configuration for OTLP gRPC exporter
+  ([#2350](https://github.com/open-telemetry/opentelemetry-python/pull/2350))
 
 ## [1.7.1-0.26b1](https://github.com/open-telemetry/opentelemetry-python/releases/tag/v1.7.0-0.26b0) - 2021-11-11
 

@@ -47,6 +47,7 @@
     OTEL_EXPORTER_OTLP_COMPRESSION,
     OTEL_EXPORTER_OTLP_ENDPOINT,
     OTEL_EXPORTER_OTLP_HEADERS,
+    OTEL_EXPORTER_OTLP_INSECURE,
     OTEL_EXPORTER_OTLP_TIMEOUT,
 )
 from opentelemetry.sdk.resources import Resource as SDKResource
@@ -218,11 +219,12 @@ def __init__(
 
         parsed_url = urlparse(endpoint)
 
-        if insecure is None:
-            if parsed_url.scheme == "https":
-                insecure = False
-            else:
-                insecure = True
+        insecure = insecure or environ.get(OTEL_EXPORTER_OTLP_INSECURE, False)
+
+        if insecure and parsed_url.scheme != "https":
+            insecure = True
+        else:
+            insecure = False
 
         if parsed_url.netloc:
             endpoint = parsed_url.netloc

@@ -40,6 +40,7 @@
 from opentelemetry.proto.trace.v1.trace_pb2 import Span as CollectorSpan
 from opentelemetry.proto.trace.v1.trace_pb2 import Status
 from opentelemetry.sdk.environment_variables import (
+    OTEL_EXPORTER_OTLP_INSECURE,
     OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE,
     OTEL_EXPORTER_OTLP_TRACES_COMPRESSION,
     OTEL_EXPORTER_OTLP_TRACES_ENDPOINT,
@@ -84,6 +85,9 @@ def __init__(
         timeout: Optional[int] = None,
         compression: Optional[Compression] = None,
     ):
+
+
+        insecure = insecure or environ.get(OTEL_EXPORTER_OTLP_INSECURE, False)
         if (
             not insecure
             and environ.get(OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE) is not None

@@ -58,6 +58,7 @@
     OTEL_EXPORTER_OTLP_TRACES_COMPRESSION,
     OTEL_EXPORTER_OTLP_TRACES_ENDPOINT,
     OTEL_EXPORTER_OTLP_TRACES_HEADERS,
+    OTEL_EXPORTER_OTLP_INSECURE,
     OTEL_EXPORTER_OTLP_TRACES_TIMEOUT,
 )
 from opentelemetry.sdk.resources import Resource as SDKResource
@@ -289,6 +290,22 @@ def test_otlp_headers_from_env(self, mock_ssl_channel, mock_secure):
             exporter._headers, (("key5", "value5"), ("key6", "value6"))
         )
 
+    @patch.dict(
+        "os.environ",
+        {OTEL_EXPORTER_OTLP_INSECURE: "True"},
+    )
+    @patch("opentelemetry.exporter.otlp.proto.grpc.exporter.insecure_channel")
+    # pylint: disable=unused-argument
+    def test_otlp_insecure_from_env(self, mock_insecure):
+        exporter = OTLPSpanExporter()
+        # pylint: disable=protected-access
+        self.assertTrue(mock_insecure.called)
+        self.assertEqual(
+            1,
+            mock_insecure.call_count,
+            f"expected {mock_insecure} to be called",
+        )
+
     # pylint: disable=no-self-use
     @patch("opentelemetry.exporter.otlp.proto.grpc.exporter.insecure_channel")
     @patch("opentelemetry.exporter.otlp.proto.grpc.exporter.secure_channel")
@@ -299,15 +316,35 @@ def test_otlp_exporter_endpoint(self, mock_secure, mock_insecure):
             (
                 "http://localhost:4317",
                 None,
-                mock_insecure,
+                mock_secure,  # Default secure
             ),
             (
                 "localhost:4317",
                 None,
+                mock_secure,  # Default secure
+            ),
+            (
+                "http://localhost:4317",
+                True,
                 mock_insecure,
             ),
             (
                 "localhost:4317",
+                True,
+                mock_insecure,
+            ),
+            (
+                "http://localhost:4317",
+                False,
+                mock_secure,
+            ),
+            (
+                "localhost:4317",
+                False,
+                mock_secure,
+            ),
+            (
+                "https://localhost:4317",
                 False,
                 mock_secure,
             ),
@@ -319,7 +356,7 @@ def test_otlp_exporter_endpoint(self, mock_secure, mock_insecure):
             (
                 "https://localhost:4317",
                 True,
-                mock_insecure,
+                mock_secure,  # https scheme overrides explicit insecure
             ),
         ]
         for endpoint, insecure, mock_method in endpoints:

@@ -281,18 +281,28 @@
 .. envvar:: OTEL_EXPORTER_OTLP_ENDPOINT
 
 The :envvar:`OTEL_EXPORTER_OTLP_ENDPOINT` target to which the exporter is going to send spans or metrics.
-The endpoint MUST be a valid URL with scheme (http or https) and host, and MAY contain a port and path.
-A scheme of https indicates a secure connection.
-Default: "https://localhost:4317"
+The endpoint MUST be a valid URL host, and MAY contain a scheme (http or https), port and path.
+A scheme of https indicates a secure connection and takes precedence over the `insecure` configuration setting.
+Default: "http://localhost:4317"
 """
 
+OTEL_EXPORTER_OTLP_INSECURE = "OTEL_EXPORTER_OTLP_INSECURE"
+"""
+.. envvar:: OTEL_EXPORTER_OTLP_INSECURE
+
+The :envvar:`OTEL_EXPORTER_OTLP_INSECURE` represents whether to enable client transport security for gRPC requests.
+An scheme of https takes precedence over the `insecure` configuration setting.
+Default: False
+"""
+
+
 OTEL_EXPORTER_OTLP_TRACES_ENDPOINT = "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT"
 """
 .. envvar:: OTEL_EXPORTER_OTLP_TRACES_ENDPOINT
 
 The :envvar:`OTEL_EXPORTER_OTLP_TRACES_ENDPOINT` target to which the span exporter is going to send spans.
-The endpoint MUST be a valid URL with scheme (http or https) and host, and MAY contain a port and path.
-A scheme of https indicates a secure connection.
+The endpoint MUST be a valid URL host, and MAY contain a scheme (http or https), port and path.
+A scheme of https indicates a secure connection and takes precedence over the `insecure` configuration setting.
 """
 
 OTEL_EXPORTER_OTLP_TRACES_PROTOCOL = "OTEL_EXPORTER_OTLP_TRACES_PROTOCOL"