Refactor SecureReceiverSettings to use TLSSetting #1015
Conversation
ccaraman
requested review from
bogdandrutu,
dmitryax,
flands,
owais,
pjanotti,
rghetia,
songy23 and
tigrannajaryan
as code owners
Codecov Report
@@ Coverage Diff @@
## master #1015 +/- ##
==========================================
+ Coverage 86.33% 86.37% +0.04%
==========================================
Files 199 198 -1
Lines 14072 14058 -14
==========================================
- Hits 12149 12143 -6
+ Misses 1461 1457 -4
+ Partials 462 458 -4
Continue to review full report at Codecov.
|
| configmodels.ReceiverSettings `mapstructure:",squash"` // squash ensures fields are correctly decoded in embedded struct | ||
| // Configures the receiver to use TLS. | ||
| // The default value is nil, which will cause the receiver to not use TLS. | ||
| TLSCredentials *configtls.TLSSetting `mapstructure:"tls_credentials, omitempty"` |
There was a problem hiding this comment.
tls_credentials makes sense for a server scenario but for a client they may just be be configuring the CA but no client certificates so there's no credentials. In those cases I think we'd want to name this tls_config or just tls. Would it make sense to have a universal config key for the TLS settings and call this the same thing here?
There was a problem hiding this comment.
Yeah renaming the config field is an option and something that should be figured out in a separate issue. The goal of this pr is to deprecate the SecureReceiverSettings used by several server connection scenarios.
| type SecureSetting struct { | ||
| configmodels.ReceiverSettings `mapstructure:",squash"` // squash ensures fields are correctly decoded in embedded struct | ||
| // Configures the receiver to use TLS. | ||
| // The default value is nil, which will cause the receiver to not use TLS. |
There was a problem hiding this comment.
I thought we decided that for whether TLS was enabled or not it would be part of the endpoint? Maybe we were discussing more in the context of clients but I think maybe that should also apply to listening receivers so that things are uniform?
There was a problem hiding this comment.
Created this issue #1055 to track creating HTTPSettings so we can offer a config similar to the gRPCSettigs
ccaraman
force-pushed
the
feature/ccaraman/refactor_server_tls
branch
from
cccfe1c
to
13de6e2
Compare
|
@jrcamp assigning to you since you already started reviewing this. |
| if rOpts.TLSCredentials != nil { | ||
| tlsCredsOptions, er := rOpts.TLSCredentials.LoadgRPCTLSServerCredentials() | ||
| if er != nil { | ||
| return nil, fmt.Errorf("error initializing OpenCensus receiver %q TLS Credentials: %v", rOpts.NameVal, er) | ||
| } | ||
| opts = append(opts, WithGRPCServerOptions(tlsCredsOptions)) |
There was a problem hiding this comment.
Might be better to use all named return values or none at all to avoid having the er which might be easy to mix up.
| if rOpts.TLSCredentials != nil { | |
| tlsCredsOptions, er := rOpts.TLSCredentials.LoadgRPCTLSServerCredentials() | |
| if er != nil { | |
| return nil, fmt.Errorf("error initializing OpenCensus receiver %q TLS Credentials: %v", rOpts.NameVal, er) | |
| } | |
| opts = append(opts, WithGRPCServerOptions(tlsCredsOptions)) | |
| if rOpts.TLSCredentials != nil { | |
| var tlsCredOptions someType | |
| tlsCredsOptions, err = rOpts.TLSCredentials.LoadgRPCTLSServerCredentials() | |
| if err != nil { | |
| return | |
| } | |
| opts = append(opts, WithGRPCServerOptions(tlsCredsOptions)) |
Then at the bottom can also just do a plain return to use the named arguments.
There was a problem hiding this comment.
Going to go to no named return values since when using err there it complains shadow: declaration of "err" shadows declaration at line 79 (govet)
There was a problem hiding this comment.
I think it should only shadow if you're assigning err with :=, but not using named is fine as well.
There was a problem hiding this comment.
yeah but then the vars for tlsCredOptions looks a bit weird having it declared above when there is no error and it is the only case where an error can be returned.
| }, | ||
| } | ||
| _, err := cfg.buildOptions() | ||
| assert.EqualError(t, err, "error initializing OpenCensus receiver \"IncorrectTLS\" TLS Credentials: failed to load TLS config: for auth via TLS, either both certificate and key must be supplied, or neither") |
There was a problem hiding this comment.
| assert.EqualError(t, err, "error initializing OpenCensus receiver \"IncorrectTLS\" TLS Credentials: failed to load TLS config: for auth via TLS, either both certificate and key must be supplied, or neither") | |
| assert.EqualError(t, err, `error initializing OpenCensus receiver "IncorrectTLS" TLS Credentials: failed to load TLS config: for auth via TLS, either both certificate and key must be supplied, or neither`) |
receiver/otlpreceiver/config.go
Outdated
| opts = append(opts, tlsCredsOption) | ||
| if rOpts.TLSCredentials != nil { | ||
| tlsCredsOptions, er := rOpts.TLSCredentials.LoadgRPCTLSServerCredentials() | ||
| if er != nil { |
ccaraman
force-pushed
the
feature/ccaraman/refactor_server_tls
branch
from
13de6e2
to
3ad3f7a
Compare
|
@jrcamp - updated to address your comments. |
|
@tigrannajaryan ptal |
|
OK to merge this? |
* Refactor SecureReceiverSettings to use TLSSetting * Address test code coverage failure * Update file to use new license format * Address few small comments
…try#1015) * set gomemlimit correctly * minor fixes * update chart version * update var * remove unittest * remove unittest
Description:
Address the second part of issue #933 to clean up existing server settings with TLS.
Removed SecureReceiverSettings and replaced instances with a reference to configtls.TLSSetting
Renamed LoadGRPCTLSCredentials -> LoadgRPCTLSClientCredentials
Created issue #1014 to track merging gRPC Server settings into a common struct.
Link to tracking Issue: #933 and handles issue #963
Testing: Ran all tests.
Documentation: Doc pr will come up next.