Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Trace SDK] OTLP Trace Exporter secure connection configuration options #1402

Closed
marcalff opened this issue May 17, 2022 · 5 comments · Fixed by #1793
Closed

[Trace SDK] OTLP Trace Exporter secure connection configuration options #1402

marcalff opened this issue May 17, 2022 · 5 comments · Fixed by #1793
Assignees
Labels
area:exporter:otlp OpenTelemetry Protocol (OTLP) Exporter bug Something isn't working do-not-stale priority:p2 Issues that are not blocking spec-compliance Not compliant to OpenTelemetry specs

Comments

@marcalff
Copy link
Member

Greetings,

In the spec, for the OpenTelemetry Protocol Exporter configurations options:

https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md#specifying-headers-via-environment-variables

The spec says:

The following configuration options MUST be available to configure the OTLP exporter. Each configuration option MUST be overridable by a signal specific option.

(...)

(1) Certificate File:

Env vars: OTEL_EXPORTER_OTLP_CERTIFICATE OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE ...

(2) Client key file:

Env vars: OTEL_EXPORTER_OTLP_CLIENT_KEY OTEL_EXPORTER_OTLP_TRACES_CLIENT_KEY ...

(3) Client certificate file:

Env vars: OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE OTEL_EXPORTER_OTLP_TRACES_CLIENT_CERTIFICATE ...

Currently, opentelemetry-cpp supports the following environment variables:

  • OTEL_EXPORTER_OTLP_CERTIFICATE
  • OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE
    which covers (1), per the spec.
  • OTEL_EXPORTER_OTLP_CERTIFICATE_STRING
  • OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE_STRING
    which covers (1), in addition to the spec (great).

Implementation for (2) and (3) appear to be missing.

Also, secure connection options are only used for the OtlpGrpcExporter

Should the OtlpHttpExporter honor the same variables as well ?

Currently there are no security options in OtlpHttpExporterOptions.

My understanding from the spec is that secure options apply to the OTLP exporter in general: that is, to both OTLP/gRPC and OTLP/HTTP end points.

Regards.

@marcalff marcalff added the bug Something isn't working label May 17, 2022
@lalitb
Copy link
Member

lalitb commented May 17, 2022

Implementation for (2) and (3) appear to be missing.

Client authentication is missing. There is open issue for that - #389, and some work done in #938

Should the OtlpHttpExporter honor the same variables as well ?

Yes security options should be there for both gRPC and HTTP.

@lalitb lalitb added spec-compliance Not compliant to OpenTelemetry specs area:exporter:otlp OpenTelemetry Protocol (OTLP) Exporter help wanted Good for taking. Extra help will be provided by maintainers priority:p2 Issues that are not blocking labels May 17, 2022
@marcalff
Copy link
Member Author

Thanks @lalitb for the clarifications.
Sorry I missed the existing issues.

@lalitb
Copy link
Member

lalitb commented May 18, 2022

No problem. We can use this issue to track supporting secure options for OtlpHttpExporter.

@github-actions
Copy link

This issue was marked as stale due to lack of activity.

@rgc183
Copy link

rgc183 commented Nov 8, 2022

Otlp grpc exporter is also missing default options for SSL: https://grpc.io/docs/guides/auth/#using-client-side-ssltls

// Create a default SSL ChannelCredentials object. auto channel_creds = grpc::SslCredentials(grpc::SslCredentialsOptions());

Update:
According to this: grpc/grpc#25829 (comment) certificate needs to be given explicitly.

@marcalff marcalff self-assigned this Nov 21, 2022
@marcalff marcalff removed the help wanted Good for taking. Extra help will be provided by maintainers label Mar 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area:exporter:otlp OpenTelemetry Protocol (OTLP) Exporter bug Something isn't working do-not-stale priority:p2 Issues that are not blocking spec-compliance Not compliant to OpenTelemetry specs
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants