open-telemetry · ThomsonTan · Apr 5, 2023 · Nov 23, 2022 · Nov 23, 2022 · Nov 23, 2022
@@ -17,6 +17,8 @@ Increment the:
 
 * [RESOURCE SDK] Fix schema URL precedence bug in `Resource::Merge`.
   [#2036](https://github.com/open-telemetry/opentelemetry-cpp/pull/2036)
+* [EXPORTER] Add OTLP HTTP SSL support
+  [#1793](https://github.com/open-telemetry/opentelemetry-cpp/pull/1793)
 
 ## [1.8.3] 2023-03-06
 

@@ -49,21 +49,8 @@ struct OtlpHttpClientOptions
 {
   std::string url;
 
-  bool ssl_insecure_skip_verify;
-
-  std::string ssl_ca_cert_path;
-  std::string ssl_ca_cert_string;
-
-  std::string ssl_client_key_path;
-  std::string ssl_client_key_string;
-
-  std::string ssl_client_cert_path;
-  std::string ssl_client_cert_string;
-
-  std::string ssl_min_tls;
-  std::string ssl_max_tls;
-  std::string ssl_cipher;
-  std::string ssl_cipher_suite;
+  /** SSL options. */
+  ext::http::client::HttpSslOptions ssl_options;
 
   // By default, post json data
   HttpRequestContentType content_type = HttpRequestContentType::kJson;
@@ -115,17 +102,18 @@ struct OtlpHttpClientOptions
                                std::size_t input_max_requests_per_connection = 8,
                                nostd::string_view input_user_agent = GetOtlpDefaultUserAgent())
       : url(input_url),
-        ssl_insecure_skip_verify(input_ssl_insecure_skip_verify),
-        ssl_ca_cert_path(input_ssl_ca_cert_path),
-        ssl_ca_cert_string(input_ssl_ca_cert_string),
-        ssl_client_key_path(input_ssl_client_key_path),
-        ssl_client_key_string(input_ssl_client_key_string),
-        ssl_client_cert_path(input_ssl_client_cert_path),
-        ssl_client_cert_string(input_ssl_client_cert_string),
-        ssl_min_tls(input_ssl_min_tls),
-        ssl_max_tls(input_ssl_max_tls),
-        ssl_cipher(input_ssl_cipher),
-        ssl_cipher_suite(input_ssl_cipher_suite),
+        ssl_options(input_url,
+                    input_ssl_insecure_skip_verify,
+                    input_ssl_ca_cert_path,
+                    input_ssl_ca_cert_string,
+                    input_ssl_client_key_path,
+                    input_ssl_client_key_string,
+                    input_ssl_client_cert_path,
+                    input_ssl_client_cert_string,
+                    input_ssl_min_tls,
+                    input_ssl_max_tls,
+                    input_ssl_cipher,
+                    input_ssl_cipher_suite),
         content_type(input_content_type),
         json_bytes_mapping(input_json_bytes_mapping),
         use_json_name(input_use_json_name),
@@ -288,9 +276,6 @@ class OtlpHttpClient
   // The configuration options associated with this HTTP client.
   const OtlpHttpClientOptions options_;
 
-  /** SSL options. */
-  ext::http::client::HttpSslOptions ssl_options_;
-
   // Object that stores the HTTP sessions that have been created
   std::shared_ptr<ext::http::client::HttpClient> http_client_;
 

@@ -622,14 +622,14 @@ std::string GetOtlpDefaultLogsSslClientCertificateString()
 
 /*
   EXPERIMENTAL:
-  Waiting on Environment variable names to be added in the spec,
-  see https://github.com/open-telemetry/opentelemetry-specification/pull/3088
+  Environment variable names do not exist in the spec,
+  using the OTEL_CPP_ namespace.
 */
 
 std::string GetOtlpDefaultTracesSslTlsMinVersion()
 {
-  constexpr char kSignalEnv[]  = "OTEL_EXPORTER_OTLP_TRACES_MIN_TLS";
-  constexpr char kGenericEnv[] = "OTEL_EXPORTER_OTLP_MIN_TLS";
+  constexpr char kSignalEnv[]  = "OTEL_CPP_EXPORTER_OTLP_TRACES_MIN_TLS";
+  constexpr char kGenericEnv[] = "OTEL_CPP_EXPORTER_OTLP_MIN_TLS";
 
   std::string value;
   bool exists;
@@ -645,8 +645,8 @@ std::string GetOtlpDefaultTracesSslTlsMinVersion()
 
 std::string GetOtlpDefaultMetricsSslTlsMinVersion()
 {
-  constexpr char kSignalEnv[]  = "OTEL_EXPORTER_OTLP_METRICS_MIN_TLS";
-  constexpr char kGenericEnv[] = "OTEL_EXPORTER_OTLP_MIN_TLS";
+  constexpr char kSignalEnv[]  = "OTEL_CPP_EXPORTER_OTLP_METRICS_MIN_TLS";
+  constexpr char kGenericEnv[] = "OTEL_CPP_EXPORTER_OTLP_MIN_TLS";
 
   std::string value;
   bool exists;
@@ -662,8 +662,8 @@ std::string GetOtlpDefaultMetricsSslTlsMinVersion()
 
 std::string GetOtlpDefaultLogsSslTlsMinVersion()
 {
-  constexpr char kSignalEnv[]  = "OTEL_EXPORTER_OTLP_LOGS_MIN_TLS";
-  constexpr char kGenericEnv[] = "OTEL_EXPORTER_OTLP_MIN_TLS";
+  constexpr char kSignalEnv[]  = "OTEL_CPP_EXPORTER_OTLP_LOGS_MIN_TLS";
+  constexpr char kGenericEnv[] = "OTEL_CPP_EXPORTER_OTLP_MIN_TLS";
 
   std::string value;
   bool exists;
@@ -679,8 +679,8 @@ std::string GetOtlpDefaultLogsSslTlsMinVersion()
 
 std::string GetOtlpDefaultTracesSslTlsMaxVersion()
 {
-  constexpr char kSignalEnv[]  = "OTEL_EXPORTER_OTLP_TRACES_MAX_TLS";
-  constexpr char kGenericEnv[] = "OTEL_EXPORTER_OTLP_MAX_TLS";
+  constexpr char kSignalEnv[]  = "OTEL_CPP_EXPORTER_OTLP_TRACES_MAX_TLS";
+  constexpr char kGenericEnv[] = "OTEL_CPP_EXPORTER_OTLP_MAX_TLS";
 
   std::string value;
   bool exists;
@@ -696,8 +696,8 @@ std::string GetOtlpDefaultTracesSslTlsMaxVersion()
 
 std::string GetOtlpDefaultMetricsSslTlsMaxVersion()
 {
-  constexpr char kSignalEnv[]  = "OTEL_EXPORTER_OTLP_METRICS_MAX_TLS";
-  constexpr char kGenericEnv[] = "OTEL_EXPORTER_OTLP_MAX_TLS";
+  constexpr char kSignalEnv[]  = "OTEL_CPP_EXPORTER_OTLP_METRICS_MAX_TLS";
+  constexpr char kGenericEnv[] = "OTEL_CPP_EXPORTER_OTLP_MAX_TLS";
 
   std::string value;
   bool exists;
@@ -713,8 +713,8 @@ std::string GetOtlpDefaultMetricsSslTlsMaxVersion()
 
 std::string GetOtlpDefaultLogsSslTlsMaxVersion()
 {
-  constexpr char kSignalEnv[]  = "OTEL_EXPORTER_OTLP_LOGS_MAX_TLS";
-  constexpr char kGenericEnv[] = "OTEL_EXPORTER_OTLP_MAX_TLS";
+  constexpr char kSignalEnv[]  = "OTEL_CPP_EXPORTER_OTLP_LOGS_MAX_TLS";
+  constexpr char kGenericEnv[] = "OTEL_CPP_EXPORTER_OTLP_MAX_TLS";
 
   std::string value;
   bool exists;
@@ -730,8 +730,8 @@ std::string GetOtlpDefaultLogsSslTlsMaxVersion()
 
 std::string GetOtlpDefaultTracesSslTlsCipher()
 {
-  constexpr char kSignalEnv[]  = "OTEL_EXPORTER_OTLP_TRACES_CIPHER";
-  constexpr char kGenericEnv[] = "OTEL_EXPORTER_OTLP_CIPHER";
+  constexpr char kSignalEnv[]  = "OTEL_CPP_EXPORTER_OTLP_TRACES_CIPHER";
+  constexpr char kGenericEnv[] = "OTEL_CPP_EXPORTER_OTLP_CIPHER";
 
   std::string value;
   bool exists;
@@ -747,8 +747,8 @@ std::string GetOtlpDefaultTracesSslTlsCipher()
 
 std::string GetOtlpDefaultMetricsSslTlsCipher()
 {
-  constexpr char kSignalEnv[]  = "OTEL_EXPORTER_OTLP_METRICS_CIPHER";
-  constexpr char kGenericEnv[] = "OTEL_EXPORTER_OTLP_CIPHER";
+  constexpr char kSignalEnv[]  = "OTEL_CPP_EXPORTER_OTLP_METRICS_CIPHER";
+  constexpr char kGenericEnv[] = "OTEL_CPP_EXPORTER_OTLP_CIPHER";
 
   std::string value;
   bool exists;
@@ -764,8 +764,8 @@ std::string GetOtlpDefaultMetricsSslTlsCipher()
 
 std::string GetOtlpDefaultLogsSslTlsCipher()
 {
-  constexpr char kSignalEnv[]  = "OTEL_EXPORTER_OTLP_LOGS_CIPHER";
-  constexpr char kGenericEnv[] = "OTEL_EXPORTER_OTLP_CIPHER";
+  constexpr char kSignalEnv[]  = "OTEL_CPP_EXPORTER_OTLP_LOGS_CIPHER";
+  constexpr char kGenericEnv[] = "OTEL_CPP_EXPORTER_OTLP_CIPHER";
 
   std::string value;
   bool exists;
@@ -781,8 +781,8 @@ std::string GetOtlpDefaultLogsSslTlsCipher()
 
 std::string GetOtlpDefaultTracesSslTlsCipherSuite()
 {
-  constexpr char kSignalEnv[]  = "OTEL_EXPORTER_OTLP_TRACES_CIPHER_SUITE";
-  constexpr char kGenericEnv[] = "OTEL_EXPORTER_OTLP_CIPHER_SUITE";
+  constexpr char kSignalEnv[]  = "OTEL_CPP_EXPORTER_OTLP_TRACES_CIPHER_SUITE";
+  constexpr char kGenericEnv[] = "OTEL_CPP_EXPORTER_OTLP_CIPHER_SUITE";
 
   std::string value;
   bool exists;
@@ -798,8 +798,8 @@ std::string GetOtlpDefaultTracesSslTlsCipherSuite()
 
 std::string GetOtlpDefaultMetricsSslTlsCipherSuite()
 {
-  constexpr char kSignalEnv[]  = "OTEL_EXPORTER_OTLP_METRICS_CIPHER_SUITE";
-  constexpr char kGenericEnv[] = "OTEL_EXPORTER_OTLP_CIPHER_SUITE";
+  constexpr char kSignalEnv[]  = "OTEL_CPP_EXPORTER_OTLP_METRICS_CIPHER_SUITE";
+  constexpr char kGenericEnv[] = "OTEL_CPP_EXPORTER_OTLP_CIPHER_SUITE";
 
   std::string value;
   bool exists;
@@ -815,8 +815,8 @@ std::string GetOtlpDefaultMetricsSslTlsCipherSuite()
 
 std::string GetOtlpDefaultLogsSslTlsCipherSuite()
 {
-  constexpr char kSignalEnv[]  = "OTEL_EXPORTER_OTLP_LOGS_CIPHER_SUITE";
-  constexpr char kGenericEnv[] = "OTEL_EXPORTER_OTLP_CIPHER_SUITE";
+  constexpr char kSignalEnv[]  = "OTEL_CPP_EXPORTER_OTLP_LOGS_CIPHER_SUITE";
+  constexpr char kGenericEnv[] = "OTEL_CPP_EXPORTER_OTLP_CIPHER_SUITE";
 
   std::string value;
   bool exists;

@@ -703,7 +703,7 @@ OtlpHttpClient::~OtlpHttpClient()
 
 OtlpHttpClient::OtlpHttpClient(OtlpHttpClientOptions &&options,
                                std::shared_ptr<ext::http::client::HttpClient> http_client)
-    : is_shutdown_(false), options_(options), ssl_options_(), http_client_(http_client)
+    : is_shutdown_(false), options_(options), http_client_(http_client)
 {
   http_client_->SetMaxSessionsPerConnection(options_.max_requests_per_connection);
 }
@@ -953,39 +953,15 @@ OtlpHttpClient::createSession(
     return opentelemetry::sdk::common::ExportResult::kFailure;
   }
 
-  // std::string starts_with is C++20
-  std::string candidate_scheme = options_.url.substr(0, 6);
-
-  if (candidate_scheme == "https:")
-  {
-    ssl_options_.use_ssl                  = true;
-    ssl_options_.ssl_insecure_skip_verify = options_.ssl_insecure_skip_verify;
-    ssl_options_.ssl_ca_cert_path         = options_.ssl_ca_cert_path;
-    ssl_options_.ssl_ca_cert_string       = options_.ssl_ca_cert_string;
-    ssl_options_.ssl_client_key_path      = options_.ssl_client_key_path;
-    ssl_options_.ssl_client_key_string    = options_.ssl_client_key_string;
-    ssl_options_.ssl_client_cert_path     = options_.ssl_client_cert_path;
-    ssl_options_.ssl_client_cert_string   = options_.ssl_client_cert_string;
-    ssl_options_.ssl_min_tls              = options_.ssl_min_tls;
-    ssl_options_.ssl_max_tls              = options_.ssl_max_tls;
-    ssl_options_.ssl_cipher               = options_.ssl_cipher;
-    ssl_options_.ssl_cipher_suite         = options_.ssl_cipher_suite;
-  }
-  else
-  {
-    ssl_options_.use_ssl = false;
-  }
-
   auto session = http_client_->CreateSession(options_.url);
-
   auto request = session->CreateRequest();
 
   for (auto &header : options_.http_headers)
   {
     request->AddHeader(header.first, header.second);
   }
   request->SetUri(http_uri_);
-  request->SetSslOptions(ssl_options_);
+  request->SetSslOptions(options_.ssl_options);
   request->SetTimeoutMs(std::chrono::duration_cast<std::chrono::milliseconds>(options_.timeout));
   request->SetMethod(http_client::Method::Post);
   request->SetBody(body_vec);

@@ -112,52 +112,11 @@ class IsValidMessageMatcher
   std::string trace_id_;
 };
 
-// FIXME: Use in OTLP tests
-
-class IsValidSslOptionsMatcher
-{
-public:
-  IsValidSslOptionsMatcher(const ext::http::client::HttpSslOptions &ssl_options)
-      : ssl_options_(ssl_options)
-  {}
-  bool MatchAndExplain(const ext::http::client::HttpSslOptions &opt,
-                       MatchResultListener * /* listener */) const
-  {
-    bool use_match = (ssl_options_.use_ssl == opt.use_ssl);
-
-    if (!ssl_options_.use_ssl)
-    {
-      return use_match;
-    }
-
-    return (use_match && (opt.ssl_insecure_skip_verify == ssl_options_.ssl_insecure_skip_verify) &&
-            (opt.ssl_ca_cert_path == ssl_options_.ssl_ca_cert_path) &&
-            (opt.ssl_ca_cert_string == ssl_options_.ssl_ca_cert_string) &&
-            (opt.ssl_client_key_path == ssl_options_.ssl_client_key_path) &&
-            (opt.ssl_client_key_string == ssl_options_.ssl_client_key_string) &&
-            (opt.ssl_client_cert_path == ssl_options_.ssl_client_cert_path) &&
-            (opt.ssl_client_cert_string == ssl_options_.ssl_client_cert_string));
-  }
-
-  void DescribeTo(std::ostream *os) const { *os << "ssl_options matches"; }
-
-  void DescribeNegationTo(std::ostream *os) const { *os << "ssl_options does not matche"; }
-
-private:
-  ext::http::client::HttpSslOptions ssl_options_;
-};
-
 PolymorphicMatcher<IsValidMessageMatcher> IsValidMessage(const std::string &trace_id)
 {
   return MakePolymorphicMatcher(IsValidMessageMatcher(trace_id));
 }
 
-PolymorphicMatcher<IsValidSslOptionsMatcher> IsValidSslOptions(
-    const ext::http::client::HttpSslOptions &ssl_options)
-{
-  return MakePolymorphicMatcher(IsValidSslOptionsMatcher(ssl_options));
-}
-
 // Create spans, let processor call Export()
 TEST_F(ZipkinExporterTestPeer, ExportJsonIntegrationTest)
 {
@@ -207,9 +166,7 @@ TEST_F(ZipkinExporterTestPeer, ExportJsonIntegrationTest)
   report_trace_id.assign(trace_id_hex, sizeof(trace_id_hex));
 
   auto expected_url = nostd::string_view{"http://localhost:9411/api/v2/spans"};
-
   EXPECT_CALL(*mock_http_client, Post(expected_url, IsValidMessage(report_trace_id), _))
-
       .Times(Exactly(1))
       .WillOnce(Return(ByMove(ext::http::client::Result{
           std::unique_ptr<ext::http::client::Response>{new ext::http::client::curl::Response()},

@@ -4,6 +4,7 @@
 #pragma once
 
 #include <chrono>
+#include <cstring>
 #include <map>
 #include <string>
 #include <vector>
@@ -111,6 +112,40 @@ using Headers = std::multimap<std::string, std::string, cmp_ic>;
 
 struct HttpSslOptions
 {
+  HttpSslOptions() {}
+
+  HttpSslOptions(nostd::string_view url,
+                 bool input_ssl_insecure_skip_verify,
+                 nostd::string_view input_ssl_ca_cert_path,
+                 nostd::string_view input_ssl_ca_cert_string,
+                 nostd::string_view input_ssl_client_key_path,
+                 nostd::string_view input_ssl_client_key_string,
+                 nostd::string_view input_ssl_client_cert_path,
+                 nostd::string_view input_ssl_client_cert_string,
+                 nostd::string_view input_ssl_min_tls,
+                 nostd::string_view input_ssl_max_tls,
+                 nostd::string_view input_ssl_cipher,
+                 nostd::string_view input_ssl_cipher_suite)
+      : use_ssl(false),
+        ssl_insecure_skip_verify(input_ssl_insecure_skip_verify),
+        ssl_ca_cert_path(input_ssl_ca_cert_path),
+        ssl_ca_cert_string(input_ssl_ca_cert_string),
+        ssl_client_key_path(input_ssl_client_key_path),
+        ssl_client_key_string(input_ssl_client_key_string),
+        ssl_client_cert_path(input_ssl_client_cert_path),
+        ssl_client_cert_string(input_ssl_client_cert_string),
+        ssl_min_tls(input_ssl_min_tls),
+        ssl_max_tls(input_ssl_max_tls),
+        ssl_cipher(input_ssl_cipher),
+        ssl_cipher_suite(input_ssl_cipher_suite)
+  {
+    /* Use SSL if url starts with "https:" */
+    if (strncmp(url.data(), "https:", 6) == 0)
+    {
+      use_ssl = true;
+    }
+  }
+
   /**
     Use HTTPS (true) or HTTP (false).
   */