Reload client CAs in server TLS settings when file has been modified
Link to tracking Issue: #6524
---------
Co-authored-by: Alex Boten <alex@boten.ca>
Co-authored-by: Ben B. <bongartz@klimlive.de>
The main reason is to remove the circular dependency between the config (including sub-packages) and component. Here is the current state:
* component depends on config
* config/sub-package[grpc, http, etc.] depends on config & component
Because of this "circular" dependency, we cannot split for example "config" into its own module, only if all the other config sub-packages are also split.
Signed-off-by: Bogdan <bogdandrutu@gmail.com>
* [config/config{grpc,http}] Add warning when using a 0.0.0.0 endpoint
* Add warning when using unspecified address
* Add changelog entry
* Fix tests
* Fix HTTP tests
* Apply suggestions from code review
Co-authored-by: Alex Boten <alex@boten.ca>
* Use IsUnspecified method
* no else after return
* Move shared code to internal
Co-authored-by: Alex Boten <alex@boten.ca>
On top of the errorlint errors, also changes `fmt.Errorf("string literal")` with `errors.New("string literal")`.
Signed-off-by: Bogdan Drutu <bogdandrutu@gmail.com>
Split all `pdata` related code by type and move it from `model` to the new module `pdata`.
- `model/pdata` and `model/otlp` are moved to `pdata/plog`, `pdata/pmetric` and `pdata/ptrace`.
- `model/otlpgrpc` is moved to `pdata/plogotlp`, `pdata/pmetricotlp` and `pdata/ptraceotlp`.
Now all the API in `model` except for `model/semconv` is deprecated.
* fix: refactored configgrpc and tests
* fix: dealt with zlib and deflate and add tests
* chore: add changelog
* fix: make getGRPCCompressionName private
* Implement default server authenticators
Allow the interfaces to be extended without affecting implementations by allowing authenticators to provide which functions to override.
This is a non-breaking change, and current implementations might be changed in the future to use this.
Fixes#4556
Signed-off-by: Juraci Paixão Kröhling <juraci@kroehling.de>
* fixuop
Signed-off-by: Juraci Paixão Kröhling <juraci@kroehling.de>
* Add missing godoc
Signed-off-by: Juraci Paixão Kröhling <juraci@kroehling.de>
* `configgrpc`: Update `ToDialOptions` with settings
Adding the ability to pass TelemetrySettings to ToDialOptions to configure underlying instrumentation library.
Fixes#4424
* update changelog
* add telemetrysetting to exporter
* feat: supports more compression methods for configgrpc
* chore: add to CHANGELOG
* fix: solve merge conflict
* fix: list compression types in the changelog
* fix: exclude lz4 from the codebase
* Remove protocol-specific authenticator interfaces
This PR removes the gRPC and HTTP-specific interfaces from
the client authenticators. Implementations should now comply
with the main top-level interface, which defines the functions
previously defined at the individual interfaces.
Fixes#4239
Signed-off-by: Juraci Paixão Kröhling <juraci@kroehling.de>
* Changed test case description
Signed-off-by: Juraci Paixão Kröhling <juraci@kroehling.de>
* Simplify unmarshal logic by adding more supported hooks
* Add hook that supports "String -> encoding.TextUnmarshaler", e.g. zapcore.Level no longer need special unmarshaling
* Add hook that supports "String -> ComponentID"
* Add a special hook for map[string]interface{} -> map[ComponentID]interface{} to determine duplicates after space trimming, not sure if this error needs this special treatment.
Signed-off-by: Bogdan Drutu <bogdandrutu@gmail.com>
* Fix review comments
Signed-off-by: Bogdan Drutu <bogdandrutu@gmail.com>
* Improve error messages for unmarshaling errors of the ComponentID
Signed-off-by: Bogdan Drutu <bogdandrutu@gmail.com>
This PR is to rename `config.NewID` to `config.NewComponentID` and `config.NewIDFromString` to `config.NewComponentIDFromString` for naming consistency.
**Link to tracking Issue:**
Fixes#4105
Signed-off-by: Juraci Paixão Kröhling <juraci@kroehling.de>
Fixes#3734 by using chained interceptors for the gRPC servers. The tests making use of ToServerOptions were also changed to call grpc.NewServer with the obtained options, ensuring that they are valid.
The test TestGrpcServerAuthSettings now calling grpc.NewServer, executed against the configgrpc without the chained interceptors confirms the bug:
```
$ go test ./config/configgrpc/
--- FAIL: TestGrpcServerAuthSettings (0.00s)
panic: The unary server interceptor was already set and may not be reset. [recovered]
panic: The unary server interceptor was already set and may not be reset.
goroutine 23 [running]:
testing.tRunner.func1.2(0xa6c2a0, 0xc0b8a0)
/home/jpkroehling/bin/go/src/testing/testing.go:1144 +0x332
testing.tRunner.func1(0xc000103b00)
/home/jpkroehling/bin/go/src/testing/testing.go:1147 +0x4b6
panic(0xa6c2a0, 0xc0b8a0)
/home/jpkroehling/bin/go/src/runtime/panic.go:965 +0x1b9
google.golang.org/grpc.UnaryInterceptor.func1(0xc000374500)
/home/jpkroehling/go/pkg/mod/google.golang.org/grpc@v1.39.0/server.go:382 +0x6b
google.golang.org/grpc.(*funcServerOption).apply(0xc0001243f0, 0xc000374500)
/home/jpkroehling/go/pkg/mod/google.golang.org/grpc@v1.39.0/server.go:201 +0x33
google.golang.org/grpc.NewServer(0xc000129900, 0x4, 0x4, 0x4)
/home/jpkroehling/go/pkg/mod/google.golang.org/grpc@v1.39.0/server.go:564 +0xeb
go.opentelemetry.io/collector/config/configgrpc.TestGrpcServerAuthSettings(0xc000103b00)
/home/jpkroehling/Projects/src/github.com/open-telemetry/opentelemetry-collector/config/configgrpc/configgrpc_test.go:140 +0x2aa
testing.tRunner(0xc000103b00, 0xb85528)
/home/jpkroehling/bin/go/src/testing/testing.go:1194 +0xef
created by testing.(*T).Run
/home/jpkroehling/bin/go/src/testing/testing.go:1239 +0x2b3
FAIL go.opentelemetry.io/collector/config/configgrpc 0.006s
FAIL
```
The new module go.opentelemetry.io/collector/model will be created later when the internal data will
also be moved.
Signed-off-by: Bogdan Drutu <bogdandrutu@gmail.com>
This PR is a port of the configfrpc's ToDialOptions() and confighttp ToClient() from PR #3128 in a piece meal fashion.
The following are the changes
- Refactored configgrpc.PerRPCAuth as extension implementing configauth.GrpcClientAuthenticator
- Plugged in extensions configuration to all the grpc based clients in the core (OTLP, OpenCensus, Jaeger, JaegerReceiver)
- Plugged in extensions configuration to all the HTTP based clients in the core (Zipkin, OTLPHTTP)
Link to tracking Issue:
#3282#3276
Testing:
Unit tests, [manual test described (for only oidc)](#3128 (comment))
This PR adds support to add client side (exporter) authenticators for HTTP and gRPC clients through extension based authenticators. This is built of top of what was added for receiver (server) side authenticators via extensions in #2603
**Link to tracking Issue:** #3115
**Testing:**
- Did a manual testing for static bearer token.
- Added unit tests
This PR changes the configauth to accept a `component.Host`, from which it will extract the authenticator to use based on a new authenticator `name` property.
This is only a draft at the moment, making sure that the general approach is acceptable.
Pending:
- [x] More unit tests
- [x] Review README files
- [x] Comprehensive examples
**Link to tracking Issue:**
Closes#2101
Contributes to #2603
**Testing:**
A couple of unit tests were added for the first phase. More comprehensive testing will be done once the main idea is validated.
**Documentation:**
None so far, README changes are planned
Remove hyphens sice the idiomatic style is to not have word delimiters
at all, or have `_` as an exception.
Remove `opentelemetry-` prefix since the package is within otlp already and
there a no types in that package directly i.e. alias is not a problem.
* Added round_robin balancer as an option to gRPC client settings
* Added documentation changes`
* Changed the balancerName setting from bool to string to accomodate new balancers in future
Setting invalid balancer is panicking. Hence validated the same & thrown an error
* Fixed test
* Fixed tests
* Replaced grpc.WithBalancerName with grpc.WithDefaultServiceConfig
* Validated the balancerName using a var string array instead of error control flow
* Fixed lint errors
* Fixed lint errors
* typo fix in documentation
* Added PerRPCCredentials for gRPC settings
Signed-off-by: Juraci Paixão Kröhling <juraci@kroehling.de>
* Changes based on the reviews
Signed-off-by: Juraci Paixão Kröhling <juraci@kroehling.de>
* Fixed per-RPC auth type in error message
Co-authored-by: Paulo Janotti <pjanotti@splunk.com>
* Removed support for reading bearer token from file
Signed-off-by: Juraci Paixão Kröhling <juraci@kroehling.de>
Co-authored-by: Paulo Janotti <pjanotti@splunk.com>
Adding `ProtocolServerSettings` was a bit of a rush. We determined that `endpoint` has different meaning based on protocol, also not all the protocols support TLS.
In this PR we revert embedding `ProtocolServerSettings` in the GRPCServerSettings and make it consistent with HttpServerSettings.
Work left: Consistent config name for TLS settings `tls_settings` or `tls_credentials`.
* Refactor common client TLS configuration.
* Formatting and such
* Add insecure options for test bed exporters
* Fix logic in opencensus exporter
* Add insecure flag to test configs
* Rename object and simplify loading of gRPC Credentials
* Remove public compression package, and move to gRPC.
Signed-off-by: Bogdan Drutu <bogdandrutu@gmail.com>
* Update config/configgrpc/configgrpc.go
Co-authored-by: James Bebbington <jbebbington@google.com>
Co-authored-by: James Bebbington <jbebbington@google.com>
* Support mTLS in gRPC exporters
Signed-off-by: Pavol Loffay <ploffay@redhat.com>
* Rename to CaCert
Signed-off-by: Pavol Loffay <ploffay@redhat.com>
* Add tests
Signed-off-by: Pavol Loffay <ploffay@redhat.com>
* Fix lint
Signed-off-by: Pavol Loffay <ploffay@redhat.com>
* rename load func
Signed-off-by: Pavol Loffay <ploffay@redhat.com>
Attila Korompai