-
Notifications
You must be signed in to change notification settings - Fork 448
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OTLP exporter assumes it must use SSL because GetOtlpDefaultIsSslEnable() is returning a wrong value #2058
Comments
Thanks for the report, and for the detailed analysis.
It is, and I am the one to blame here.
So, the important part is:
The evaluation of What was missed is that this variable should not be used if the endpoint provides an This is a valid bug report. |
Related to this spec change: |
Thanks @marcalff for your fast feedback and the PR proposal to improve it. |
Thanks. A fix is available, ready for review and test if you want to try it out:
Feel free to comment on the PR. |
Came here to report the same issue, but without the great analysis. Thanks! |
Here to report that your fix works properly!
|
Describe your environment
Steps to reproduce
I'm facing an issue with SSL after upgrade from v1.8.2 to v1.8.3 with my gRPC telemetry.
The error is:
So debugging and comparing the behavior of both versions, I noticed that in v1.8.2
OtlpGrpcExporterOptions
constructor is setting as defaultuse_ssl_credentials: false
but in the new v1.8.3 this default constructor is setting touse_ssl_credentials: true
This looks like a behaviour change introduced by this refactoring handling Boolean environment variables #1982
Digging into the code to look the initialization of
use_ssl_credentials
in the constructor:opentelemetry-cpp/exporters/otlp/include/opentelemetry/exporters/otlp/otlp_grpc_exporter_options.h
Lines 19 to 25 in 15ab9ed
This method
GetOtlpDefaultIsSslEnable()
to initializeuse_ssl_credentials
is based onGetOtlpDefaultTracesIsInsecure()
:opentelemetry-cpp/exporters/otlp/include/opentelemetry/exporters/otlp/otlp_environment.h
Lines 60 to 64 in 15ab9ed
The issue is in the default return value of the following methods:
GetOtlpDefaultTracesIsInsecure()
opentelemetry-cpp/exporters/otlp/src/otlp_environment.cc
Line 251 in 15ab9ed
GetOtlpDefaultMetricsIsInsecure()
opentelemetry-cpp/exporters/otlp/src/otlp_environment.cc
Line 295 in 15ab9ed
GetOtlpDefaultLogsIsInsecure()
opentelemetry-cpp/exporters/otlp/src/otlp_environment.cc
Line 312 in 15ab9ed
All these methods are returning by default
false
if no env vars are defined.So a
false
return means, IS NOT insecure, then IS secure 🤯I don't know the gRPC transpost must be by default secure or insecure, but if the default is secure then this behaviour was enforced in this version.
According to the specification:
Insecure: Whether to enable client transport security for the exporter's gRPC connection. This option only applies to OTLP/gRPC when an endpoint is provided without the http or https scheme
So, if the gRPC endpoint scheme returns 'http' or 'https' as the following default, I think this value should overrided:
opentelemetry-cpp/exporters/otlp/src/otlp_environment.cc
Lines 78 to 82 in 15ab9ed
What is the expected behavior?
Upgrade from v1.8.2 to v1.8.3 without issues.
What is the actual behavior?
Upgrade to v1.8.3 wrongly assumes that gRPC connection are using SSL and fails because no certificates are defined.
Additional context
As workaround I need to set the env var
OTEL_EXPORTER_OTLP_INSECURE=true
in order to do not use SSLThe text was updated successfully, but these errors were encountered: