Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new TLS related APIs on OTLP exporter builders. #5280

Merged
merged 20 commits into from
May 4, 2023
Merged

Add new TLS related APIs on OTLP exporter builders. #5280

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
71a7fec
add TLS apis to OtlpHttpSpanExporterBuilder
breedx-splk Mar 9, 2023
c5a6979
add TLS apis to OtlpHttpMetricExporterBuilder
breedx-splk Mar 9, 2023
afe6f25
add TLS apis to OtlpHttpLogExporterBuilder
breedx-splk Mar 9, 2023
0a863d1
spotless
breedx-splk Mar 9, 2023
872a41d
update api docs via jApiCmp
breedx-splk Mar 13, 2023
4c1cf49
simplify api
breedx-splk Mar 14, 2023
c690b68
add ssl factory support to grpc classes and beef up test coverage
breedx-splk Mar 22, 2023
b47e6d9
jApiCmp
breedx-splk Mar 22, 2023
eda4b1a
address code review comments - remove explicit setKeyManager() refere…
breedx-splk Mar 22, 2023
5344565
standardize javadoc for setSslSocketFactory methods
breedx-splk Mar 22, 2023
e8912ea
add TLS apis to OtlpHttpSpanExporterBuilder
breedx-splk Mar 9, 2023
3964079
add TLS apis to OtlpHttpMetricExporterBuilder
breedx-splk Mar 9, 2023
2ab1584
add TLS apis to OtlpHttpLogExporterBuilder
breedx-splk Mar 9, 2023
ddd8562
spotless
breedx-splk Mar 9, 2023
3249d67
simplify api
breedx-splk Mar 14, 2023
3c702e2
add ssl factory support to grpc classes and beef up test coverage
breedx-splk Mar 22, 2023
4655e66
address code review comments - remove explicit setKeyManager() refere…
breedx-splk Mar 22, 2023
369a81a
standardize javadoc for setSslSocketFactory methods
breedx-splk Mar 22, 2023
0a8c873
rebase and migrate to setSslContext()
breedx-splk Apr 17, 2023
a566f5d
sslSocketFactory -> sslContext
breedx-splk Apr 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion docs/apidiffs/current_vs_latest/opentelemetry-exporter-otlp.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,13 @@
Comparing source compatibility of against
No changes.
*** MODIFIED CLASS: PUBLIC FINAL io.opentelemetry.exporter.otlp.http.metrics.OtlpHttpMetricExporterBuilder (not serializable)
=== CLASS FILE FORMAT VERSION: 52.0 <- 52.0
+++ NEW METHOD: PUBLIC(+) io.opentelemetry.exporter.otlp.http.metrics.OtlpHttpMetricExporterBuilder setSslContext(javax.net.ssl.SSLContext, javax.net.ssl.X509TrustManager)
*** MODIFIED CLASS: PUBLIC FINAL io.opentelemetry.exporter.otlp.http.trace.OtlpHttpSpanExporterBuilder (not serializable)
=== CLASS FILE FORMAT VERSION: 52.0 <- 52.0
+++ NEW METHOD: PUBLIC(+) io.opentelemetry.exporter.otlp.http.trace.OtlpHttpSpanExporterBuilder setSslContext(javax.net.ssl.SSLContext, javax.net.ssl.X509TrustManager)
*** MODIFIED CLASS: PUBLIC FINAL io.opentelemetry.exporter.otlp.metrics.OtlpGrpcMetricExporterBuilder (not serializable)
=== CLASS FILE FORMAT VERSION: 52.0 <- 52.0
+++ NEW METHOD: PUBLIC(+) io.opentelemetry.exporter.otlp.metrics.OtlpGrpcMetricExporterBuilder setSslContext(javax.net.ssl.SSLContext, javax.net.ssl.X509TrustManager)
*** MODIFIED CLASS: PUBLIC FINAL io.opentelemetry.exporter.otlp.trace.OtlpGrpcSpanExporterBuilder (not serializable)
=== CLASS FILE FORMAT VERSION: 52.0 <- 52.0
+++ NEW METHOD: PUBLIC(+) io.opentelemetry.exporter.otlp.trace.OtlpGrpcSpanExporterBuilder setSslContext(javax.net.ssl.SSLContext, javax.net.ssl.X509TrustManager)
6 changes: 6 additions & 0 deletions ...ers/common/src/main/java/io/opentelemetry/exporter/internal/grpc/GrpcExporterBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,12 @@ public GrpcExporterBuilder<T> setKeyManagerFromCerts(
return this;
}

public GrpcExporterBuilder<T> setSslContext(
SSLContext sslContext, X509TrustManager trustManager) {
tlsConfigHelper.setSslContext(sslContext, trustManager);
return this;
}
breedx-splk marked this conversation as resolved.
Show resolved Hide resolved

public GrpcExporterBuilder<T> addHeader(String key, String value) {
headers.put(key, value);
return this;
Expand Down
12 changes: 12 additions & 0 deletions .../main/java/io/opentelemetry/exporter/otlp/http/metrics/OtlpHttpMetricExporterBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
import io.opentelemetry.sdk.metrics.export.MetricExporter;
import java.time.Duration;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;

/**
* Builder utility for {@link OtlpHttpMetricExporter}.
Expand Down Expand Up @@ -112,6 +114,16 @@ public OtlpHttpMetricExporterBuilder setClientTls(byte[] privateKeyPem, byte[] c
return this;
}

/**
* Sets the "bring-your-own" SSLContext for use with TLS. Users should call this _or_ set raw
* certificate bytes, but not both.
*/
public OtlpHttpMetricExporterBuilder setSslContext(
SSLContext sslContext, X509TrustManager trustManager) {
delegate.setSslContext(sslContext, trustManager);
return this;
}

/**
* Set the {@link AggregationTemporalitySelector} used for {@link
* MetricExporter#getAggregationTemporality(InstrumentType)}.
Expand Down
12 changes: 12 additions & 0 deletions .../src/main/java/io/opentelemetry/exporter/otlp/http/trace/OtlpHttpSpanExporterBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@
import io.opentelemetry.exporter.internal.otlp.traces.TraceRequestMarshaler;
import java.time.Duration;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;

/**
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would like to see same changes applied to jaeger-related classes such as JaegerRemoteSamplerBuilder and JaegerGrpcSpanExporterBuilder.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's do that in a separate PR.

* Builder utility for {@link OtlpHttpSpanExporter}.
Expand Down Expand Up @@ -100,6 +102,16 @@ public OtlpHttpSpanExporterBuilder setClientTls(byte[] privateKeyPem, byte[] cer
return this;
}

/**
* Sets the "bring-your-own" SSLContext for use with TLS. Users should call this _or_ set raw
* certificate bytes, but not both.
*/
public OtlpHttpSpanExporterBuilder setSslContext(
SSLContext sslContext, X509TrustManager trustManager) {
delegate.setSslContext(sslContext, trustManager);
return this;
}

/**
* Sets the {@link MeterProvider} to use to collect metrics related to export. If not set, uses
* {@link GlobalOpenTelemetry#getMeterProvider()}.
Expand Down
12 changes: 12 additions & 0 deletions ...l/src/main/java/io/opentelemetry/exporter/otlp/metrics/OtlpGrpcMetricExporterBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@
import java.net.URI;
import java.time.Duration;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;

/**
* Builder utility for this exporter.
Expand Down Expand Up @@ -144,6 +146,16 @@ public OtlpGrpcMetricExporterBuilder setClientTls(byte[] privateKeyPem, byte[] c
return this;
}

/**
* Sets the "bring-your-own" SSLContext for use with TLS. Users should call this _or_ set raw
* certificate bytes, but not both.
*/
public OtlpGrpcMetricExporterBuilder setSslContext(
SSLContext sslContext, X509TrustManager trustManager) {
delegate.setSslContext(sslContext, trustManager);
return this;
}

/**
* Add header to request. Optional. Applicable only if {@link
* OtlpGrpcMetricExporterBuilder#setChannel(ManagedChannel)} is not used to set channel.
Expand Down
12 changes: 12 additions & 0 deletions ...p/all/src/main/java/io/opentelemetry/exporter/otlp/trace/OtlpGrpcSpanExporterBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
import java.net.URI;
import java.time.Duration;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;

/** Builder utility for this exporter. */
public final class OtlpGrpcSpanExporterBuilder {
Expand Down Expand Up @@ -128,6 +130,16 @@ public OtlpGrpcSpanExporterBuilder setClientTls(byte[] privateKeyPem, byte[] cer
return this;
}

/**
* Sets the "bring-your-own" SSLContext for use with TLS. Users should call this _or_ set raw
* certificate bytes, but not both.
*/
public OtlpGrpcSpanExporterBuilder setSslContext(
SSLContext sslContext, X509TrustManager trustManager) {
delegate.setSslContext(sslContext, trustManager);
return this;
}

/**
* Add header to request. Optional. Applicable only if {@link
* OtlpGrpcSpanExporterBuilder#setChannel(ManagedChannel)} is not called.
Expand Down
9 changes: 9 additions & 0 deletions ...src/test/java/io/opentelemetry/exporter/otlp/http/metrics/OtlpHttpMetricExporterTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@
import java.time.Duration;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;
import org.junit.jupiter.api.Test;

class OtlpHttpMetricExporterTest
Expand Down Expand Up @@ -120,6 +122,13 @@ public TelemetryExporterBuilder<MetricData> setTrustedCertificates(byte[] certif
return this;
}

@Override
public TelemetryExporterBuilder<MetricData> setSslContext(
SSLContext sslContext, X509TrustManager trustManager) {
builder.setSslContext(sslContext, trustManager);
return this;
}

@Override
public TelemetryExporterBuilder<MetricData> setClientTls(
byte[] privateKeyPem, byte[] certificatePem) {
Expand Down
9 changes: 9 additions & 0 deletions ...all/src/test/java/io/opentelemetry/exporter/otlp/http/trace/OtlpHttpSpanExporterTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
import java.time.Duration;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;

class OtlpHttpSpanExporterTest extends AbstractHttpTelemetryExporterTest<SpanData, ResourceSpans> {

Expand Down Expand Up @@ -65,6 +67,13 @@ public TelemetryExporterBuilder<SpanData> setTrustedCertificates(byte[] certific
return this;
}

@Override
public TelemetryExporterBuilder<SpanData> setSslContext(
SSLContext sslContext, X509TrustManager trustManager) {
builder.setSslContext(sslContext, trustManager);
return this;
}

@Override
public TelemetryExporterBuilder<SpanData> setClientTls(
byte[] privateKeyPem, byte[] certificatePem) {
Expand Down
12 changes: 12 additions & 0 deletions .../main/java/io/opentelemetry/exporter/otlp/http/logs/OtlpHttpLogRecordExporterBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@
import io.opentelemetry.exporter.internal.otlp.logs.LogsRequestMarshaler;
import java.time.Duration;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;

/** Builder utility for {@link OtlpHttpLogRecordExporter}. */
public final class OtlpHttpLogRecordExporterBuilder {
Expand Down Expand Up @@ -97,6 +99,16 @@ public OtlpHttpLogRecordExporterBuilder setClientTls(
return this;
}

/**
* Sets the "bring-your-own" SSLContext. Users should call this _or_ set raw certificate bytes,
* but not both.
*/
public OtlpHttpLogRecordExporterBuilder setSslSocketFactory(
SSLContext sslContext, X509TrustManager trustManager) {
delegate.setSslContext(sslContext, trustManager);
return this;
}

/**
* Sets the {@link MeterProvider} to use to collect metrics related to export. If not set, uses
* {@link GlobalOpenTelemetry#getMeterProvider()}.
Expand Down
12 changes: 12 additions & 0 deletions ...s/src/main/java/io/opentelemetry/exporter/otlp/logs/OtlpGrpcLogRecordExporterBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
import java.net.URI;
import java.time.Duration;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;

/** Builder for {@link OtlpGrpcLogRecordExporter}. */
public final class OtlpGrpcLogRecordExporterBuilder {
Expand Down Expand Up @@ -129,6 +131,16 @@ public OtlpGrpcLogRecordExporterBuilder setClientTls(
return this;
}

/**
* Sets the "bring-your-own" SSLContext for use with TLS. Users should call this _or_ set raw
* certificate bytes, but not both.
*/
public OtlpGrpcLogRecordExporterBuilder setSslContext(
SSLContext sslContext, X509TrustManager trustManager) {
delegate.setSslContext(sslContext, trustManager);
return this;
}

/**
* Add header to request. Optional. Applicable only if {@link
* OtlpGrpcLogRecordExporterBuilder#setChannel(ManagedChannel)} is not used to set channel.
Expand Down
9 changes: 9 additions & 0 deletions ...src/test/java/io/opentelemetry/exporter/otlp/http/logs/OtlpHttpLogRecordExporterTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
import java.time.Duration;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;

class OtlpHttpLogRecordExporterTest
extends AbstractHttpTelemetryExporterTest<LogRecordData, ResourceLogs> {
Expand Down Expand Up @@ -66,6 +68,13 @@ public TelemetryExporterBuilder<LogRecordData> setTrustedCertificates(byte[] cer
return this;
}

@Override
public TelemetryExporterBuilder<LogRecordData> setSslContext(
SSLContext ssLContext, X509TrustManager trustManager) {
builder.setSslSocketFactory(ssLContext, trustManager);
return this;
}

@Override
public TelemetryExporterBuilder<LogRecordData> setClientTls(
byte[] privateKeyPem, byte[] certificatePem) {
Expand Down
31 changes: 31 additions & 0 deletions ...va/io/opentelemetry/exporter/otlp/testing/internal/AbstractGrpcTelemetryExporterTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import com.linecorp.armeria.testing.junit5.server.SelfSignedCertificateExtension;
import com.linecorp.armeria.testing.junit5.server.ServerExtension;
import io.github.netmikey.logunit.api.LogCapturer;
import io.opentelemetry.exporter.internal.TlsUtil;
import io.opentelemetry.exporter.internal.grpc.OkHttpGrpcExporter;
import io.opentelemetry.exporter.internal.grpc.UpstreamGrpcExporter;
import io.opentelemetry.exporter.internal.marshal.Marshaler;
Expand Down Expand Up @@ -54,6 +55,11 @@
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.assertj.core.api.iterable.ThrowingExtractor;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.AfterEach;
Expand Down Expand Up @@ -318,6 +324,31 @@ void tls() throws Exception {
}
}

@Test
void tlsViaSslContext() throws Exception {
X509TrustManager trustManager = TlsUtil.trustManager(certificate.certificate().getEncoded());

X509KeyManager keyManager =
TlsUtil.keyManager(
certificate.privateKey().getEncoded(), certificate.certificate().getEncoded());

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(new KeyManager[] {keyManager}, new TrustManager[] {trustManager}, null);

TelemetryExporter<T> exporter =
exporterBuilder()
.setSslContext(sslContext, trustManager)
.setEndpoint(server.httpsUri().toString())
.build();
try {
CompletableResultCode result =
exporter.export(Collections.singletonList(generateFakeTelemetry()));
assertThat(result.join(10, TimeUnit.SECONDS).isSuccess()).isTrue();
} finally {
exporter.shutdown();
}
}

@Test
@SuppressLogger(OkHttpGrpcExporter.class)
@SuppressLogger(UpstreamGrpcExporter.class)
Expand Down
35 changes: 34 additions & 1 deletion ...va/io/opentelemetry/exporter/otlp/testing/internal/AbstractHttpTelemetryExporterTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
import com.linecorp.armeria.testing.junit5.server.SelfSignedCertificateExtension;
import com.linecorp.armeria.testing.junit5.server.ServerExtension;
import io.github.netmikey.logunit.api.LogCapturer;
import io.opentelemetry.exporter.internal.TlsUtil;
import io.opentelemetry.exporter.internal.grpc.UpstreamGrpcExporter;
import io.opentelemetry.exporter.internal.marshal.Marshaler;
import io.opentelemetry.exporter.internal.okhttp.OkHttpExporter;
Expand Down Expand Up @@ -56,6 +57,11 @@
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import okio.Buffer;
import okio.GzipSource;
import okio.Okio;
Expand Down Expand Up @@ -349,6 +355,31 @@ void tls() throws Exception {
}
}

@Test
void tlsViaSslContext() throws Exception {
X509TrustManager trustManager = TlsUtil.trustManager(certificate.certificate().getEncoded());

X509KeyManager keyManager =
TlsUtil.keyManager(
certificate.privateKey().getEncoded(), certificate.certificate().getEncoded());

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(new KeyManager[] {keyManager}, new TrustManager[] {trustManager}, null);

TelemetryExporter<T> exporter =
exporterBuilder()
.setEndpoint(server.httpsUri() + path)
.setSslContext(sslContext, trustManager)
.build();
try {
CompletableResultCode result =
exporter.export(Collections.singletonList(generateFakeTelemetry()));
assertThat(result.join(10, TimeUnit.SECONDS).isSuccess()).isTrue();
} finally {
exporter.shutdown();
}
}

@Test
@SuppressLogger(OkHttpExporter.class)
void tls_untrusted() {
Expand Down Expand Up @@ -436,9 +467,11 @@ void exportAfterShutdown() {
@Test
@SuppressLogger(OkHttpExporter.class)
void doubleShutdown() {
int logsSizeBefore = logs.getEvents().size();
TelemetryExporter<T> exporter = exporterBuilder().setEndpoint(server.httpUri() + path).build();
assertThat(exporter.shutdown().join(10, TimeUnit.SECONDS).isSuccess()).isTrue();
assertThat(logs.getEvents()).isEmpty();
assertThat(logs.getEvents()).hasSize(logsSizeBefore);
logs.assertDoesNotContain("Calling shutdown() multiple times.");
assertThat(exporter.shutdown().join(10, TimeUnit.SECONDS).isSuccess()).isTrue();
logs.assertContains("Calling shutdown() multiple times.");
}
Expand Down
9 changes: 9 additions & 0 deletions .../io/opentelemetry/exporter/otlp/testing/internal/GrpcLogRecordExporterBuilderWrapper.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@
import io.opentelemetry.sdk.logs.data.LogRecordData;
import java.time.Duration;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;

final class GrpcLogRecordExporterBuilderWrapper implements TelemetryExporterBuilder<LogRecordData> {
private final OtlpGrpcLogRecordExporterBuilder builder;
Expand Down Expand Up @@ -63,6 +65,13 @@ public TelemetryExporterBuilder<LogRecordData> setClientTls(
return this;
}

@Override
public TelemetryExporterBuilder<LogRecordData> setSslContext(
SSLContext sslContext, X509TrustManager trustManager) {
builder.setSslContext(sslContext, trustManager);
return this;
}

@Override
public TelemetryExporterBuilder<LogRecordData> setRetryPolicy(RetryPolicy retryPolicy) {
RetryUtil.setRetryPolicyOnDelegate(builder, retryPolicy);
Expand Down
Loading