Skip to content

Commit

Permalink
[EXPORTER] OTLP GRPC mTLS support (#2120)
Browse files Browse the repository at this point in the history
  • Loading branch information
kylepl authored Jun 29, 2023
1 parent 313b04d commit 049ab63
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 8 deletions.
5 changes: 5 additions & 0 deletions api/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,11 @@ if(WITH_OTLP_HTTP_SSL_PREVIEW)
endif()
endif()

if(WITH_OTLP_GRPC_SSL_MTLS_PREVIEW)
target_compile_definitions(opentelemetry_api
INTERFACE ENABLE_OTLP_GRPC_SSL_MTLS_PREVIEW)
endif()

if(WITH_METRICS_EXEMPLAR_PREVIEW)
target_compile_definitions(opentelemetry_api
INTERFACE ENABLE_METRICS_EXEMPLAR_PREVIEW)
Expand Down
1 change: 1 addition & 0 deletions ci/do_ci.sh
Original file line number Diff line number Diff line change
Expand Up @@ -258,6 +258,7 @@ elif [[ "$1" == "cmake.exporter.otprotocol.test" ]]; then
cmake -DCMAKE_BUILD_TYPE=Debug \
-DWITH_OTLP_GRPC=ON \
-DWITH_OTLP_HTTP=ON \
-DWITH_OTLP_GRPC_SSL_MTLS_PREVIEW=ON \
"${SRC_DIR}"
grpc_cpp_plugin=`which grpc_cpp_plugin`
proto_make_file="CMakeFiles/opentelemetry_proto.dir/build.make"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,19 @@ struct OtlpGrpcExporterOptions
// ssl_credentials_cacert_as_string in-memory string representation of .pem file to be used for
// SSL encryption.
std::string ssl_credentials_cacert_as_string = GetOtlpDefaultSslCertificateString();

#ifdef ENABLE_OTLP_GRPC_SSL_MTLS_PREVIEW
// At most one of ssl_client_key_* should be non-empty. If use_ssl_credentials, they will
// be read to allow for mTLS.
std::string ssl_client_key_path = GetOtlpDefaultTracesSslClientKeyPath();
std::string ssl_client_key_string = GetOtlpDefaultTracesSslClientKeyString();

// At most one of ssl_client_cert_* should be non-empty. If use_ssl_credentials, they will
// be read to allow for mTLS.
std::string ssl_client_cert_path = GetOtlpDefaultTracesSslClientCertificatePath();
std::string ssl_client_cert_string = GetOtlpDefaultTracesSslClientCertificateString();
#endif

// Timeout for grpc deadline
std::chrono::system_clock::duration timeout = GetOtlpDefaultTimeout();
// Additional HTTP headers
Expand Down
28 changes: 20 additions & 8 deletions exporters/otlp/src/otlp_grpc_client.cc
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,18 @@ static std::string GetFileContents(const char *fpath)
finstream.close();
return contents;
}

// If the file path is non-empty, returns the contents of the file. Otherwise returns contents.
static std::string GetFileContentsOrInMemoryContents(const std::string &file_path,
const std::string &contents)
{
if (!file_path.empty())
{
return GetFileContents(file_path.c_str());
}
return contents;
}

} // namespace

std::shared_ptr<grpc::Channel> OtlpGrpcClient::MakeChannel(const OtlpGrpcExporterOptions &options)
Expand Down Expand Up @@ -61,14 +73,14 @@ std::shared_ptr<grpc::Channel> OtlpGrpcClient::MakeChannel(const OtlpGrpcExporte
if (options.use_ssl_credentials)
{
grpc::SslCredentialsOptions ssl_opts;
if (options.ssl_credentials_cacert_path.empty())
{
ssl_opts.pem_root_certs = options.ssl_credentials_cacert_as_string;
}
else
{
ssl_opts.pem_root_certs = GetFileContents((options.ssl_credentials_cacert_path).c_str());
}
ssl_opts.pem_root_certs = GetFileContentsOrInMemoryContents(
options.ssl_credentials_cacert_path, options.ssl_credentials_cacert_as_string);
#if ENABLE_OTLP_GRPC_SSL_MTLS_PREVIEW
ssl_opts.pem_private_key = GetFileContentsOrInMemoryContents(options.ssl_client_key_path,
options.ssl_client_key_string);
ssl_opts.pem_cert_chain = GetFileContentsOrInMemoryContents(options.ssl_client_cert_path,
options.ssl_client_cert_string);
#endif
channel =
grpc::CreateCustomChannel(grpc_target, grpc::SslCredentials(ssl_opts), grpc_arguments);
}
Expand Down

0 comments on commit 049ab63

Please sign in to comment.