OTLP exporter: Handle error case when no credentials supplied

[jan25]

Signed-off-by: Abhilash Gnan abhilashgnan@gmail.com

Description

Env var support for OTLP exporter was added in #1101. There is a error case(#1101 (comment)) which needs to be handled when credentials is not available in case of insecure=False(default).

This PR adds a ValueError for such case. Also, modified sample code to have insecure=True.

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

Checklist:

• Followed the style guidelines of this project
• Changelogs have been updated
• Unit tests have been added
• Documentation has been updated

[codeboten]

any advantage to raising an exception here and not default to using grpc.ssl_channel_credentials()?

[jan25]

This case is when insecure=False which is by default. Without this custom error handling it would break deep in stack inside grpc library without a useful message. Or can we handle this in a better way?

[toumorokoshi]

It's probably reasonable. I don't know how bad the original error is but asserting invalid configurations is certainly helpful.

[codeboten]

@jan25 my suggestion here was that using ssl_channel_credentials without any parameters would work in the case of a secure connection as it will load the root certificate from a default location:
https://grpc.github.io/grpc/python/grpc.html#create-client-credentials

[jan25]

I like this idea, perhaps we need to update the spec before using default location? Also, i was wrong about grpc library erroring. Actually it was open(filename) thats erroring when no cert location is set and filename=None.

[toumorokoshi]

@jan25 if it violates the spec to look for ssl credentials in the secure case before failing, then agreed we should amend the spec.

Can you file an issue? Or do you want someone else to handle that conversation?

[jan25]

Hi @toumorokoshi I recently learnt grpc python library has the default certificate path support, so i don't have 100% context of this. Could someone else open an issue in spec repo about this?

[toumorokoshi]

great, thanks!

[toumorokoshi]

Sorry, can you add an entry in the changelog? It's not serious, but probably worth calling out new behavior of a raised ValueError.

[jan25]

Thanks @toumorokoshi ! I've updated CHANGELOG.

[toumorokoshi]

Thanks! Would definitely be good to have a follow-up item on the use of default ssl credentials, great catch codeboten!

[jan25]

Looks like a sdk test is flaky. Could we rerun the CI?