Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add configuration for client TLS auth and rename variable for trusted… #1375

Closed
wants to merge 7 commits into from
Closed

Add configuration for client TLS auth and rename variable for trusted… #1375

Changes from 5 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
a51be18
Add configuration for client TLS auth and rename variable for trusted…
Jan 26, 2021
e3a228c
Update specification/protocol/exporter.md
Jan 26, 2021
e5c1f7f
New names
Jan 27, 2021
438e536
Merge branch 'client-tls' of github.com:anuraaga/opentelemetry-specif…
Jan 27, 2021
24d9fa0
Merge branch 'main' of github.com:open-telemetry/opentelemetry-specif…
Jan 28, 2021
9caecbb
Merge branch 'main' of github.com:open-telemetry/opentelemetry-specif…
Feb 5, 2021
e831e39
Update changelog
Feb 5, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion specification/protocol/exporter.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ The following configuration options MUST be available to configure the OTLP expo
| -------------------- | ------------------------------------------------------------ | ----------------- | ------------------------------------------------------------ |
| Endpoint | Target to which the exporter is going to send spans or metrics. The endpoint MUST be a valid URL with scheme (http or https) and host, and MAY contain a port and path. A scheme of https indicates a secure connection. When using `OTEL_EXPORTER_ENDPOINT` with OTLP/HTTP, exporters SHOULD follow the collector convention of appending the version and signal to the path (e.g. `v1/traces` or `v1/metrics`). The per-signal endpoint configuration options take precedence and can be used to override this behavior. See the [OTLP Specification][otlphttp-req] for more details. | `https://localhost:4317` | `OTEL_EXPORTER_OTLP_ENDPOINT` `OTEL_EXPORTER_OTLP_TRACES_ENDPOINT` `OTEL_EXPORTER_OTLP_METRICS_ENDPOINT` |
| Protocol | The protocol used to transmit the data. One of `grpc`,`http/json`,`http/protobuf`. | `grpc` | `OTEL_EXPORTER_OTLP_PROTOCOL` `OTEL_EXPORTER_OTLP_TRACES_PROTOCOL` `OTEL_EXPORTER_OTLP_METRICS_PROTOCOL` |
| Certificate File | Path to certificate file for TLS credentials of gRPC client. Should only be used for a secure connection. | n/a | `OTEL_EXPORTER_OTLP_CERTIFICATE` `OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE` `OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE` |
| Client certificate / key | The TLS certificate and private key to authenticate the client for mTLS. Should only be used for a secure connection. | n/a | `OTEL_EXPORTER_OTLP_TLS_CERTIFICATE` `OTEL_EXPORTER_OTLP_TRACES_TLS_CERTIFICATE` `OTEL_EXPORTER_OTLP_METRICS_TLS_CERTIFICATE`, `OTEL_EXPORTER_OTLP_TLS_PRIVATE_KEY` `OTEL_EXPORTER_OTLP_TRACES_TLS_PRIVATE_KEY` `OTEL_EXPORTER_OTLP_METRICS_TLS_PRIVATE_KEY` |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a question, mostly out of curiosity. I see a replacing of Path to certificate file... for The TLS certificate and private key.... The idea behind that is to use the contents of the certificate as the value of the environment variable?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for calling this out. This was tough for me since this table has both configuration options and environment variables. I don't think the SDK has to expose a programmatic interface that only accepts a path, and often it'd probably not a good idea since it makes it difficult to provide credentials in non-file ways such as embedding into the binary or using a KMS client. The environment variable makes sense to point to a path though. So I made the description generic to not specify the type to apply to both.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps we should move the environment variables out of here to the sdk-environment-variables doc since they seem somewhat mysterious to be defined here and would give us the flexibility when describing. That'd be for another PR though I think.

| Trusted certificate | The trusted certificate to use when verifying a server's TLS credentials. Should only be used for a secure connection. | n/a | `OTEL_EXPORTER_OTLP_TLS_TRUSTED_CERTIFICATE` `OTEL_EXPORTER_OTLP_TRACES_TLS_TRUSTED_CERTIFICATE` `OTEL_EXPORTER_OTLP_METRICS_TLS_TRUSTED_CERTIFICATE` |
| Headers | Key-value pairs to be used as headers associated with gRPC or HTTP requests. See [Specifying headers](./exporter.md#specifying-headers-via-environment-variables) for more details. | n/a | `OTEL_EXPORTER_OTLP_HEADERS` `OTEL_EXPORTER_OTLP_TRACES_HEADERS` `OTEL_EXPORTER_OTLP_METRICS_HEADERS` |
| Compression | Compression key for supported compression types. Supported compression: `gzip`| No value | `OTEL_EXPORTER_OTLP_COMPRESSION` `OTEL_EXPORTER_OTLP_TRACES_COMPRESSION` `OTEL_EXPORTER_OTLP_METRICS_COMPRESSION` |
| Timeout | Max waiting time for the backend to process each spans or metrics batch. | 10s | `OTEL_EXPORTER_OTLP_TIMEOUT` `OTEL_EXPORTER_OTLP_TRACES_TIMEOUT` `OTEL_EXPORTER_OTLP_METRICS_TIMEOUT` |
Expand Down