Post merge fixes for a646525

.github/ALLOWLIST

@@ -20,6 +20,7 @@
 
 ## COMMON & SHARED components
 internal/common
+config/confighttp
 
 ## DEPRECATED components
 

.github/dependabot.yml

@@ -42,6 +42,11 @@ updates:
     schedule:
       interval: "weekly"
       day: "wednesday"
+  - package-ecosystem: "gomod"
+    directory: "/config/confighttp"
+    schedule:
+      interval: "weekly"
+      day: "wednesday"
   - package-ecosystem: "gomod"
     directory: "/confmap/provider/s3provider"
     schedule:
@@ -1097,73 +1102,3 @@ updates:
     schedule:
       interval: "weekly"
       day: "wednesday"
-  - package-ecosystem: "gomod"
-    directory: "/receiver/snowflakereceiver"
-    schedule:
-      interval: "weekly"
-      day: "wednesday"
-  - package-ecosystem: "gomod"
-    directory: "/receiver/solacereceiver"
-    schedule:
-      interval: "weekly"
-      day: "wednesday"
-  - package-ecosystem: "gomod"
-    directory: "/receiver/splunkhecreceiver"
-    schedule:
-      interval: "weekly"
-      day: "wednesday"
-  - package-ecosystem: "gomod"
-    directory: "/receiver/sqlqueryreceiver"
-    schedule:
-      interval: "weekly"
-      day: "wednesday"
-  - package-ecosystem: "gomod"
-    directory: "/receiver/sqlserverreceiver"
-    schedule:
-      interval: "weekly"
-      day: "wednesday"
-  - package-ecosystem: "gomod"
-    directory: "/receiver/sshcheckreceiver"
-    schedule:
-      interval: "weekly"
-      day: "wednesday"
-  - package-ecosystem: "gomod"
-    directory: "/receiver/statsdreceiver"
-    schedule:
-      interval: "weekly"
-      day: "wednesday"
-  - package-ecosystem: "gomod"
-    directory: "/receiver/syslogreceiver"
-    schedule:
-      interval: "weekly"
-      day: "wednesday"
-  - package-ecosystem: "gomod"
-    directory: "/receiver/tcplogreceiver"
-    schedule:
-      interval: "weekly"
-      day: "wednesday"
-  - package-ecosystem: "gomod"
-    directory: "/receiver/udplogreceiver"
-    schedule:
-      interval: "weekly"
-      day: "wednesday"
-  - package-ecosystem: "gomod"
-    directory: "/receiver/vcenterreceiver"
-    schedule:
-      interval: "weekly"
-      day: "wednesday"
-  - package-ecosystem: "gomod"
-    directory: "/receiver/wavefrontreceiver"
-    schedule:
-      interval: "weekly"
-      day: "wednesday"
-  - package-ecosystem: "gomod"
-    directory: "/receiver/webhookeventreceiver"
-    schedule:
-      interval: "weekly"
-      day: "wednesday"
-  - package-ecosystem: "gomod"
-    directory: "/receiver/windowseventlogreceiver"
-    schedule:
-      interval: "weekly"
-      day: "wednesday"

.golangci.yml

@@ -161,3 +161,7 @@ issues:
     - text: "G402:"
       linters:
         - gosec
+    # https://github.com/open-telemetry/opentelemetry-collector/issues/5699
+    - text: "G112:"
+      linters:
+        - gosec

config/confighttp/Makefile

@@ -0,0 +1 @@
+include ../../Makefile.Common

config/confighttp/README.md

@@ -0,0 +1,100 @@
+# HTTP Configuration Settings
+
+HTTP exposes a [variety of settings](https://golang.org/pkg/net/http/).
+Several of these settings are available for configuration within individual
+receivers or exporters.
+
+## Client Configuration
+
+[Exporters](https://github.com/open-telemetry/opentelemetry-collector/blob/main/exporter/README.md)
+leverage client configuration.
+
+Note that client configuration supports TLS configuration, the
+configuration parameters are also defined under `tls` like server
+configuration. For more information, see [configtls
+README](../configtls/README.md).
+
+- `endpoint`: address:port
+- [`tls`](../configtls/README.md)
+- `headers`: name/value pairs added to the HTTP request headers
+- [`read_buffer_size`](https://golang.org/pkg/net/http/#Transport)
+- [`timeout`](https://golang.org/pkg/net/http/#Client)
+- [`write_buffer_size`](https://golang.org/pkg/net/http/#Transport)
+- `compression`: Compression type to use among `gzip`, `zstd`, `snappy`, `zlib`, and `deflate`.
+  - look at the documentation for the server-side of the communication.
+  - `none` will be treated as uncompressed, and any other inputs will cause an error.
+- [`max_idle_conns`](https://golang.org/pkg/net/http/#Transport)
+- [`max_idle_conns_per_host`](https://golang.org/pkg/net/http/#Transport)
+- [`max_conns_per_host`](https://golang.org/pkg/net/http/#Transport)
+- [`idle_conn_timeout`](https://golang.org/pkg/net/http/#Transport)
+
+Example:
+
+```yaml
+exporter:
+  otlp:
+    endpoint: otelcol2:55690
+    tls:
+      ca_file: ca.pem
+      cert_file: cert.pem
+      key_file: key.pem
+    headers:
+      test1: "value1"
+      "test 2": "value 2"
+    compression: zstd
+```
+
+## Server Configuration
+
+[Receivers](https://github.com/open-telemetry/opentelemetry-collector/blob/main/receiver/README.md)
+leverage server configuration.
+
+- [`cors`](https://github.com/rs/cors#parameters): Configure [CORS][cors],
+allowing the receiver to accept traces from web browsers, even if the receiver
+is hosted at a different [origin][origin]. If left blank or set to `null`, CORS
+will not be enabled.
+  - `allowed_origins`: A list of [origins][origin] allowed to send requests to
+  the receiver. An origin may contain a wildcard (`*`) to replace 0 or more
+  characters (e.g., `https://*.example.com`). To allow any origin, set to
+  `["*"]`. If no origins are listed, CORS will not be enabled.
+  - `allowed_headers`: Allow CORS requests to include headers outside the
+  [default safelist][cors-headers]. By default, safelist headers and
+  `X-Requested-With` will be allowed. To allow any request header, set to
+  `["*"]`.
+  - `max_age`: Sets the value of the [`Access-Control-Max-Age`][cors-cache]
+  header, allowing clients to cache the response to CORS preflight requests. If
+  not set, browsers use a default of 5 seconds.
+- `endpoint`: Valid value syntax available [here](https://github.com/grpc/grpc/blob/master/doc/naming.md)
+- [`tls`](../configtls/README.md)
+
+You can enable [`attribute processor`][attribute-processor] to append any http header to span's attribute using custom key. You also need to enable the "include_metadata"
+
+Example:
+
+```yaml
+receivers:
+  otlp:
+    protocols:
+      http:
+        include_metadata: true
+        cors:
+          allowed_origins:
+            - https://foo.bar.com
+            - https://*.test.com
+          allowed_headers:
+            - Example-Header
+          max_age: 7200
+        endpoint: 0.0.0.0:55690
+processors:
+  attributes:
+    actions:
+      - key: http.client_ip
+        from_context: X-Forwarded-For
+        action: upsert
+```
+
+[cors]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
+[cors-headers]: https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_request_header
+[cors-cache]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
+[origin]: https://developer.mozilla.org/en-US/docs/Glossary/Origin
+[attribute-processor]: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/processor/attributesprocessor/README.md

config/confighttp/clientinfohandler.go

@@ -0,0 +1,68 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package confighttp // import "go.opentelemetry.io/collector/config/confighttp"
+
+import (
+	"context"
+	"net"
+	"net/http"
+
+	"go.opentelemetry.io/collector/client"
+)
+
+var _ http.Handler = (*clientInfoHandler)(nil)
+
+// clientInfoHandler is an http.Handler that enhances the incoming request context with client.Info.
+type clientInfoHandler struct {
+	next http.Handler
+
+	// include client metadata or not
+	includeMetadata bool
+}
+
+// ServeHTTP intercepts incoming HTTP requests, replacing the request's context with one that contains
+// a client.Info containing the client's IP address.
+func (h *clientInfoHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	req = req.WithContext(contextWithClient(req, h.includeMetadata))
+	h.next.ServeHTTP(w, req)
+}
+
+// contextWithClient attempts to add the client IP address to the client.Info from the context. When no
+// client.Info exists in the context, one is created.
+func contextWithClient(req *http.Request, includeMetadata bool) context.Context {
+	cl := client.FromContext(req.Context())
+
+	ip := parseIP(req.RemoteAddr)
+	if ip != nil {
+		cl.Addr = ip
+	}
+
+	if includeMetadata {
+		md := req.Header.Clone()
+		if len(md.Get(client.MetadataHostName)) == 0 && req.Host != "" {
+			md.Add(client.MetadataHostName, req.Host)
+		}
+
+		cl.Metadata = client.NewMetadata(md)
+	}
+
+	ctx := client.NewContext(req.Context(), cl)
+	return ctx
+}
+
+// parseIP parses the given string for an IP address. The input string might contain the port,
+// but must not contain a protocol or path. Suitable for getting the IP part of a client connection.
+func parseIP(source string) *net.IPAddr {
+	ipstr, _, err := net.SplitHostPort(source)
+	if err == nil {
+		source = ipstr
+	}
+	ip := net.ParseIP(source)
+	if ip != nil {
+		return &net.IPAddr{
+			IP: ip,
+		}
+	}
+	return nil
+}

config/confighttp/clientinfohandler_test.go

@@ -0,0 +1,49 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package confighttp // import "go.opentelemetry.io/collector/config/confighttp"
+
+import (
+	"net"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestParseIP(t *testing.T) {
+	testCases := []struct {
+		desc     string
+		input    string
+		expected *net.IPAddr
+	}{
+		{
+			desc:  "addr",
+			input: "1.2.3.4",
+			expected: &net.IPAddr{
+				IP: net.IPv4(1, 2, 3, 4),
+			},
+		},
+		{
+			desc:  "addr:port",
+			input: "1.2.3.4:33455",
+			expected: &net.IPAddr{
+				IP: net.IPv4(1, 2, 3, 4),
+			},
+		},
+		{
+			desc:     "protocol://addr:port",
+			input:    "http://1.2.3.4:33455",
+			expected: nil,
+		},
+		{
+			desc:     "addr/path",
+			input:    "1.2.3.4/orders",
+			expected: nil,
+		},
+	}
+	for _, tC := range testCases {
+		t.Run(tC.desc, func(t *testing.T) {
+			assert.Equal(t, tC.expected, parseIP(tC.input))
+		})
+	}
+}