Merge branch 'main' into jm-prom-translation-rw2-add-support-for-labels

open-telemetry · Oct 14, 2024 · 2073e6e · 2073e6e
2 parents 9c9df79 + 0a6bb8a
commit 2073e6e
Show file tree

Hide file tree

Showing 10 changed files with 235 additions and 45 deletions.
diff --git a/.chloggen/stanza-windows-remote-session-leak.yaml b/.chloggen/stanza-windows-remote-session-leak.yaml
@@ -0,0 +1,27 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: bug_fix
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: stanza/input/windows
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Close remote session while resubscribing
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [35577]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: []
diff --git a/.chloggen/telemetrygen-insecureskipverify.yaml b/.chloggen/telemetrygen-insecureskipverify.yaml
@@ -0,0 +1,27 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: bug_fix
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: telemetrygen
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Enable the `--otlp-insecure-skip-verify` flag
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [35735]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: [user]
diff --git a/cmd/githubgen/allowlist.txt b/cmd/githubgen/allowlist.txt
@@ -23,4 +23,4 @@ m1rp
 jriguera
 abhishek-at-cloudwerx
 joker-star-l
-ArthurSens
+michael-burt
diff --git a/cmd/telemetrygen/go.mod b/cmd/telemetrygen/go.mod
@@ -23,6 +23,7 @@ require (
 	go.opentelemetry.io/otel/sdk/log v0.6.0
 	go.opentelemetry.io/otel/sdk/metric v1.30.0
 	go.opentelemetry.io/otel/trace v1.30.0
+	go.opentelemetry.io/proto/otlp v1.3.1
 	go.uber.org/goleak v1.3.0
 	go.uber.org/zap v1.27.0
 	golang.org/x/time v0.7.0
@@ -45,7 +46,6 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	go.opentelemetry.io/collector/config/configtelemetry v0.111.1-0.20241008154146-ea48c09c31ae // indirect
 	go.opentelemetry.io/otel/metric v1.30.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/net v0.29.0 // indirect
 	golang.org/x/sys v0.25.0 // indirect

diff --git a/cmd/telemetrygen/internal/common/tls_utils.go b/cmd/telemetrygen/internal/common/tls_utils.go
@@ -28,52 +28,37 @@ func caPool(caFile string) (*x509.CertPool, error) {
 	return pool, nil
 }
 
-func GetTLSCredentialsForGRPCExporter(caFile string, cAuth ClientAuth) (credentials.TransportCredentials, error) {
-
-	pool, err := caPool(caFile)
+func GetTLSCredentialsForGRPCExporter(
+	caFile string,
+	cAuth ClientAuth,
+	insecureSkipVerify bool,
+) (credentials.TransportCredentials, error) {
+	tlsConfig, err := getTLSConfig(caFile, cAuth, insecureSkipVerify)
 	if err != nil {
 		return nil, err
 	}
+	return credentials.NewTLS(tlsConfig), nil
+}
 
-	var creds credentials.TransportCredentials
-
-	if caFile != "" {
-		creds = credentials.NewTLS(&tls.Config{
-			RootCAs: pool,
-		})
-	} else {
-		creds = credentials.NewTLS(&tls.Config{})
-	}
-
-	// Configuration for mTLS
-	if cAuth.Enabled {
-		keypair, err := tls.LoadX509KeyPair(cAuth.ClientCertFile, cAuth.ClientKeyFile)
-		if err != nil {
-			return nil, err
-		}
-		creds = credentials.NewTLS(&tls.Config{
-			RootCAs:      pool,
-			Certificates: []tls.Certificate{keypair},
-		})
-	}
-
-	return creds, nil
+func GetTLSCredentialsForHTTPExporter(
+	caFile string,
+	cAuth ClientAuth,
+	insecureSkipVerify bool,
+) (*tls.Config, error) {
+	return getTLSConfig(caFile, cAuth, insecureSkipVerify)
 }
 
-func GetTLSCredentialsForHTTPExporter(caFile string, cAuth ClientAuth) (*tls.Config, error) {
-	pool, err := caPool(caFile)
-	if err != nil {
-		return nil, err
+func getTLSConfig(caFile string, cAuth ClientAuth, insecureSkipVerify bool) (*tls.Config, error) {
+	tlsCfg := tls.Config{
+		InsecureSkipVerify: insecureSkipVerify,
 	}
 
-	var tlsCfg tls.Config
-
 	if caFile != "" {
-		tlsCfg = tls.Config{
-			RootCAs: pool,
+		pool, err := caPool(caFile)
+		if err != nil {
+			return nil, err
 		}
-	} else {
-		tlsCfg = tls.Config{}
+		tlsCfg.RootCAs = pool
 	}
 
 	// Configuration for mTLS
@@ -82,7 +67,6 @@ func GetTLSCredentialsForHTTPExporter(caFile string, cAuth ClientAuth) (*tls.Con
 		if err != nil {
 			return nil, err
 		}
-		tlsCfg.ClientAuth = tls.RequireAndVerifyClientCert
 		tlsCfg.Certificates = []tls.Certificate{keypair}
 	}
 	return &tlsCfg, nil

diff --git a/cmd/telemetrygen/internal/logs/exporter.go b/cmd/telemetrygen/internal/logs/exporter.go
@@ -22,7 +22,9 @@ func grpcExporterOptions(cfg *Config) ([]otlploggrpc.Option, error) {
 	if cfg.Insecure {
 		grpcExpOpt = append(grpcExpOpt, otlploggrpc.WithInsecure())
 	} else {
-		credentials, err := common.GetTLSCredentialsForGRPCExporter(cfg.CaFile, cfg.ClientAuth)
+		credentials, err := common.GetTLSCredentialsForGRPCExporter(
+			cfg.CaFile, cfg.ClientAuth, cfg.InsecureSkipVerify,
+		)
 		if err != nil {
 			return nil, fmt.Errorf("failed to get TLS credentials: %w", err)
 		}
@@ -47,7 +49,9 @@ func httpExporterOptions(cfg *Config) ([]otlploghttp.Option, error) {
 	if cfg.Insecure {
 		httpExpOpt = append(httpExpOpt, otlploghttp.WithInsecure())
 	} else {
-		tlsCfg, err := common.GetTLSCredentialsForHTTPExporter(cfg.CaFile, cfg.ClientAuth)
+		tlsCfg, err := common.GetTLSCredentialsForHTTPExporter(
+			cfg.CaFile, cfg.ClientAuth, cfg.InsecureSkipVerify,
+		)
 		if err != nil {
 			return nil, fmt.Errorf("failed to get TLS credentials: %w", err)
 		}

diff --git a/cmd/telemetrygen/internal/metrics/exporter.go b/cmd/telemetrygen/internal/metrics/exporter.go
@@ -22,7 +22,9 @@ func grpcExporterOptions(cfg *Config) ([]otlpmetricgrpc.Option, error) {
 	if cfg.Insecure {
 		grpcExpOpt = append(grpcExpOpt, otlpmetricgrpc.WithInsecure())
 	} else {
-		credentials, err := common.GetTLSCredentialsForGRPCExporter(cfg.CaFile, cfg.ClientAuth)
+		credentials, err := common.GetTLSCredentialsForGRPCExporter(
+			cfg.CaFile, cfg.ClientAuth, cfg.InsecureSkipVerify,
+		)
 		if err != nil {
 			return nil, fmt.Errorf("failed to get TLS credentials: %w", err)
 		}
@@ -47,7 +49,9 @@ func httpExporterOptions(cfg *Config) ([]otlpmetrichttp.Option, error) {
 	if cfg.Insecure {
 		httpExpOpt = append(httpExpOpt, otlpmetrichttp.WithInsecure())
 	} else {
-		tlsCfg, err := common.GetTLSCredentialsForHTTPExporter(cfg.CaFile, cfg.ClientAuth)
+		tlsCfg, err := common.GetTLSCredentialsForHTTPExporter(
+			cfg.CaFile, cfg.ClientAuth, cfg.InsecureSkipVerify,
+		)
 		if err != nil {
 			return nil, fmt.Errorf("failed to get TLS credentials: %w", err)
 		}

diff --git a/cmd/telemetrygen/internal/traces/exporter.go b/cmd/telemetrygen/internal/traces/exporter.go
@@ -22,7 +22,9 @@ func grpcExporterOptions(cfg *Config) ([]otlptracegrpc.Option, error) {
 	if cfg.Insecure {
 		grpcExpOpt = append(grpcExpOpt, otlptracegrpc.WithInsecure())
 	} else {
-		credentials, err := common.GetTLSCredentialsForGRPCExporter(cfg.CaFile, cfg.ClientAuth)
+		credentials, err := common.GetTLSCredentialsForGRPCExporter(
+			cfg.CaFile, cfg.ClientAuth, cfg.InsecureSkipVerify,
+		)
 		if err != nil {
 			return nil, fmt.Errorf("failed to get TLS credentials: %w", err)
 		}
@@ -47,7 +49,9 @@ func httpExporterOptions(cfg *Config) ([]otlptracehttp.Option, error) {
 	if cfg.Insecure {
 		httpExpOpt = append(httpExpOpt, otlptracehttp.WithInsecure())
 	} else {
-		tlsCfg, err := common.GetTLSCredentialsForHTTPExporter(cfg.CaFile, cfg.ClientAuth)
+		tlsCfg, err := common.GetTLSCredentialsForHTTPExporter(
+			cfg.CaFile, cfg.ClientAuth, cfg.InsecureSkipVerify,
+		)
 		if err != nil {
 			return nil, fmt.Errorf("failed to get TLS credentials: %w", err)
 		}

diff --git a/cmd/telemetrygen/internal/traces/exporter_test.go b/cmd/telemetrygen/internal/traces/exporter_test.go
@@ -0,0 +1,137 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package traces
+
+import (
+	"context"
+	"encoding/pem"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp"
+	tracepb "go.opentelemetry.io/proto/otlp/trace/v1"
+
+	"github.com/open-telemetry/opentelemetry-collector-contrib/cmd/telemetrygen/internal/common"
+)
+
+func TestHTTPExporterOptions_TLS(t *testing.T) {
+	// TODO add test cases for mTLS
+	for name, tc := range map[string]struct {
+		tls         bool
+		tlsServerCA bool // use the httptest.Server's TLS cert as the CA
+		cfg         Config
+
+		expectTransportError bool
+	}{
+		"Insecure": {
+			tls: false,
+			cfg: Config{Config: common.Config{Insecure: true}},
+		},
+		"InsecureSkipVerify": {
+			tls: true,
+			cfg: Config{Config: common.Config{InsecureSkipVerify: true}},
+		},
+		"InsecureSkipVerifyDisabled": {
+			tls:                  true,
+			expectTransportError: true,
+		},
+		"CaFile": {
+			tls:         true,
+			tlsServerCA: true,
+		},
+	} {
+		t.Run(name, func(t *testing.T) {
+			var called bool
+			var h http.HandlerFunc = func(http.ResponseWriter, *http.Request) {
+				called = true
+			}
+			var srv *httptest.Server
+			if tc.tls {
+				srv = httptest.NewTLSServer(h)
+			} else {
+				srv = httptest.NewServer(h)
+			}
+			defer srv.Close()
+			srvURL, _ := url.Parse(srv.URL)
+
+			cfg := tc.cfg
+			cfg.CustomEndpoint = srvURL.Host
+			if tc.tlsServerCA {
+				caFile := filepath.Join(t.TempDir(), "cert.pem")
+				err := os.WriteFile(caFile, pem.EncodeToMemory(&pem.Block{
+					Type:  "CERTIFICATE",
+					Bytes: srv.TLS.Certificates[0].Certificate[0],
+				}), 0600)
+				require.NoError(t, err)
+				cfg.CaFile = caFile
+			}
+
+			opts, err := httpExporterOptions(&cfg)
+			require.NoError(t, err)
+			client := otlptracehttp.NewClient(opts...)
+
+			err = client.UploadTraces(context.Background(), []*tracepb.ResourceSpans{})
+			if tc.expectTransportError {
+				require.Error(t, err)
+				assert.False(t, called)
+			} else {
+				require.NoError(t, err)
+				assert.True(t, called)
+			}
+		})
+	}
+}
+
+func TestHTTPExporterOptions_HTTP(t *testing.T) {
+	for name, tc := range map[string]struct {
+		cfg Config
+
+		expectedHTTPPath string
+		expectedHeader   http.Header
+	}{
+		"HTTPPath": {
+			cfg:              Config{Config: common.Config{HTTPPath: "/foo"}},
+			expectedHTTPPath: "/foo",
+		},
+		"Headers": {
+			cfg: Config{
+				Config: common.Config{Headers: map[string]any{"a": "b"}},
+			},
+			expectedHTTPPath: "/v1/traces",
+			expectedHeader:   http.Header{"a": []string{"b"}},
+		},
+	} {
+		t.Run(name, func(t *testing.T) {
+			var httpPath string
+			var header http.Header
+			var h http.HandlerFunc = func(_ http.ResponseWriter, r *http.Request) {
+				httpPath = r.URL.Path
+				header = r.Header
+			}
+			srv := httptest.NewServer(h)
+			defer srv.Close()
+			srvURL, _ := url.Parse(srv.URL)
+
+			cfg := tc.cfg
+			cfg.Insecure = true
+			cfg.CustomEndpoint = srvURL.Host
+			opts, err := httpExporterOptions(&cfg)
+			require.NoError(t, err)
+			client := otlptracehttp.NewClient(opts...)
+
+			err = client.UploadTraces(context.Background(), []*tracepb.ResourceSpans{})
+			require.NoError(t, err)
+			assert.Equal(t, tc.expectedHTTPPath, httpPath)
+			for k, expected := range tc.expectedHeader {
+				assert.Equal(t, expected, []string{header.Get(k)})
+			}
+		})
+	}
+}
diff --git a/pkg/stanza/operator/input/windows/input.go b/pkg/stanza/operator/input/windows/input.go
@@ -201,6 +201,9 @@ func (i *Input) read(ctx context.Context) {
 				i.Logger().Error("Failed to close remote subscription", zap.Error(closeErr))
 				return
 			}
+			if err := i.stopRemoteSession(); err != nil {
+				i.Logger().Error("Failed to close remote session", zap.Error(err))
+			}
 			i.Logger().Info("Resubscribing, creating remote subscription")
 			i.subscription = NewRemoteSubscription(i.remote.Server)
 			if err := i.startRemoteSession(); err != nil {