From 0bdc6d2b4de8da9acc5ce6c3950060f26a09d061 Mon Sep 17 00:00:00 2001
From: Pavel <177363085+pkcll@users.noreply.github.com>
Date: Fri, 9 Aug 2024 10:16:24 -0400
Subject: [PATCH] Beholder: add support for TLS connection to OTel Collector

---
 pkg/beholder/client.go      | 24 +++++++++++++++++-------
 pkg/beholder/config.go      |  9 ++++++---
 pkg/beholder/config_test.go |  5 +++--
 3 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/pkg/beholder/client.go b/pkg/beholder/client.go
index 7f1edd37b..c0e564f80 100644
--- a/pkg/beholder/client.go
+++ b/pkg/beholder/client.go
@@ -19,6 +19,8 @@ import (
 	"go.opentelemetry.io/otel/sdk/trace"
 	sdktrace "go.opentelemetry.io/otel/sdk/trace"
 	oteltrace "go.opentelemetry.io/otel/trace"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/credentials/insecure"
 )
 
 type Emitter interface {
@@ -91,9 +93,17 @@ func newOtelClient(cfg Config, errorHandler errorHandlerFunc, otlploggrpcNew otl
 	if err != nil {
 		return nil, err
 	}
+	var creds credentials.TransportCredentials
+	creds = insecure.NewCredentials()
+	if !cfg.InsecureConnection && cfg.TLSCertFile != "" {
+		creds, err = credentials.NewClientTLSFromFile(cfg.TLSCertFile, "")
+		if err != nil {
+			return nil, err
+		}
+	}
 	sharedLogExporter, err := otlploggrpcNew(
 		ctx,
-		otlploggrpc.WithInsecure(),
+		otlploggrpc.WithTLSCredentials(creds),
 		otlploggrpc.WithEndpoint(cfg.OtelExporterGRPCEndpoint),
 	)
 	if err != nil {
@@ -125,7 +135,7 @@ func newOtelClient(cfg Config, errorHandler errorHandlerFunc, otlploggrpcNew otl
 	otelglobal.SetLoggerProvider(loggerProvider)
 
 	// Tracer
-	tracerProvider, err := newTracerProvider(cfg, baseResource)
+	tracerProvider, err := newTracerProvider(cfg, baseResource, creds)
 	if err != nil {
 		return nil, err
 	}
@@ -134,7 +144,7 @@ func newOtelClient(cfg Config, errorHandler errorHandlerFunc, otlploggrpcNew otl
 	otel.SetTextMapPropagator(propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{}))
 
 	// Meter
-	meterProvider, err := newMeterProvider(cfg, baseResource)
+	meterProvider, err := newMeterProvider(cfg, baseResource, creds)
 	if err != nil {
 		return nil, err
 	}
@@ -276,11 +286,11 @@ func closeFunc(ctx context.Context, providers ...otelProvider) func() error {
 	}
 }
 
-func newTracerProvider(config Config, resource *sdkresource.Resource) (*sdktrace.TracerProvider, error) {
+func newTracerProvider(config Config, resource *sdkresource.Resource, creds credentials.TransportCredentials) (*sdktrace.TracerProvider, error) {
 	ctx := context.Background()
 
 	exporter, err := otlptracegrpc.New(ctx,
-		otlptracegrpc.WithInsecure(),
+		otlptracegrpc.WithTLSCredentials(creds),
 		otlptracegrpc.WithEndpoint(config.OtelExporterGRPCEndpoint),
 	)
 	if err != nil {
@@ -299,12 +309,12 @@ func newTracerProvider(config Config, resource *sdkresource.Resource) (*sdktrace
 	return tp, nil
 }
 
-func newMeterProvider(config Config, resource *sdkresource.Resource) (*sdkmetric.MeterProvider, error) {
+func newMeterProvider(config Config, resource *sdkresource.Resource, creds credentials.TransportCredentials) (*sdkmetric.MeterProvider, error) {
 	ctx := context.Background()
 
 	exporter, err := otlpmetricgrpc.New(
 		ctx,
-		otlpmetricgrpc.WithInsecure(),
+		otlpmetricgrpc.WithTLSCredentials(creds),
 		otlpmetricgrpc.WithEndpoint(config.OtelExporterGRPCEndpoint),
 	)
 	if err != nil {
diff --git a/pkg/beholder/config.go b/pkg/beholder/config.go
index c861d502e..4d602d81a 100644
--- a/pkg/beholder/config.go
+++ b/pkg/beholder/config.go
@@ -7,9 +7,11 @@ import (
 )
 
 type Config struct {
-	Enabled                  bool
+	InsecureConnection       bool
+	TLSCertFile              string
 	OtelExporterGRPCEndpoint string
-	PackageName              string
+
+	PackageName string
 	// OTel Resource
 	ResourceAttributes map[string]string
 	// EventEmitter
@@ -29,7 +31,8 @@ var defaultOtelAttributes = map[string]string{
 
 func DefaultConfig() Config {
 	return Config{
-		Enabled:                  true,
+		InsecureConnection:       true,
+		TLSCertFile:              "",
 		OtelExporterGRPCEndpoint: "localhost:4317",
 		PackageName:              "beholder",
 		// Resource
diff --git a/pkg/beholder/config_test.go b/pkg/beholder/config_test.go
index fbdbf4487..40349e88e 100644
--- a/pkg/beholder/config_test.go
+++ b/pkg/beholder/config_test.go
@@ -13,7 +13,8 @@ const (
 
 func ExampleConfig() {
 	config := beholder.Config{
-		Enabled:                  true,
+		InsecureConnection:       true,
+		TLSCertFile:              "",
 		OtelExporterGRPCEndpoint: "localhost:4317",
 		PackageName:              packageName,
 		// Resource
@@ -33,5 +34,5 @@ func ExampleConfig() {
 	}
 	fmt.Printf("%+v", config)
 	// Output:
-	// {Enabled:true OtelExporterGRPCEndpoint:localhost:4317 PackageName:beholder ResourceAttributes:map[package_name:beholder sender:beholdeclient] EmitterExportTimeout:1s TraceSampleRate:1 TraceBatchTimeout:1s MetricReaderInterval:1s LogExportTimeout:1s}
+	// {InsecureConnection:true TLSCertFile: OtelExporterGRPCEndpoint:localhost:4317 PackageName:beholder ResourceAttributes:map[package_name:beholder sender:beholdeclient] EmitterExportTimeout:1s TraceSampleRate:1 TraceBatchTimeout:1s MetricReaderInterval:1s LogExportTimeout:1s}
 }