OTLP exporter: Handle error case when no credentials supplied#1366
OTLP exporter: Handle error case when no credentials supplied#1366lzchen merged 7 commits intoopen-telemetry:masterfrom
Conversation
Signed-off-by: Abhilash Gnan <abhilashgnan@gmail.com>
jan25
requested review from
a team,
lzchen and
toumorokoshi
and removed request for
a team
jan25
changed the title
Signed-off-by: Abhilash Gnan <abhilashgnan@gmail.com>
| credentials is None | ||
| and Configuration().EXPORTER_OTLP_CERTIFICATE is None | ||
| ): | ||
| raise ValueError("No credentials set in secure mode.") |
There was a problem hiding this comment.
any advantage to raising an exception here and not default to using grpc.ssl_channel_credentials()?
There was a problem hiding this comment.
This case is when insecure=False which is by default. Without this custom error handling it would break deep in stack inside grpc library without a useful message. Or can we handle this in a better way?
There was a problem hiding this comment.
It's probably reasonable. I don't know how bad the original error is but asserting invalid configurations is certainly helpful.
There was a problem hiding this comment.
@jan25 my suggestion here was that using ssl_channel_credentials without any parameters would work in the case of a secure connection as it will load the root certificate from a default location:
https://grpc.github.io/grpc/python/grpc.html#create-client-credentials
There was a problem hiding this comment.
I like this idea, perhaps we need to update the spec before using default location? Also, i was wrong about grpc library erroring. Actually it was open(filename) thats erroring when no cert location is set and filename=None.
There was a problem hiding this comment.
@jan25 if it violates the spec to look for ssl credentials in the secure case before failing, then agreed we should amend the spec.
Can you file an issue? Or do you want someone else to handle that conversation?
There was a problem hiding this comment.
Hi @toumorokoshi I recently learnt grpc python library has the default certificate path support, so i don't have 100% context of this. Could someone else open an issue in spec repo about this?
toumorokoshi
left a comment
toumorokoshi
left a comment
There was a problem hiding this comment.
Sorry, can you add an entry in the changelog? It's not serious, but probably worth calling out new behavior of a raised ValueError.
|
Thanks @toumorokoshi ! I've updated CHANGELOG. |
toumorokoshi
left a comment
toumorokoshi
left a comment
There was a problem hiding this comment.
Thanks! Would definitely be good to have a follow-up item on the use of default ssl credentials, great catch codeboten!
|
Looks like a sdk test is flaky. Could we rerun the CI? |
5 participants
Signed-off-by: Abhilash Gnan abhilashgnan@gmail.com
Description
Env var support for OTLP exporter was added in #1101. There is a error case(#1101 (comment)) which needs to be handled when
credentialsis not available in case ofinsecure=False(default).This PR adds a
ValueErrorfor such case. Also, modified sample code to haveinsecure=True.Type of change
Please delete options that are not relevant.
Checklist: