Followup on tracing (#10338)

* Simplify code by letting common deal with empty TLS config * Improve error message if we notice a user is putting an authorization header into its configuration. Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
2024-09-19 23:37:31 -07:00 · 2022-02-22 21:44:36 +01:00 · 2022-02-22 21:44:36 +01:00 · fb2da1f26a
parent 0acbe5e3f5
commit fb2da1f26a
4 changed files with 30 additions and 17 deletions
--- a/config/config.go
+++ b/config/config.go
@ -558,7 +558,7 @@ func (t *TracingConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
 		return err
 	}

-	if err := validateHeaders(t.Headers); err != nil {
+	if err := validateHeadersForTracing(t.Headers); err != nil {
 		return err
 	}

@ -805,6 +805,18 @@ func (c *RemoteWriteConfig) UnmarshalYAML(unmarshal func(interface{}) error) err
 	return nil
 }

+func validateHeadersForTracing(headers map[string]string) error {
+	for header := range headers {
+		if strings.ToLower(header) == "authorization" {
+			return errors.New("custom authorization header configuration is not yet supported")
+		}
+		if _, ok := reservedHeaders[strings.ToLower(header)]; ok {
+			return errors.Errorf("%s is a reserved header. It must not be changed", header)
+		}
+	}
+	return nil
+}
+
 func validateHeaders(headers map[string]string) error {
 	for header := range headers {
 		if strings.ToLower(header) == "authorization" {
--- a/config/config_test.go
+++ b/config/config_test.go
@ -1464,6 +1464,10 @@ var expectedErrors = []struct {
 		filename: "tracing_invalid_header.bad.yml",
 		errMsg:   "x-prometheus-remote-write-version is a reserved header. It must not be changed",
 	},
+	{
+		filename: "tracing_invalid_authorization_header.bad.yml",
+		errMsg:   "authorization header configuration is not yet supported",
+	},
 	{
 		filename: "tracing_invalid_compression.bad.yml",
 		errMsg:   "invalid compression type foo provided, valid options: gzip",
--- a/config/testdata/tracing_invalid_authorization_header.bad.yml
+++ b/config/testdata/tracing_invalid_authorization_header.bad.yml
@ -0,0 +1,5 @@
+tracing:
+  sampling_fraction: 1
+  endpoint: "localhost:4317"
+  headers:
+    "authorization": foo
--- a/tracing/tracing.go
+++ b/tracing/tracing.go
@ -194,15 +194,11 @@ func getClient(tracingCfg config.TracingConfig) (otlptrace.Client, error) {
 			opts = append(opts, otlptracegrpc.WithTimeout(time.Duration(tracingCfg.Timeout)))
 		}

-		// Configure TLS only if config is not empty.
-		var blankTLSConfig config_util.TLSConfig
-		if tracingCfg.TLSConfig != blankTLSConfig {
-			tlsConf, err := config_util.NewTLSConfig(&tracingCfg.TLSConfig)
-			if err != nil {
-				return nil, err
-			}
-			opts = append(opts, otlptracegrpc.WithTLSCredentials(credentials.NewTLS(tlsConf)))
+		tlsConf, err := config_util.NewTLSConfig(&tracingCfg.TLSConfig)
+		if err != nil {
+			return nil, err
 		}
+		opts = append(opts, otlptracegrpc.WithTLSCredentials(credentials.NewTLS(tlsConf)))

 		client = otlptracegrpc.NewClient(opts...)
 	case config.TracingClientHTTP:
@ -221,15 +217,11 @@ func getClient(tracingCfg config.TracingConfig) (otlptrace.Client, error) {
 			opts = append(opts, otlptracehttp.WithTimeout(time.Duration(tracingCfg.Timeout)))
 		}

-		// Configure TLS only if config is not empty.
-		var blankTLSConfig config_util.TLSConfig
-		if tracingCfg.TLSConfig != blankTLSConfig {
-			tlsConf, err := config_util.NewTLSConfig(&tracingCfg.TLSConfig)
-			if err != nil {
-				return nil, err
-			}
-			opts = append(opts, otlptracehttp.WithTLSClientConfig(tlsConf))
+		tlsConf, err := config_util.NewTLSConfig(&tracingCfg.TLSConfig)
+		if err != nil {
+			return nil, err
 		}
+		opts = append(opts, otlptracehttp.WithTLSClientConfig(tlsConf))

 		client = otlptracehttp.NewClient(opts...)
 	}