fix: allow tls without a custom certificate (telekom#212)

* fix: allow tls without a custom certificate

Signed-off-by: Niklas Treml <[email protected]>

* fix: ignore linter

Signed-off-by: Niklas Treml <[email protected]>

* refactor: early returns

Signed-off-by: Niklas Treml <[email protected]>

---------

Signed-off-by: Niklas Treml <[email protected]>

README.md

@@ -667,9 +667,12 @@ telemetry:
   # The token to use for authentication.
   # If the exporter does not require a token, this can be left empty.
   token: ""
-  # The path to the tls certificate to use.
-  # To disable tls, either set this to an empty string or set it to insecure.
-  certPath: ""
+  tls:
+    # Enable or disable TLS
+    enabled: true
+    # The path to the tls certificate to use.
+    # Only required if your otel endpoint uses custom TLS certificates
+    certPath: ""
 ```
 
 Since [OTLP](https://opentelemetry.io/docs/specs/otlp/) is a standard protocol, you can choose any collector that supports it. The `stdout` exporter can be used for debugging purposes to print telemetry data to the console, while the `noop` exporter disables telemetry. If an external collector is used, a bearer token for authentication and a TLS certificate path for secure communication can be provided.

pkg/sparrow/metrics/config.go

@@ -34,9 +34,14 @@ type Config struct {
 	// Url is the Url of the collector to which the traces are exported
 	Url string `yaml:"url" mapstructure:"url"`
 	// Token is the token used to authenticate with the collector
-	Token string `yaml:"token" mapstructure:"token"`
+	Token string    `yaml:"token" mapstructure:"token"`
+	Tls   TLSConfig `yaml:"tls" mapstructure:"tls"`
+}
+
+type TLSConfig struct {
 	// CertPath is the path to the tls certificate file
 	CertPath string `yaml:"certPath" mapstructure:"certPath"`
+	Enabled  bool   `yaml:"enabled" mapstructure:"enabled"`
 }
 
 func (c *Config) Validate(ctx context.Context) error {

pkg/sparrow/metrics/exporter.go

@@ -100,8 +100,10 @@ func newHTTPExporter(ctx context.Context, config *Config) (sdktrace.SpanExporter
 		otlptracehttp.WithEndpoint(config.Url),
 		otlptracehttp.WithHeaders(headers),
 	}
-	if tlsCfg != nil {
-		opts = append(opts, otlptracehttp.WithTLSClientConfig(tlsCfg))
+	if config.Tls.Enabled {
+		if tlsCfg != nil {
+			opts = append(opts, otlptracehttp.WithTLSClientConfig(tlsCfg))
+		}
 	} else {
 		opts = append(opts, otlptracehttp.WithInsecure())
 	}
@@ -120,10 +122,13 @@ func newGRPCExporter(ctx context.Context, config *Config) (sdktrace.SpanExporter
 		otlptracegrpc.WithEndpoint(config.Url),
 		otlptracegrpc.WithHeaders(headers),
 	}
+
+	if !config.Tls.Enabled {
+		opts = append(opts, otlptracegrpc.WithInsecure())
+		return otlptracegrpc.New(ctx, opts...)
+	}
 	if tlsCfg != nil {
 		opts = append(opts, otlptracegrpc.WithTLSCredentials(credentials.NewTLS(tlsCfg)))
-	} else {
-		opts = append(opts, otlptracegrpc.WithInsecure())
 	}
 
 	return otlptracegrpc.New(ctx, opts...)
@@ -146,12 +151,15 @@ func getCommonConfig(config *Config) (map[string]string, *tls.Config, error) {
 		headers["Authorization"] = fmt.Sprintf("Bearer %s", config.Token)
 	}
 
-	tlsCfg, err := getTLSConfig(config.CertPath)
-	if err != nil {
-		return nil, nil, fmt.Errorf("failed to create TLS configuration: %w", err)
+	if config.Tls.Enabled {
+		tlsCfg, err := getTLSConfig(config.Tls.CertPath)
+		if err != nil {
+			return nil, nil, fmt.Errorf("failed to create TLS configuration: %w", err)
+		}
+		return headers, tlsCfg, nil
 	}
 
-	return headers, tlsCfg, nil
+	return headers, nil, nil
 }
 
 // FileOpener is the function used to open a file
@@ -165,7 +173,7 @@ var openFile FileOpener = func() FileOpener {
 }()
 
 func getTLSConfig(certFile string) (conf *tls.Config, err error) {
-	if certFile == "" || certFile == "insecure" {
+	if certFile == "" {
 		return nil, nil
 	}
 

pkg/sparrow/metrics/metrics.go

@@ -52,6 +52,8 @@ type manager struct {
 }
 
 // New initializes the metrics and returns the PrometheusMetrics
+//
+//nolint:gocritic
 func New(config Config) Provider {
 	registry := prometheus.NewRegistry()