Skip to content

Commit

Permalink
HPCC-30850 JTrace accept credentials through secrets
Browse files Browse the repository at this point in the history 
- Reads OTLPGRCP cert from secret
- Provides sample configuration

Signed-off-by: Rodrigo Pastrana <[email protected]>
  • Loading branch information
@rpastrana
rpastrana committed Jul 9, 2024
1 parent d61a28a commit 8e15705
Show file tree
Hide file tree
Showing 2 changed files with 63 additions and 3 deletions.
18 changes: 18 additions & 0 deletions helm/examples/tracing/otlp-grpc-collector-k8s-Secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
global:
tracing:
exporters:
- type: OTLP-GRPC
endpoint: "http://myotelcollector-opentelemetry-collector.default.svc.cluster.local:4317"
useSslCredentials: true
sslCertSecretCategory: "esp"
sslCertSecretName: "jtrace-credentials"
batch:
enabled: true
secrets:
esp:
jtrace-logaccess: "jtrace-credentials"
vaults:
esp:
- name: my-jtrace-credentials-vault
url: http://${env.VAULT_SERVICE_HOST}:${env.VAULT_SERVICE_PORT}/v1/secret/data/esp/${secret}
kind: kv-v2
48 changes: 45 additions & 3 deletions system/jlib/jtrace.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,8 @@
//This seems to be defined in some window builds - avoid conflicts with the functions below
#undef max

#include "jsecrets.hpp"

namespace context = opentelemetry::context;
namespace nostd = opentelemetry::nostd;
namespace opentel_trace = opentelemetry::trace;
Expand Down Expand Up @@ -1224,9 +1226,49 @@ std::unique_ptr<opentelemetry::sdk::trace::SpanExporter> CTraceManager::createEx

if (opts.use_ssl_credentials)
{
StringBuffer sslCACertPath;
exportConfig->getProp("@sslCredentialsCACertPath", sslCACertPath);
opts.ssl_credentials_cacert_path = sslCACertPath.str();
StringBuffer cacert;

if (exportConfig->hasProp("@sslCertSecretName"))
{
StringBuffer secretName;
exportConfig->getProp("@sslCertSecretName", secretName);

if (exportConfig->hasProp("@sslCertSecretCategory"))
{
StringBuffer secretCategory;
exportConfig->getProp("@sslCertSecretCategory", secretCategory);

DBGLOG("JTrace: loading OTLP-GRPC 'cacert' from secret '%s' category '%s'", secretName.str(), secretCategory.str());
Owned<const IPropertyTree> secretTree = getSecret(secretCategory.str(), secretName.str());
if (secretTree)
{
DBGLOG("JTrace: secret tree created, searching for 'cacert' from secret '%s'", secretName.str());
getSecretKeyValue(cacert.clear(), secretTree, "cacert");
if (isEmptyString(cacert.str()))
DBGLOG("JTrace: Could not load OTLP-GRPC 'cacert' from secret '%s'", secretName.str());
opts.ssl_credentials_cacert_as_string = cacert.str();
}
else
{
DBGLOG("JTrace: Could not load secret '%s'", secretName.str());
}
}
else
{
DBGLOG("JTrace: OTLP-GRPC configuration missing 'sslCertSecretCategory' attribute!");
}
}

if (isEmptyString(cacert.str()))
{
StringBuffer sslCACertPath;
if (exportConfig->hasProp("@sslCredentialsCACertPath"))
{
DBGLOG("JTrace: loading OTLP-GRPC 'cacert path'");
exportConfig->getProp("@sslCredentialsCACertPath", sslCACertPath);
opts.ssl_credentials_cacert_path = sslCACertPath.str();
}
}
}

if (exportConfig->hasProp("@timeOutSecs")) //grpc deadline timeout in seconds
Expand Down

0 comments on commit 8e15705

Please sign in to comment.