From de6ad7a870efff34198739b7f0699afde9e1595e Mon Sep 17 00:00:00 2001 From: patrickhuie19 Date: Tue, 21 Nov 2023 22:18:42 -0500 Subject: [PATCH] feature/tracing-credentials: 'secure' --> 'tls' and 'insecure' --> 'unencrypted' --- GNUmakefile | 2 +- core/cmd/cosmos_node_commands_test.go | 4 - core/cmd/solana_node_commands_test.go | 8 -- core/cmd/starknet_node_commands_test.go | 4 - core/config/docs/core.toml | 4 +- core/config/toml/types.go | 47 +++++--- core/config/toml/types_test.go | 104 ++++++++++++++---- core/services/chainlink/config.go | 13 ++- core/services/chainlink/config_test.go | 80 +++++++++++++- .../services/chainlink/config_tracing_test.go | 4 +- .../testdata/config-empty-effective.toml | 2 +- .../chainlink/testdata/config-full.toml | 2 +- .../config-multi-chain-effective.toml | 2 +- .../testdata/config-empty-effective.toml | 2 +- core/web/resolver/testdata/config-full.toml | 2 +- .../config-multi-chain-effective.toml | 2 +- docs/CONFIG.md | 6 +- integration-tests/types/config/node/core.go | 2 +- plugins/loop_registry_test.go | 2 +- testdata/scripts/node/validate/default.txtar | 2 +- .../disk-based-logging-disabled.txtar | 2 +- .../validate/disk-based-logging-no-dir.txtar | 2 +- .../node/validate/disk-based-logging.txtar | 2 +- testdata/scripts/node/validate/invalid.txtar | 2 +- testdata/scripts/node/validate/valid.txtar | 2 +- testdata/scripts/node/validate/warnings.txtar | 23 +++- 26 files changed, 237 insertions(+), 90 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 1201361c4e9..2801f949682 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -161,4 +161,4 @@ help: @echo " \/ \/ \/ \/ \/ \/" @echo "" @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | \ - awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' \ No newline at end of file + awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' diff --git a/core/cmd/cosmos_node_commands_test.go b/core/cmd/cosmos_node_commands_test.go index edb44a89f4b..728be9396f9 100644 --- a/core/cmd/cosmos_node_commands_test.go +++ b/core/cmd/cosmos_node_commands_test.go @@ -34,11 +34,7 @@ func TestShell_IndexCosmosNodes(t *testing.T) { chainID := cosmostest.RandomChainID() node := coscfg.Node{ Name: ptr("second"), -<<<<<<< HEAD TendermintURL: config.MustParseURL("http://tender.mint.test/bombay-12"), -======= - TendermintURL: relayconfig.MustParseURL("http://tender.mint.test/bombay-12"), ->>>>>>> 34eecf3b1d (feature/tracing-credentials: bumping relay and lint) } chain := coscfg.TOMLConfig{ ChainID: ptr(chainID), diff --git a/core/cmd/solana_node_commands_test.go b/core/cmd/solana_node_commands_test.go index ce0a91f2dab..316cf16212d 100644 --- a/core/cmd/solana_node_commands_test.go +++ b/core/cmd/solana_node_commands_test.go @@ -35,19 +35,11 @@ func TestShell_IndexSolanaNodes(t *testing.T) { id := solanatest.RandomChainID() node1 := solcfg.Node{ Name: ptr("first"), -<<<<<<< HEAD URL: config.MustParseURL("https://solana1.example"), } node2 := solcfg.Node{ Name: ptr("second"), URL: config.MustParseURL("https://solana2.example"), -======= - URL: relayconfig.MustParseURL("https://solana1.example"), - } - node2 := solcfg.Node{ - Name: ptr("second"), - URL: relayconfig.MustParseURL("https://solana2.example"), ->>>>>>> 34eecf3b1d (feature/tracing-credentials: bumping relay and lint) } chain := solana.TOMLConfig{ ChainID: &id, diff --git a/core/cmd/starknet_node_commands_test.go b/core/cmd/starknet_node_commands_test.go index 4473dfa4eab..0347cdd18f7 100644 --- a/core/cmd/starknet_node_commands_test.go +++ b/core/cmd/starknet_node_commands_test.go @@ -9,11 +9,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" -<<<<<<< HEAD commoncfg "github.com/smartcontractkit/chainlink-common/pkg/config" -======= - relayconfig "github.com/smartcontractkit/chainlink-relay/pkg/config" ->>>>>>> 34eecf3b1d (feature/tracing-credentials: bumping relay and lint) "github.com/smartcontractkit/chainlink-starknet/relayer/pkg/chainlink/config" "github.com/smartcontractkit/chainlink/v2/core/cmd" diff --git a/core/config/docs/core.toml b/core/config/docs/core.toml index e6862a35b9e..dafce15c08d 100644 --- a/core/config/docs/core.toml +++ b/core/config/docs/core.toml @@ -592,8 +592,8 @@ CollectorTarget = 'localhost:4317' # Example NodeID = 'NodeID' # Example # SamplingRatio is the ratio of traces to sample for this node. SamplingRatio = 1.0 # Example -# Mode is a string value. 'secure' or 'insecure' are the only values allowed. If set to 'insecure', TLSCertPath can be unset, meaning traces will be sent over plaintext to the collector. -Mode = 'secure' # Default +# Mode is a string value. 'tls' or 'unencrypted' are the only values allowed. If set to 'unencrypted', TLSCertPath can be unset, meaning traces will be sent over plaintext to the collector. +Mode = 'tls' # Default # TLSCertPath is the file path to the TLS certificate used for secure communication with an OTEL Tracing Collector. TLSCertPath = '/path/to/cert.pem' # Example diff --git a/core/config/toml/types.go b/core/config/toml/types.go index 887ee732660..27c21fcaf1f 100644 --- a/core/config/toml/types.go +++ b/core/config/toml/types.go @@ -1495,30 +1495,39 @@ func (t *Tracing) ValidateConfig() (err error) { } } - if t.CollectorTarget != nil { - ok := isValidURI(*t.CollectorTarget) - if !ok { - err = multierr.Append(err, configutils.ErrInvalid{Name: "CollectorTarget", Value: *t.CollectorTarget, Msg: "must be a valid URI"}) - } - } - if t.Mode != nil { switch *t.Mode { - case "secure": + case "tls": // TLSCertPath must be set if t.TLSCertPath == nil { - err = multierr.Append(err, configutils.ErrMissing{Name: "TLSCertPath", Msg: "must be set when Tracing.Mode is secure"}) + err = multierr.Append(err, configutils.ErrMissing{Name: "TLSCertPath", Msg: "must be set when Tracing.Mode is tls"}) } else { ok := isValidFilePath(*t.TLSCertPath) if !ok { err = multierr.Append(err, configutils.ErrInvalid{Name: "TLSCertPath", Value: *t.TLSCertPath, Msg: "must be a valid file path"}) } } - case "insecure": + case "unencrypted": // no-op default: - // Mode must be either "secure" or "insecure" - err = multierr.Append(err, configutils.ErrInvalid{Name: "Mode", Value: *t.Mode, Msg: "must be either 'secure' or 'insecure'"}) + // Mode must be either "tls" or "unencrypted" + err = multierr.Append(err, configutils.ErrInvalid{Name: "Mode", Value: *t.Mode, Msg: "must be either 'tls' or 'unencrypted'"}) + } + } + + if t.CollectorTarget != nil && t.Mode != nil { + switch *t.Mode { + case "tls": + if !isValidURI(*t.CollectorTarget) { + err = multierr.Append(err, configutils.ErrInvalid{Name: "CollectorTarget", Value: *t.CollectorTarget, Msg: "must be a valid URI"}) + } + case "unencrypted": + // Unencrypted traces can not be sent to external networks + if !isValidLocalURI(*t.CollectorTarget) { + err = multierr.Append(err, configutils.ErrInvalid{Name: "CollectorTarget", Value: *t.CollectorTarget, Msg: "must be a valid local URI"}) + } + default: + // no-op } } @@ -1527,15 +1536,19 @@ func (t *Tracing) ValidateConfig() (err error) { var hostnameRegex = regexp.MustCompile(`^[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*$`) +// Validates uri is valid external or local URI func isValidURI(uri string) bool { if strings.Contains(uri, "://") { - // Standard URI check - _, _ = url.ParseRequestURI(uri) - // TODO: BCF-2703. Handle error. All external addresses currently fail validation until we have secure transport to external networks. - return false + _, err := url.ParseRequestURI(uri) + return err == nil } - // For URIs like "otel-collector:4317" + return isValidLocalURI(uri) +} + +// Validates uri is a valid local URI +// External URIs (e.g. http://) are not valid local URIs, and will return false. +func isValidLocalURI(uri string) bool { parts := strings.Split(uri, ":") if len(parts) == 2 { host, port := parts[0], parts[1] diff --git a/core/config/toml/types_test.go b/core/config/toml/types_test.go index a9232c5b830..e16d3a864da 100644 --- a/core/config/toml/types_test.go +++ b/core/config/toml/types_test.go @@ -185,55 +185,115 @@ func TestTracing_ValidateCollectorTarget(t *testing.T) { tests := []struct { name string collectorTarget *string + mode *string wantErr bool errMsg string }{ { - name: "valid http address", + name: "valid http address in tls mode", + collectorTarget: ptr("https://testing.collector.dev"), + mode: ptr("tls"), + wantErr: false, + }, + { + name: "valid http address in unencrypted mode", collectorTarget: ptr("https://localhost:4317"), - // TODO: BCF-2703. Re-enable when we have secure transport to otel collectors in external networks - wantErr: true, - errMsg: "CollectorTarget: invalid value (https://localhost:4317): must be a valid URI", + mode: ptr("unencrypted"), + wantErr: true, + errMsg: "CollectorTarget: invalid value (https://localhost:4317): must be a valid local URI", }, + // Tracing.Mode = 'tls' { name: "valid localhost address", collectorTarget: ptr("localhost:4317"), + mode: ptr("tls"), wantErr: false, }, { name: "valid docker address", collectorTarget: ptr("otel-collector:4317"), + mode: ptr("tls"), wantErr: false, }, { name: "valid IP address", collectorTarget: ptr("192.168.1.1:4317"), + mode: ptr("tls"), wantErr: false, }, { name: "invalid port", collectorTarget: ptr("localhost:invalid"), wantErr: true, + mode: ptr("tls"), errMsg: "CollectorTarget: invalid value (localhost:invalid): must be a valid URI", }, { name: "invalid address", collectorTarget: ptr("invalid address"), wantErr: true, + mode: ptr("tls"), errMsg: "CollectorTarget: invalid value (invalid address): must be a valid URI", }, { name: "nil CollectorTarget", collectorTarget: ptr(""), wantErr: true, + mode: ptr("tls"), errMsg: "CollectorTarget: invalid value (): must be a valid URI", }, + // Tracing.Mode = 'unencrypted' + { + name: "valid localhost address", + collectorTarget: ptr("localhost:4317"), + mode: ptr("unencrypted"), + wantErr: false, + }, + { + name: "valid docker address", + collectorTarget: ptr("otel-collector:4317"), + mode: ptr("unencrypted"), + wantErr: false, + }, + { + name: "valid IP address", + collectorTarget: ptr("192.168.1.1:4317"), + mode: ptr("unencrypted"), + wantErr: false, + }, + { + name: "invalid port", + collectorTarget: ptr("localhost:invalid"), + wantErr: true, + mode: ptr("unencrypted"), + errMsg: "CollectorTarget: invalid value (localhost:invalid): must be a valid local URI", + }, + { + name: "invalid address", + collectorTarget: ptr("invalid address"), + wantErr: true, + mode: ptr("unencrypted"), + errMsg: "CollectorTarget: invalid value (invalid address): must be a valid local URI", + }, + { + name: "nil CollectorTarget", + collectorTarget: ptr(""), + wantErr: true, + mode: ptr("unencrypted"), + errMsg: "CollectorTarget: invalid value (): must be a valid local URI", + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + var tlsCertPath string + if *tt.mode == "tls" { + tlsCertPath = "/path/to/cert.pem" + } tracing := &Tracing{ Enabled: ptr(true), + TLSCertPath: &tlsCertPath, + Mode: tt.mode, CollectorTarget: tt.collectorTarget, } @@ -310,8 +370,8 @@ func TestTracing_ValidateSamplingRatio(t *testing.T) { } func TestTracing_ValidateTLSCertPath(t *testing.T) { - // tests for Tracing.Mode = 'secure' - secure_tests := []struct { + // tests for Tracing.Mode = 'tls' + tls_tests := []struct { name string tlsCertPath *string wantErr bool @@ -341,8 +401,8 @@ func TestTracing_ValidateTLSCertPath(t *testing.T) { }, } - // tests for Tracing.Mode = 'insecure' - insecure_tests := []struct { + // tests for Tracing.Mode = 'unencrypted' + unencrypted_tests := []struct { name string tlsCertPath *string wantErr bool @@ -370,10 +430,10 @@ func TestTracing_ValidateTLSCertPath(t *testing.T) { }, } - for _, tt := range secure_tests { + for _, tt := range tls_tests { t.Run(tt.name, func(t *testing.T) { tracing := &Tracing{ - Mode: ptr("secure"), + Mode: ptr("tls"), TLSCertPath: tt.tlsCertPath, Enabled: ptr(true), } @@ -389,10 +449,10 @@ func TestTracing_ValidateTLSCertPath(t *testing.T) { }) } - for _, tt := range insecure_tests { + for _, tt := range unencrypted_tests { t.Run(tt.name, func(t *testing.T) { tracing := &Tracing{ - Mode: ptr("insecure"), + Mode: ptr("unencrypted"), TLSCertPath: tt.tlsCertPath, Enabled: ptr(true), } @@ -418,27 +478,27 @@ func TestTracing_ValidateMode(t *testing.T) { errMsg string }{ { - name: "secure mode with valid TLS path", - mode: ptr("secure"), + name: "tls mode with valid TLS path", + mode: ptr("tls"), tlsCertPath: ptr("/path/to/cert.pem"), wantErr: false, }, { - name: "secure mode without TLS path", - mode: ptr("secure"), + name: "tls mode without TLS path", + mode: ptr("tls"), tlsCertPath: nil, wantErr: true, - errMsg: "TLSCertPath: missing: must be set when Tracing.Mode is secure", + errMsg: "TLSCertPath: missing: must be set when Tracing.Mode is tls", }, { - name: "insecure mode with TLS path", - mode: ptr("insecure"), + name: "unencrypted mode with TLS path", + mode: ptr("unencrypted"), tlsCertPath: ptr("/path/to/cert.pem"), wantErr: false, }, { - name: "insecure mode without TLS path", - mode: ptr("insecure"), + name: "unencrypted mode without TLS path", + mode: ptr("unencrypted"), tlsCertPath: nil, wantErr: false, }, @@ -447,7 +507,7 @@ func TestTracing_ValidateMode(t *testing.T) { mode: ptr("unknown"), tlsCertPath: nil, wantErr: true, - errMsg: "Mode: invalid value (unknown): must be either 'secure' or 'insecure'", + errMsg: "Mode: invalid value (unknown): must be either 'tls' or 'unencrypted'", }, } diff --git a/core/services/chainlink/config.go b/core/services/chainlink/config.go index 8c2fa58d44e..5d8b1019e8c 100644 --- a/core/services/chainlink/config.go +++ b/core/services/chainlink/config.go @@ -54,18 +54,19 @@ func (c *Config) TOMLString() (string, error) { // warnings aggregates warnings from valueWarnings and deprecationWarnings func (c *Config) warnings() (err error) { - _, warning := utils.MultiErrorList(c.deprecationWarnings()) - err = c.valueWarnings() - err = multierr.Append(warning, err) - return + deprecationErr := c.deprecationWarnings() + warningErr := c.valueWarnings() + err = multierr.Append(deprecationErr, warningErr) + _, list := utils.MultiErrorList(err) + return list } // valueWarnings returns an error if the Config contains values that hint at misconfiguration before defaults are applied. func (c *Config) valueWarnings() (err error) { if c.Tracing.Enabled != nil && *c.Tracing.Enabled { - if c.Tracing.Mode != nil && *c.Tracing.Mode == "insecure" { + if c.Tracing.Mode != nil && *c.Tracing.Mode == "unencrypted" { if c.Tracing.TLSCertPath != nil { - err = multierr.Append(err, config.ErrInvalid{Name: "Tracing.TLSCertPath", Value: *c.Tracing.TLSCertPath, Msg: "must be empty when Tracing.Mode is 'insecure'"}) + err = multierr.Append(err, config.ErrInvalid{Name: "Tracing.TLSCertPath", Value: *c.Tracing.TLSCertPath, Msg: "must be empty when Tracing.Mode is 'unencrypted'"}) } } } diff --git a/core/services/chainlink/config_test.go b/core/services/chainlink/config_test.go index 0c963294c4f..33fda221285 100644 --- a/core/services/chainlink/config_test.go +++ b/core/services/chainlink/config_test.go @@ -228,7 +228,7 @@ func TestConfig_Marshal(t *testing.T) { CollectorTarget: ptr("localhost:4317"), NodeID: ptr("clc-ocr-sol-devnet-node-1"), SamplingRatio: ptr(1.0), - Mode: ptr("secure"), + Mode: ptr("tls"), TLSCertPath: ptr("/path/to/cert.pem"), Attributes: map[string]string{ "test": "load", @@ -690,7 +690,7 @@ Enabled = true CollectorTarget = 'localhost:4317' NodeID = 'clc-ocr-sol-devnet-node-1' SamplingRatio = 1.0 -Mode = 'secure' +Mode = 'tls' TLSCertPath = '/path/to/cert.pem' [Tracing.Attributes] @@ -1541,4 +1541,80 @@ func TestConfig_SetFrom(t *testing.T) { } } +func TestConfig_Warnings(t *testing.T) { + tests := []struct { + name string + config Config + expectedErrors []string + }{ + { + name: "No warnings", + config: Config{}, + expectedErrors: nil, + }, + { + name: "Value warning - unencrypted mode with TLS path set", + config: Config{ + Core: toml.Core{ + Tracing: toml.Tracing{ + Enabled: ptr(true), + Mode: ptr("unencrypted"), + TLSCertPath: ptr("/path/to/cert.pem"), + }, + }, + }, + expectedErrors: []string{"Tracing.TLSCertPath: invalid value (/path/to/cert.pem): must be empty when Tracing.Mode is 'unencrypted'"}, + }, + { + name: "Deprecation warning - P2P.V1 fields set", + config: Config{ + Core: toml.Core{ + P2P: toml.P2P{ + V1: toml.P2PV1{ + Enabled: ptr(true), + }, + }, + }, + }, + expectedErrors: []string{ + "P2P.V1: is deprecated and will be removed in a future version", + }, + }, + { + name: "Value warning and deprecation warning", + config: Config{ + Core: toml.Core{ + P2P: toml.P2P{ + V1: toml.P2PV1{ + Enabled: ptr(true), + }, + }, + Tracing: toml.Tracing{ + Enabled: ptr(true), + Mode: ptr("unencrypted"), + TLSCertPath: ptr("/path/to/cert.pem"), + }, + }, + }, + expectedErrors: []string{ + "Tracing.TLSCertPath: invalid value (/path/to/cert.pem): must be empty when Tracing.Mode is 'unencrypted'", + "P2P.V1: is deprecated and will be removed in a future version", + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := tt.config.warnings() + if len(tt.expectedErrors) == 0 { + assert.NoError(t, err) + } else { + for _, expectedErr := range tt.expectedErrors { + assert.Contains(t, err.Error(), expectedErr) + } + } + }) + } +} + func ptr[T any](t T) *T { return &t } diff --git a/core/services/chainlink/config_tracing_test.go b/core/services/chainlink/config_tracing_test.go index 61a68a2305c..37653729cf3 100644 --- a/core/services/chainlink/config_tracing_test.go +++ b/core/services/chainlink/config_tracing_test.go @@ -14,7 +14,7 @@ func TestTracing_Config(t *testing.T) { collectorTarget := "http://localhost:9000" nodeID := "Node1" samplingRatio := 0.5 - mode := "secure" + mode := "tls" tlsCertPath := "/path/to/cert.pem" attributes := map[string]string{"key": "value"} tracing := toml.Tracing{ @@ -32,7 +32,7 @@ func TestTracing_Config(t *testing.T) { assert.Equal(t, "http://localhost:9000", tConfig.CollectorTarget()) assert.Equal(t, "Node1", tConfig.NodeID()) assert.Equal(t, 0.5, tConfig.SamplingRatio()) - assert.Equal(t, "secure", tConfig.Mode()) + assert.Equal(t, "tls", tConfig.Mode()) assert.Equal(t, "/path/to/cert.pem", tConfig.TLSCertPath()) assert.Equal(t, map[string]string{"key": "value"}, tConfig.Attributes()) diff --git a/core/services/chainlink/testdata/config-empty-effective.toml b/core/services/chainlink/testdata/config-empty-effective.toml index 7b05e8d0d2b..8f3135b34e4 100644 --- a/core/services/chainlink/testdata/config-empty-effective.toml +++ b/core/services/chainlink/testdata/config-empty-effective.toml @@ -232,5 +232,5 @@ Enabled = false CollectorTarget = '' NodeID = '' SamplingRatio = 0.0 -Mode = 'secure' +Mode = 'tls' TLSCertPath = '' diff --git a/core/services/chainlink/testdata/config-full.toml b/core/services/chainlink/testdata/config-full.toml index 8691954c1b6..eca5f6f96d2 100644 --- a/core/services/chainlink/testdata/config-full.toml +++ b/core/services/chainlink/testdata/config-full.toml @@ -238,7 +238,7 @@ Enabled = true CollectorTarget = 'localhost:4317' NodeID = 'clc-ocr-sol-devnet-node-1' SamplingRatio = 1.0 -Mode = 'secure' +Mode = 'tls' TLSCertPath = '/path/to/cert.pem' [Tracing.Attributes] diff --git a/core/services/chainlink/testdata/config-multi-chain-effective.toml b/core/services/chainlink/testdata/config-multi-chain-effective.toml index 3bfdeaf7c58..6a60dfd419a 100644 --- a/core/services/chainlink/testdata/config-multi-chain-effective.toml +++ b/core/services/chainlink/testdata/config-multi-chain-effective.toml @@ -232,7 +232,7 @@ Enabled = false CollectorTarget = '' NodeID = '' SamplingRatio = 0.0 -Mode = 'secure' +Mode = 'tls' TLSCertPath = '' [[EVM]] diff --git a/core/web/resolver/testdata/config-empty-effective.toml b/core/web/resolver/testdata/config-empty-effective.toml index 7b05e8d0d2b..8f3135b34e4 100644 --- a/core/web/resolver/testdata/config-empty-effective.toml +++ b/core/web/resolver/testdata/config-empty-effective.toml @@ -232,5 +232,5 @@ Enabled = false CollectorTarget = '' NodeID = '' SamplingRatio = 0.0 -Mode = 'secure' +Mode = 'tls' TLSCertPath = '' diff --git a/core/web/resolver/testdata/config-full.toml b/core/web/resolver/testdata/config-full.toml index 5018c3d3909..7e9872e9554 100644 --- a/core/web/resolver/testdata/config-full.toml +++ b/core/web/resolver/testdata/config-full.toml @@ -238,7 +238,7 @@ Enabled = false CollectorTarget = 'localhost:4317' NodeID = 'NodeID' SamplingRatio = 1.0 -Mode = 'secure' +Mode = 'tls' TLSCertPath = '/path/to/cert.pem' [Tracing.Attributes] diff --git a/core/web/resolver/testdata/config-multi-chain-effective.toml b/core/web/resolver/testdata/config-multi-chain-effective.toml index 3bfdeaf7c58..6a60dfd419a 100644 --- a/core/web/resolver/testdata/config-multi-chain-effective.toml +++ b/core/web/resolver/testdata/config-multi-chain-effective.toml @@ -232,7 +232,7 @@ Enabled = false CollectorTarget = '' NodeID = '' SamplingRatio = 0.0 -Mode = 'secure' +Mode = 'tls' TLSCertPath = '' [[EVM]] diff --git a/docs/CONFIG.md b/docs/CONFIG.md index 7cdcd0988e4..ad1ff896709 100644 --- a/docs/CONFIG.md +++ b/docs/CONFIG.md @@ -1598,7 +1598,7 @@ Enabled = false # Default CollectorTarget = 'localhost:4317' # Example NodeID = 'NodeID' # Example SamplingRatio = 1.0 # Example -Mode = 'secure' # Default +Mode = 'tls' # Default TLSCertPath = '/path/to/cert.pem' # Example ``` @@ -1629,9 +1629,9 @@ SamplingRatio is the ratio of traces to sample for this node. ### Mode ```toml -Mode = 'secure' # Default +Mode = 'tls' # Default ``` -Mode is a string value. 'secure' or 'insecure' are the only values allowed. If set to 'insecure', TLSCertPath can be unset, meaning traces will be sent over plaintext to the collector. +Mode is a string value. 'tls' or 'unencrypted' are the only values allowed. If set to 'unencrypted', TLSCertPath can be unset, meaning traces will be sent over plaintext to the collector. ### TLSCertPath ```toml diff --git a/integration-tests/types/config/node/core.go b/integration-tests/types/config/node/core.go index ae80f143ebd..b7f2b316aa7 100644 --- a/integration-tests/types/config/node/core.go +++ b/integration-tests/types/config/node/core.go @@ -140,7 +140,7 @@ func WithTracing() NodeConfigOpt { // ksortable unique id NodeID: ptr.Ptr(ksuid.New().String()), SamplingRatio: ptr.Ptr(1.0), - Mode: ptr.Ptr("insecure"), + Mode: ptr.Ptr("unencrypted"), Attributes: map[string]string{ "env": "smoke", }, diff --git a/plugins/loop_registry_test.go b/plugins/loop_registry_test.go index c096c239321..b307469e09b 100644 --- a/plugins/loop_registry_test.go +++ b/plugins/loop_registry_test.go @@ -37,7 +37,7 @@ func (m *MockCfgTracing) NodeID() string { return "" } func (m *MockCfgTracing) CollectorTarget() string { return "http://localhost:9000" } func (m *MockCfgTracing) SamplingRatio() float64 { return 0.1 } func (m *MockCfgTracing) TLSCertPath() string { return "/path/to/cert.pem" } -func (m *MockCfgTracing) Mode() string { return "secure" } +func (m *MockCfgTracing) Mode() string { return "tls" } func TestLoopRegistry_Register(t *testing.T) { mockCfgTracing := &MockCfgTracing{} diff --git a/testdata/scripts/node/validate/default.txtar b/testdata/scripts/node/validate/default.txtar index 33e7e3208e7..267a760f08c 100644 --- a/testdata/scripts/node/validate/default.txtar +++ b/testdata/scripts/node/validate/default.txtar @@ -244,7 +244,7 @@ Enabled = false CollectorTarget = '' NodeID = '' SamplingRatio = 0.0 -Mode = 'secure' +Mode = 'tls' TLSCertPath = '' Invalid configuration: invalid secrets: 2 errors: diff --git a/testdata/scripts/node/validate/disk-based-logging-disabled.txtar b/testdata/scripts/node/validate/disk-based-logging-disabled.txtar index 9bbe9e0f5b4..e6281e8d221 100644 --- a/testdata/scripts/node/validate/disk-based-logging-disabled.txtar +++ b/testdata/scripts/node/validate/disk-based-logging-disabled.txtar @@ -288,7 +288,7 @@ Enabled = false CollectorTarget = '' NodeID = '' SamplingRatio = 0.0 -Mode = 'secure' +Mode = 'tls' TLSCertPath = '' [[EVM]] diff --git a/testdata/scripts/node/validate/disk-based-logging-no-dir.txtar b/testdata/scripts/node/validate/disk-based-logging-no-dir.txtar index 774881a92b7..65d832aa82e 100644 --- a/testdata/scripts/node/validate/disk-based-logging-no-dir.txtar +++ b/testdata/scripts/node/validate/disk-based-logging-no-dir.txtar @@ -288,7 +288,7 @@ Enabled = false CollectorTarget = '' NodeID = '' SamplingRatio = 0.0 -Mode = 'secure' +Mode = 'tls' TLSCertPath = '' [[EVM]] diff --git a/testdata/scripts/node/validate/disk-based-logging.txtar b/testdata/scripts/node/validate/disk-based-logging.txtar index 7cc32453735..6b9e3d56ce6 100644 --- a/testdata/scripts/node/validate/disk-based-logging.txtar +++ b/testdata/scripts/node/validate/disk-based-logging.txtar @@ -288,7 +288,7 @@ Enabled = false CollectorTarget = '' NodeID = '' SamplingRatio = 0.0 -Mode = 'secure' +Mode = 'tls' TLSCertPath = '' [[EVM]] diff --git a/testdata/scripts/node/validate/invalid.txtar b/testdata/scripts/node/validate/invalid.txtar index e510a489e25..aa2036413c7 100644 --- a/testdata/scripts/node/validate/invalid.txtar +++ b/testdata/scripts/node/validate/invalid.txtar @@ -278,7 +278,7 @@ Enabled = false CollectorTarget = '' NodeID = '' SamplingRatio = 0.0 -Mode = 'secure' +Mode = 'tls' TLSCertPath = '' [[EVM]] diff --git a/testdata/scripts/node/validate/valid.txtar b/testdata/scripts/node/validate/valid.txtar index 27f11e366ac..4ceb9d5df35 100644 --- a/testdata/scripts/node/validate/valid.txtar +++ b/testdata/scripts/node/validate/valid.txtar @@ -285,7 +285,7 @@ Enabled = false CollectorTarget = '' NodeID = '' SamplingRatio = 0.0 -Mode = 'secure' +Mode = 'tls' TLSCertPath = '' [[EVM]] diff --git a/testdata/scripts/node/validate/warnings.txtar b/testdata/scripts/node/validate/warnings.txtar index 9c7fb8428a8..e4ff2aa35ea 100644 --- a/testdata/scripts/node/validate/warnings.txtar +++ b/testdata/scripts/node/validate/warnings.txtar @@ -15,6 +15,12 @@ ListenPort = 0 NewStreamTimeout = '10s' PeerstoreWriteInterval = '5m0s' +[Tracing] +Enabled = true +CollectorTarget = 'otel-collector:4317' +TLSCertPath = 'something' +Mode = 'unencrypted' + -- secrets.toml -- [Database] URL = 'postgresql://user:pass1234567890abcd@localhost:5432/dbname?sslmode=disable' @@ -46,6 +52,12 @@ ListenPort = 0 NewStreamTimeout = '10s' PeerstoreWriteInterval = '5m0s' +[Tracing] +Enabled = true +CollectorTarget = 'otel-collector:4317' +Mode = 'unencrypted' +TLSCertPath = 'something' + # Effective Configuration, with defaults applied: InsecureFastScrypt = false RootDir = '~/.chainlink' @@ -277,15 +289,15 @@ InfiniteDepthQueries = false DisableRateLimiting = false [Tracing] -Enabled = false -CollectorTarget = '' +Enabled = true +CollectorTarget = 'otel-collector:4317' NodeID = '' SamplingRatio = 0.0 -Mode = 'secure' -TLSCertPath = '' +Mode = 'unencrypted' +TLSCertPath = 'something' # Configuration warning: -2 errors: +3 errors: - P2P.V1: is deprecated and will be removed in a future version - P2P.V1: 10 errors: - AnnounceIP: is deprecated and will be removed in a future version @@ -298,4 +310,5 @@ TLSCertPath = '' - ListenPort: is deprecated and will be removed in a future version - NewStreamTimeout: is deprecated and will be removed in a future version - PeerstoreWriteInterval: is deprecated and will be removed in a future version + - Tracing.TLSCertPath: invalid value (something): must be empty when Tracing.Mode is 'unencrypted' Valid configuration.