UNPKG

@opentelemetry/otlp-grpc-exporter-base

Version:

OpenTelemetry OTLP-gRPC Exporter base (for internal use only)

github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/otlp-grpc-exporter-base

open-telemetry/opentelemetry-js

159 lines 7.76 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.getOtlpGrpcConfigurationFromEnv = void 0; const core_1 = require("@opentelemetry/core"); const grpc_exporter_transport_1 = require("../grpc-exporter-transport"); const node_http_1 = require("@opentelemetry/otlp-exporter-base/node-http"); const fs = require("fs"); const path = require("path"); const api_1 = require("@opentelemetry/api"); function fallbackIfNullishOrBlank(signalSpecific, nonSignalSpecific) { if (signalSpecific != null && signalSpecific !== '') { return signalSpecific; } if (nonSignalSpecific != null && nonSignalSpecific !== '') { return nonSignalSpecific; } return undefined; } function getMetadataFromEnv(signalIdentifier) { const signalSpecificRawHeaders = process.env[`OTEL_EXPORTER_OTLP_${signalIdentifier}_HEADERS`]?.trim(); const nonSignalSpecificRawHeaders = process.env['OTEL_EXPORTER_OTLP_HEADERS']?.trim(); const signalSpecificHeaders = (0, core_1.parseKeyPairsIntoRecord)(signalSpecificRawHeaders); const nonSignalSpecificHeaders = (0, core_1.parseKeyPairsIntoRecord)(nonSignalSpecificRawHeaders); if (Object.keys(signalSpecificHeaders).length === 0 && Object.keys(nonSignalSpecificHeaders).length === 0) { return undefined; } const mergeHeaders = Object.assign({}, nonSignalSpecificHeaders, signalSpecificHeaders); const metadata = (0, grpc_exporter_transport_1.createEmptyMetadata)(); // for this to work, metadata MUST be empty - otherwise `Metadata#set()` will merge items. for (const [key, value] of Object.entries(mergeHeaders)) { metadata.set(key, value); } return metadata; } function getMetadataProviderFromEnv(signalIdentifier) { const metadata = getMetadataFromEnv(signalIdentifier); if (metadata == null) { return undefined; } return () => metadata; } function getUrlFromEnv(signalIdentifier) { // This does not change the string beyond trimming on purpose. // Normally a user would just use a host and port for gRPC, but the OTLP Exporter specification requires us to // use the raw provided endpoint to derive credential settings. Therefore, we only normalize right when // we merge user-provided, env-provided and defaults together, and we have determined which credentials to use. // // Examples: // - example.test:4317 -> use secure credentials from environment (or provided via code) // - http://example.test:4317 -> use insecure credentials if nothing else is provided // - https://example.test:4317 -> use secure credentials from environment (or provided via code) const specificEndpoint = process.env[`OTEL_EXPORTER_OTLP_${signalIdentifier}_ENDPOINT`]?.trim(); const nonSpecificEndpoint = process.env[`OTEL_EXPORTER_OTLP_ENDPOINT`]?.trim(); return fallbackIfNullishOrBlank(specificEndpoint, nonSpecificEndpoint); } /** * Determines whether the env var for insecure credentials is set to {@code true}. * * It will allow the following values as {@code true} * - 'true' * - 'true ' * - ' true' * - 'TrUE' * - 'TRUE' * * It will not allow: * - 'true false' * - 'false true' * - 'true!' * - 'true,true' * - '1' * - ' ' * * @param signalIdentifier */ function getInsecureSettingFromEnv(signalIdentifier) { const signalSpecificInsecureValue = process.env[`OTEL_EXPORTER_OTLP_${signalIdentifier}_INSECURE`] ?.toLowerCase() .trim(); const nonSignalSpecificInsecureValue = process.env[`OTEL_EXPORTER_OTLP_INSECURE`] ?.toLowerCase() .trim(); return (fallbackIfNullishOrBlank(signalSpecificInsecureValue, nonSignalSpecificInsecureValue) === 'true'); } function readFileFromEnv(signalSpecificEnvVar, nonSignalSpecificEnvVar, warningMessage) { const signalSpecificPath = process.env[signalSpecificEnvVar]?.trim(); const nonSignalSpecificPath = process.env[nonSignalSpecificEnvVar]?.trim(); const filePath = fallbackIfNullishOrBlank(signalSpecificPath, nonSignalSpecificPath); if (filePath != null) { try { return fs.readFileSync(path.resolve(process.cwd(), filePath)); } catch { api_1.diag.warn(warningMessage); return undefined; } } else { return undefined; } } function getClientCertificateFromEnv(signalIdentifier) { return readFileFromEnv(`OTEL_EXPORTER_OTLP_${signalIdentifier}_CLIENT_CERTIFICATE`, 'OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE', 'Failed to read client certificate chain file'); } function getClientKeyFromEnv(signalIdentifier) { return readFileFromEnv(`OTEL_EXPORTER_OTLP_${signalIdentifier}_CLIENT_KEY`, 'OTEL_EXPORTER_OTLP_CLIENT_KEY', 'Failed to read client certificate private key file'); } function getRootCertificateFromEnv(signalIdentifier) { return readFileFromEnv(`OTEL_EXPORTER_OTLP_${signalIdentifier}_CERTIFICATE`, 'OTEL_EXPORTER_OTLP_CERTIFICATE', 'Failed to read root certificate file'); } function getCredentialsFromEnvIgnoreInsecure(signalIdentifier) { const clientKey = getClientKeyFromEnv(signalIdentifier); const clientCertificate = getClientCertificateFromEnv(signalIdentifier); const rootCertificate = getRootCertificateFromEnv(signalIdentifier); // if the chain is not intact, @grpc/grpc-js will throw. This is fine when a user provides it in code, but env var // config is not allowed to throw, so we add this safeguard and try to make the best of it here. const clientChainIntact = clientKey != null && clientCertificate != null; if (rootCertificate != null && !clientChainIntact) { api_1.diag.warn('Client key and certificate must both be provided, but one was missing - attempting to create credentials from just the root certificate'); return (0, grpc_exporter_transport_1.createSslCredentials)(getRootCertificateFromEnv(signalIdentifier)); } return (0, grpc_exporter_transport_1.createSslCredentials)(rootCertificate, clientKey, clientCertificate); } function getCredentialsFromEnv(signalIdentifier) { if (getInsecureSettingFromEnv(signalIdentifier)) { return (0, grpc_exporter_transport_1.createInsecureCredentials)(); } return getCredentialsFromEnvIgnoreInsecure(signalIdentifier); } function getOtlpGrpcConfigurationFromEnv(signalIdentifier) { return { ...(0, node_http_1.getSharedConfigurationFromEnvironment)(signalIdentifier), metadata: getMetadataProviderFromEnv(signalIdentifier), url: getUrlFromEnv(signalIdentifier), credentials: (finalResolvedUrl) => { // Always assume insecure on http:// and secure on https://, the protocol always takes precedence over the insecure setting. // note: the spec does not make any exception for // - "localhost:4317". If the protocol is omitted, credentials are required unless insecure is set // - "unix://", as it's neither http:// nor https:// and therefore credentials are required unless insecure is set if (finalResolvedUrl.startsWith('http://')) { return () => { return (0, grpc_exporter_transport_1.createInsecureCredentials)(); }; } else if (finalResolvedUrl.startsWith('https://')) { return () => { return getCredentialsFromEnvIgnoreInsecure(signalIdentifier); }; } // defer to env settings in this case return () => { return getCredentialsFromEnv(signalIdentifier); }; }, }; } exports.getOtlpGrpcConfigurationFromEnv = getOtlpGrpcConfigurationFromEnv; //# sourceMappingURL=otlp-grpc-env-configuration.js.map