-
Notifications
You must be signed in to change notification settings - Fork 624
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OTLP exporter: Handle error case when no credentials supplied #1366
Conversation
Signed-off-by: Abhilash Gnan <[email protected]>
Signed-off-by: Abhilash Gnan <[email protected]>
Signed-off-by: Abhilash Gnan <[email protected]>
credentials is None | ||
and Configuration().EXPORTER_OTLP_CERTIFICATE is None | ||
): | ||
raise ValueError("No credentials set in secure mode.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
any advantage to raising an exception here and not default to using grpc.ssl_channel_credentials()
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This case is when insecure=False which is by default. Without this custom error handling it would break deep in stack inside grpc library without a useful message. Or can we handle this in a better way?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's probably reasonable. I don't know how bad the original error is but asserting invalid configurations is certainly helpful.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jan25 my suggestion here was that using ssl_channel_credentials
without any parameters would work in the case of a secure connection as it will load the root certificate from a default location:
https://grpc.github.io/grpc/python/grpc.html#create-client-credentials
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like this idea, perhaps we need to update the spec before using default location? Also, i was wrong about grpc library erroring. Actually it was open(filename)
thats erroring when no cert location is set and filename=None
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jan25 if it violates the spec to look for ssl credentials in the secure case before failing, then agreed we should amend the spec.
Can you file an issue? Or do you want someone else to handle that conversation?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @toumorokoshi I recently learnt grpc python library has the default certificate path support, so i don't have 100% context of this. Could someone else open an issue in spec repo about this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
great, thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, can you add an entry in the changelog? It's not serious, but probably worth calling out new behavior of a raised ValueError.
Thanks @toumorokoshi ! I've updated CHANGELOG. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! Would definitely be good to have a follow-up item on the use of default ssl credentials, great catch codeboten!
Looks like a sdk test is flaky. Could we rerun the CI? |
Signed-off-by: Abhilash Gnan [email protected]
Description
Env var support for OTLP exporter was added in #1101. There is a error case(#1101 (comment)) which needs to be handled when
credentials
is not available in case ofinsecure=False
(default).This PR adds a
ValueError
for such case. Also, modified sample code to haveinsecure=True
.Type of change
Please delete options that are not relevant.
Checklist: