jprdonnelly/impala
1
0
Fork 0
mirror of https://github.com/apache/impala.git synced 2025-12-19 18:12:08 -05:00
Code Issues Projects Releases Wiki Activity

IMPALA-14403: Fix OpenTelemetry TLS Detection

Browse Source 
Fixes the code that detects if the OpenTelemetry collector is using
TLS. Previously, the code only worked properly when the collector URL
was all lowercase. Also removes unnecessary checks that could cause
TLS to be enabled even when the collector URL scheme was not https.

Testing accomplished by adding new ctest tests.

Change-Id: I3bf74f1353545d280575cdb94cf135e55c580ec7
Reviewed-on: http://gerrit.cloudera.org:8080/23397
Reviewed-by: Impala Public Jenkins <impala-public-jenkins@cloudera.com>
Tested-by: Impala Public Jenkins <impala-public-jenkins@cloudera.com>
This commit is contained in:
jasonmfehr
2025-09-08 16:30:27 -07:00
committed by Impala Public Jenkins
parent ec809fc16c
commit 2efd22bd73
3 changed files with 53 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
be/src/observe/otel-test.cc
View File

@@ -31,6 +31,7 @@ using namespace std;
using namespace impala;
DECLARE_bool(otel_trace_beeswax);
DECLARE_string(otel_trace_collector_url);
TEST(OtelTest, QueriesTraced) {
const auto runtest = [](const string_view sql_str) -> void {
@@ -180,3 +181,42 @@ TEST(OtelTest, QueriesNotTraced) {
EXPECT_FALSE(should_otel_trace_query("SELECT * FROM foo", TSessionType::BEESWAX));
}
}
TEST(OtelTest, TLSEnabled) {
{
auto ca_cert_path_setter =
ScopedFlagSetter<string>::Make(&FLAGS_otel_trace_collector_url, "https://foo.com");
// NOLINTNEXTLINE(clang-diagnostic-error-undeclared-identifier)
EXPECT_TRUE(test::otel_tls_enabled_for_testing());
}
{
auto ca_cert_path_setter =
ScopedFlagSetter<string>::Make(&FLAGS_otel_trace_collector_url, "HTTPS://foo.com");
// NOLINTNEXTLINE(clang-diagnostic-error-undeclared-identifier)
EXPECT_TRUE(test::otel_tls_enabled_for_testing());
}
}
TEST(OtelTest, TLSNotEnabled) {
{
auto ca_cert_path_setter =
ScopedFlagSetter<string>::Make(&FLAGS_otel_trace_collector_url, "");
// NOLINTNEXTLINE(clang-diagnostic-error-undeclared-identifier)
EXPECT_FALSE(test::otel_tls_enabled_for_testing());
}
{
auto ca_cert_path_setter =
ScopedFlagSetter<string>::Make(&FLAGS_otel_trace_collector_url, "http://foo.com");
// NOLINTNEXTLINE(clang-diagnostic-error-undeclared-identifier)
EXPECT_FALSE(test::otel_tls_enabled_for_testing());
}
{
auto ca_cert_path_setter =
ScopedFlagSetter<string>::Make(&FLAGS_otel_trace_collector_url, "HTTP://foo.com");
// NOLINTNEXTLINE(clang-diagnostic-error-undeclared-identifier)
EXPECT_FALSE(test::otel_tls_enabled_for_testing());
}
}

13
be/src/observe/otel.cc
View File

@@ -133,12 +133,7 @@ static unique_ptr<trace::TracerProvider> provider_;
// Returns true if any TLS configuration flags are set for the OTel exporter.
static inline bool otel_tls_enabled() {
return !FLAGS_otel_trace_ca_cert_path.empty()
|| !FLAGS_otel_trace_ca_cert_string.empty()
|| !FLAGS_otel_trace_tls_minimum_version.empty()
|| !FLAGS_otel_trace_ssl_ciphers.empty()
|| !FLAGS_otel_trace_tls_cipher_suites.empty()
|| FLAGS_otel_trace_collector_url.find("https://") == 0;
return boost::algorithm::istarts_with(FLAGS_otel_trace_collector_url, "https://");
} // function otel_tls_enabled
bool should_otel_trace_query(std::string_view sql,
@@ -368,4 +363,10 @@ shared_ptr<SpanManager> build_span_manager(ClientRequestState* crs) {
provider_->GetTracer(SCOPE_SPAN_NAME, SCOPE_SPAN_SPEC_VERSION), crs);
} // function build_span_manager
namespace test {
bool otel_tls_enabled_for_testing() {
return otel_tls_enabled();
}
} // namespace test
} // namespace impala

5
be/src/observe/otel.h
View File

@@ -55,4 +55,9 @@ void shutdown_otel_tracer();
// Builds a SpanManager instance for the given query.
std::shared_ptr<SpanManager> build_span_manager(ClientRequestState*);
namespace test {
// Testing helper function to provide access to the static otel_tls_enabled() function.
bool otel_tls_enabled_for_testing();
} // namespace test
} // namespace impala