fix: dont allow paths in grpc protocol (#3309)

Co-authored-by: Stanislav Khalash <stanislav.khalash@sap.com>

Author: rakesh-garimella

internal/validators/endpoint/endpoint_validator.go

@@ -37,6 +37,7 @@ var (
 	ErrUnsupportedScheme  = errors.New("missing or unsupported protocol scheme")
 	ErrGRPCOAuth2NoTLS    = errors.New("OAuth2 requires TLS when using gRPC protocol")
 	ErrHTTPWithTLS        = errors.New("HTTP scheme with TLS not allowed")
+	ErrGRPCWithPath       = errors.New("gRPC endpoints cannot contain paths")
 )
 
 type EndpointInvalidError struct {
@@ -89,6 +90,13 @@ func (v *Validator) Validate(ctx context.Context, params EndpointValidationParam
 		}
 	}
 
+	// path validation for gRPC
+	if params.Protocol == OTLPProtocolGRPC {
+		if err := validateGRPCPath(u.Path); err != nil {
+			return err
+		}
+	}
+
 	// OAuth2 validation
 	if params.OTLPOAuth2 != nil {
 		var validationFunc func(string, *telemetryv1beta1.OutputTLS) error
@@ -178,6 +186,15 @@ func validateSchemeHTTP(scheme string) error {
 	return nil
 }
 
+func validateGRPCPath(path string) error {
+	// OTel Collector's gRPC exporter does not accept any path, including trailing slashes.
+	if path != "" {
+		return &EndpointInvalidError{Err: ErrGRPCWithPath}
+	}
+
+	return nil
+}
+
 func validateGRPCWithOAuth2(scheme string, tls *telemetryv1beta1.OutputTLS) error {
 	// Insecure TLS config
 	if tls != nil && tls.Insecure {

internal/validators/endpoint/endpoint_validator_test.go

@@ -21,6 +21,7 @@ const (
 	errMsgUnsupportedScheme     = "missing or unsupported protocol scheme"
 	errMsgGRPCOAuth2NoTLS       = "OAuth2 requires TLS when using gRPC protocol"
 	errMsgHTTPWithTLS           = "HTTP scheme with TLS not allowed"
+	errMsgGRPCWithPath          = "gRPC endpoints cannot contain paths"
 )
 
 var testScenarios = []struct {
@@ -36,12 +37,19 @@ var testScenarios = []struct {
 	errFluentdHTTP    error
 	errMsgFluentdHTTP string
 }{
+	{
+		name:     "with scheme: endpoint with trailing slash and port",
+		endpoint: "https://foo.bar:4317/",
+
+		errOTLPGRPC:    ErrGRPCWithPath,
+		errMsgOTLPGRPC: errMsgGRPCWithPath,
+	},
 	{
 		name:     "with scheme: valid endpoint with path and port",
 		endpoint: "https://foo.bar:4317/foo/bar",
 
-		errOTLPGRPC:    nil,
-		errMsgOTLPGRPC: "",
+		errOTLPGRPC:    ErrGRPCWithPath,
+		errMsgOTLPGRPC: errMsgGRPCWithPath,
 
 		errOTLPHTTP:    nil,
 		errMsgOTLPHTTP: "",
@@ -53,8 +61,8 @@ var testScenarios = []struct {
 		name:     "with scheme: valid endpoint with path, query params, and port",
 		endpoint: "https://foo.bar:4317/ingest?token=abc&query=param",
 
-		errOTLPGRPC:    nil,
-		errMsgOTLPGRPC: "",
+		errOTLPGRPC:    ErrGRPCWithPath,
+		errMsgOTLPGRPC: errMsgGRPCWithPath,
 
 		errOTLPHTTP:    nil,
 		errMsgOTLPHTTP: "",
@@ -66,8 +74,8 @@ var testScenarios = []struct {
 		name:     "with IPv4: valid IPv4 endpoint with path and port",
 		endpoint: "https://10.108.183.198:4317/foo/bar",
 
-		errOTLPGRPC:    nil,
-		errMsgOTLPGRPC: "",
+		errOTLPGRPC:    ErrGRPCWithPath,
+		errMsgOTLPGRPC: errMsgGRPCWithPath,
 
 		errOTLPHTTP:    nil,
 		errMsgOTLPHTTP: "",
@@ -79,8 +87,8 @@ var testScenarios = []struct {
 		name:     "with IPv6: valid IPv6 endpoint with path and port",
 		endpoint: "https://[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:4317/foo/bar",
 
-		errOTLPGRPC:    nil,
-		errMsgOTLPGRPC: "",
+		errOTLPGRPC:    ErrGRPCWithPath,
+		errMsgOTLPGRPC: errMsgGRPCWithPath,
 
 		errOTLPHTTP:    nil,
 		errMsgOTLPHTTP: "",

test/e2e/logs/shared/single_pipeline_test.go

@@ -71,42 +71,64 @@ func TestSinglePipeline_OTel(t *testing.T) {
 		},
 	}
 
-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			suite.SetupTestWithOptions(t, tc.labels, tc.opts...)
-
-			var (
-				uniquePrefix = unique.Prefix(tc.name)
-				pipelineName = uniquePrefix()
-				backendNs    = uniquePrefix("backend")
-				genNs        = uniquePrefix("gen")
-			)
-
-			backend := kitbackend.New(backendNs, kitbackend.SignalTypeLogsOTel)
-
-			pipeline := testutils.NewLogPipelineBuilder().
-				WithName(pipelineName).
-				WithInput(tc.inputBuilder(genNs)).
-				WithOTLPOutput(testutils.OTLPEndpoint(backend.EndpointHTTP())).
-				Build()
-
-			resources := []client.Object{
-				kitk8sobjects.NewNamespace(backendNs).K8sObject(),
-				kitk8sobjects.NewNamespace(genNs).K8sObject(),
-				&pipeline,
-				tc.logGeneratorBuilder(genNs),
-			}
-			resources = append(resources, backend.K8sObjects()...)
-
-			Expect(kitk8s.CreateObjects(t, resources...)).To(Succeed())
-
-			assert.BackendReachable(t, backend)
-
-			tc.readinessCheckFunc(t, tc.resourceName)
+	protocols := []struct {
+		name     string
+		protocol telemetryv1beta1.OTLPProtocol
+		endpoint func(backend *kitbackend.Backend) string
+	}{
+		{
+			name:     "grpc",
+			protocol: "grpc",
+			endpoint: func(b *kitbackend.Backend) string { return b.EndpointHTTP() },
+		},
+		{
+			name:     "http",
+			protocol: "http",
+			endpoint: func(b *kitbackend.Backend) string { return b.EndpointOTLPHTTP() },
+		},
+	}
 
-			assert.OTelLogPipelineHealthy(t, pipelineName)
-			assert.OTelLogsFromNamespaceDelivered(t, backend, genNs)
-		})
+	for _, tc := range tests {
+		for _, proto := range protocols {
+			t.Run(tc.name+"/"+proto.name, func(t *testing.T) {
+				suite.SetupTestWithOptions(t, tc.labels, tc.opts...)
+
+				var (
+					uniquePrefix = unique.Prefix(tc.name, proto.name)
+					pipelineName = uniquePrefix()
+					backendNs    = uniquePrefix("backend")
+					genNs        = uniquePrefix("gen")
+				)
+
+				backend := kitbackend.New(backendNs, kitbackend.SignalTypeLogsOTel)
+
+				pipeline := testutils.NewLogPipelineBuilder().
+					WithName(pipelineName).
+					WithInput(tc.inputBuilder(genNs)).
+					WithOTLPOutput(
+						testutils.OTLPEndpoint(proto.endpoint(backend)),
+						testutils.OTLPProtocol(proto.protocol),
+					).
+					Build()
+
+				resources := []client.Object{
+					kitk8sobjects.NewNamespace(backendNs).K8sObject(),
+					kitk8sobjects.NewNamespace(genNs).K8sObject(),
+					&pipeline,
+					tc.logGeneratorBuilder(genNs),
+				}
+				resources = append(resources, backend.K8sObjects()...)
+
+				Expect(kitk8s.CreateObjects(t, resources...)).To(Succeed())
+
+				assert.BackendReachable(t, backend)
+
+				tc.readinessCheckFunc(t, tc.resourceName)
+
+				assert.OTelLogPipelineHealthy(t, pipelineName)
+				assert.OTelLogsFromNamespaceDelivered(t, backend, genNs)
+			})
+		}
 	}
 }
 

test/e2e/metrics/shared/single_pipeline_test.go

@@ -57,54 +57,76 @@ func TestSinglePipeline(t *testing.T) {
 		},
 	}
 
+	protocols := []struct {
+		name     string
+		protocol telemetryv1beta1.OTLPProtocol
+		endpoint func(backend *kitbackend.Backend) string
+	}{
+		{
+			name:     "grpc",
+			protocol: "grpc",
+			endpoint: func(b *kitbackend.Backend) string { return b.EndpointHTTP() },
+		},
+		{
+			name:     "http",
+			protocol: "http",
+			endpoint: func(b *kitbackend.Backend) string { return b.EndpointOTLPHTTP() },
+		},
+	}
+
 	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			suite.SetupTest(t, tc.labels...)
-
-			var (
-				uniquePrefix = unique.Prefix(tc.name)
-				pipelineName = uniquePrefix()
-				backendNs    = uniquePrefix("backend")
-				genNs        = uniquePrefix("gen")
-			)
-
-			backend := kitbackend.New(backendNs, kitbackend.SignalTypeMetrics)
-			pipeline := testutils.NewMetricPipelineBuilder().
-				WithName(pipelineName).
-				WithInput(tc.inputBuilder(genNs)).
-				WithOTLPOutput(testutils.OTLPEndpoint(backend.EndpointHTTP())).
-				Build()
-
-			resources := []client.Object{
-				kitk8sobjects.NewNamespace(backendNs).K8sObject(),
-				kitk8sobjects.NewNamespace(genNs).K8sObject(),
-				&pipeline,
-			}
-			resources = append(resources, tc.generatorBuilder(genNs)...)
-			resources = append(resources, backend.K8sObjects()...)
-
-			Expect(kitk8s.CreateObjects(t, resources...)).To(Succeed())
-
-			assert.BackendReachable(t, backend)
-			assert.DeploymentReady(t, kitkyma.MetricGatewayName)
-
-			if suite.ExpectAgent(tc.labels...) {
-				assert.DaemonSetReady(t, kitkyma.MetricAgentName)
-			}
-
-			assert.MetricPipelineHealthy(t, pipelineName)
-
-			if suite.ExpectAgent(tc.labels...) {
-				assert.MetricsFromNamespaceDelivered(t, backend, genNs, runtime.DefaultMetricsNames)
-
-				agentMetricsURL := suite.ProxyClient.ProxyURLForService(kitkyma.MetricAgentMetricsService.Namespace, kitkyma.MetricAgentMetricsService.Name, "metrics", ports.Metrics)
-				assert.EmitsOTelCollectorMetrics(t, agentMetricsURL)
-			} else {
-				assert.MetricsFromNamespaceDelivered(t, backend, genNs, telemetrygen.MetricNames)
-
-				gatewayMetricsURL := suite.ProxyClient.ProxyURLForService(kitkyma.MetricGatewayMetricsService.Namespace, kitkyma.MetricGatewayMetricsService.Name, "metrics", ports.Metrics)
-				assert.EmitsOTelCollectorMetrics(t, gatewayMetricsURL)
-			}
-		})
+		for _, proto := range protocols {
+			t.Run(tc.name+"/"+proto.name, func(t *testing.T) {
+				suite.SetupTest(t, tc.labels...)
+
+				var (
+					uniquePrefix = unique.Prefix(tc.name, proto.name)
+					pipelineName = uniquePrefix()
+					backendNs    = uniquePrefix("backend")
+					genNs        = uniquePrefix("gen")
+				)
+
+				backend := kitbackend.New(backendNs, kitbackend.SignalTypeMetrics)
+				pipeline := testutils.NewMetricPipelineBuilder().
+					WithName(pipelineName).
+					WithInput(tc.inputBuilder(genNs)).
+					WithOTLPOutput(
+						testutils.OTLPEndpoint(proto.endpoint(backend)),
+						testutils.OTLPProtocol(proto.protocol),
+					).
+					Build()
+
+				resources := []client.Object{
+					kitk8sobjects.NewNamespace(backendNs).K8sObject(),
+					kitk8sobjects.NewNamespace(genNs).K8sObject(),
+					&pipeline,
+				}
+				resources = append(resources, tc.generatorBuilder(genNs)...)
+				resources = append(resources, backend.K8sObjects()...)
+
+				Expect(kitk8s.CreateObjects(t, resources...)).To(Succeed())
+
+				assert.BackendReachable(t, backend)
+				assert.DeploymentReady(t, kitkyma.MetricGatewayName)
+
+				if suite.ExpectAgent(tc.labels...) {
+					assert.DaemonSetReady(t, kitkyma.MetricAgentName)
+				}
+
+				assert.MetricPipelineHealthy(t, pipelineName)
+
+				if suite.ExpectAgent(tc.labels...) {
+					assert.MetricsFromNamespaceDelivered(t, backend, genNs, runtime.DefaultMetricsNames)
+
+					agentMetricsURL := suite.ProxyClient.ProxyURLForService(kitkyma.MetricAgentMetricsService.Namespace, kitkyma.MetricAgentMetricsService.Name, "metrics", ports.Metrics)
+					assert.EmitsOTelCollectorMetrics(t, agentMetricsURL)
+				} else {
+					assert.MetricsFromNamespaceDelivered(t, backend, genNs, telemetrygen.MetricNames)
+
+					gatewayMetricsURL := suite.ProxyClient.ProxyURLForService(kitkyma.MetricGatewayMetricsService.Namespace, kitkyma.MetricGatewayMetricsService.Name, "metrics", ports.Metrics)
+					assert.EmitsOTelCollectorMetrics(t, gatewayMetricsURL)
+				}
+			})
+		}
 	}
 }