From 0391069b7e88d37c9b86d7f31ecb8924cff1f37f Mon Sep 17 00:00:00 2001 From: Pablo Baeyens Date: Wed, 26 Nov 2025 17:14:47 +0100 Subject: [PATCH 1/4] [configgrpc,exporter/otlp] Move gRPC client endpoint validation to configgrpc --- .chloggen/mx-psi_configgrpc-validation.yaml | 26 +++++++++++ config/configgrpc/configgrpc.go | 27 ++++++++++++ config/configgrpc/configgrpc_test.go | 18 ++++++++ exporter/otlpexporter/config.go | 48 ++------------------- exporter/otlpexporter/config_test.go | 15 +------ 5 files changed, 77 insertions(+), 57 deletions(-) create mode 100644 .chloggen/mx-psi_configgrpc-validation.yaml diff --git a/.chloggen/mx-psi_configgrpc-validation.yaml b/.chloggen/mx-psi_configgrpc-validation.yaml new file mode 100644 index 00000000000..fbc9a393eb6 --- /dev/null +++ b/.chloggen/mx-psi_configgrpc-validation.yaml @@ -0,0 +1,26 @@ +# Use this changelog template to create an entry for release notes. + +# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' +change_type: enhancement + +# The name of the component, or a single word describing the area of concern, (e.g. receiver/otlp) +component: pkg/config/configgrpc + +# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). +note: Statically validate gRPC endpoint + +# One or more tracking issues or pull requests related to the change +issues: [10451] + +# (Optional) One or more lines of additional information to render under the primary note. +# These lines will be padded with 2 spaces and then inserted directly into the document. +# Use pipe (|) for multiline entries. +subtext: | + This validation was already done in the OTLP exporter. It will now be applied to any gRPC client. + +# Optional: The change log or logs in which this entry should be included. +# e.g. '[user]' or '[user, api]' +# Include 'user' if the change is relevant to end users. +# Include 'api' if there is a change to a library API. +# Default: '[user]' +change_logs: [] diff --git a/config/configgrpc/configgrpc.go b/config/configgrpc/configgrpc.go index 3bd98b0b2ad..025970c6cf6 100644 --- a/config/configgrpc/configgrpc.go +++ b/config/configgrpc/configgrpc.go @@ -9,6 +9,9 @@ import ( "errors" "fmt" "math" + "net" + "regexp" + "strconv" "strings" "time" @@ -224,6 +227,27 @@ func NewDefaultServerConfig() ServerConfig { } func (cc *ClientConfig) Validate() error { + if after, ok := strings.CutPrefix(cc.Endpoint, "unix://"); ok { + if after == "" { + return errors.New("unix socket path cannot be empty") + } + return nil + } + + endpoint := cc.sanitizedEndpoint() + if endpoint == "" { + return errors.New(`requires a non-empty "endpoint"`) + } + + // Validate that the port is in the address + _, port, err := net.SplitHostPort(endpoint) + if err != nil { + return err + } + if _, err := strconv.Atoi(port); err != nil { + return fmt.Errorf(`invalid port "%v"`, port) + } + if cc.BalancerName != "" { if balancer.Get(cc.BalancerName) == nil { return fmt.Errorf("invalid balancer_name: %s", cc.BalancerName) @@ -240,6 +264,9 @@ func (cc *ClientConfig) sanitizedEndpoint() string { return strings.TrimPrefix(cc.Endpoint, "http://") case cc.isSchemeHTTPS(): return strings.TrimPrefix(cc.Endpoint, "https://") + case strings.HasPrefix(cc.Endpoint, "dns://"): + r := regexp.MustCompile(`^dns:///?`) + return r.ReplaceAllString(cc.Endpoint, "") default: return cc.Endpoint } diff --git a/config/configgrpc/configgrpc_test.go b/config/configgrpc/configgrpc_test.go index 6c7185ae6f5..b28ab48e7fc 100644 --- a/config/configgrpc/configgrpc_test.go +++ b/config/configgrpc/configgrpc_test.go @@ -269,6 +269,24 @@ func TestAllGrpcClientSettings(t *testing.T) { } } +func TestSanitizeEndpoint(t *testing.T) { + cfg := NewDefaultClientConfig() + cfg.Endpoint = "dns://authority/backend.example.com:4317" + assert.Equal(t, "authority/backend.example.com:4317", cfg.sanitizedEndpoint()) + cfg.Endpoint = "dns:///backend.example.com:4317" + assert.Equal(t, "backend.example.com:4317", cfg.sanitizedEndpoint()) + cfg.Endpoint = "dns:////backend.example.com:4317" + assert.Equal(t, "/backend.example.com:4317", cfg.sanitizedEndpoint()) +} + +func TestValidateEndpoint(t *testing.T) { + cfg := NewDefaultClientConfig() + cfg.Endpoint = "dns://authority/backend.example.com:4317" + assert.NoError(t, cfg.Validate()) + cfg.Endpoint = "unix:///my/unix/socket.sock" + assert.NoError(t, cfg.Validate()) +} + func TestHeaders(t *testing.T) { traceServer := &grpcTraceServer{} server, addr := traceServer.startTestServer(t, configoptional.Some(ServerConfig{ diff --git a/exporter/otlpexporter/config.go b/exporter/otlpexporter/config.go index 7bcd17c0235..18dc659ff1f 100644 --- a/exporter/otlpexporter/config.go +++ b/exporter/otlpexporter/config.go @@ -4,16 +4,10 @@ package otlpexporter // import "go.opentelemetry.io/collector/exporter/otlpexporter" import ( - "errors" - "fmt" - "net" - "regexp" - "strconv" - "strings" - "go.opentelemetry.io/collector/component" "go.opentelemetry.io/collector/config/configgrpc" "go.opentelemetry.io/collector/config/configretry" + "go.opentelemetry.io/collector/confmap/xconfmap" "go.opentelemetry.io/collector/exporter/exporterhelper" ) @@ -28,43 +22,9 @@ type Config struct { _ struct{} } -func (c *Config) Validate() error { - if after, ok := strings.CutPrefix(c.ClientConfig.Endpoint, "unix://"); ok { - if after == "" { - return errors.New("unix socket path cannot be empty") - } - return nil - } - - endpoint := c.sanitizedEndpoint() - if endpoint == "" { - return errors.New(`requires a non-empty "endpoint"`) - } - - // Validate that the port is in the address - _, port, err := net.SplitHostPort(endpoint) - if err != nil { - return err - } - if _, err := strconv.Atoi(port); err != nil { - return fmt.Errorf(`invalid port "%s"`, port) - } +var _ component.Config = (*Config)(nil) +var _ xconfmap.Validator = (*Config)(nil) +func (c *Config) Validate() error { return nil } - -func (c *Config) sanitizedEndpoint() string { - switch { - case strings.HasPrefix(c.ClientConfig.Endpoint, "http://"): - return strings.TrimPrefix(c.ClientConfig.Endpoint, "http://") - case strings.HasPrefix(c.ClientConfig.Endpoint, "https://"): - return strings.TrimPrefix(c.ClientConfig.Endpoint, "https://") - case strings.HasPrefix(c.ClientConfig.Endpoint, "dns://"): - r := regexp.MustCompile(`^dns:///?`) - return r.ReplaceAllString(c.ClientConfig.Endpoint, "") - default: - return c.ClientConfig.Endpoint - } -} - -var _ component.Config = (*Config)(nil) diff --git a/exporter/otlpexporter/config_test.go b/exporter/otlpexporter/config_test.go index c87e0d9de37..d641fff8b67 100644 --- a/exporter/otlpexporter/config_test.go +++ b/exporter/otlpexporter/config_test.go @@ -180,23 +180,12 @@ func TestValidDNSEndpoint(t *testing.T) { factory := NewFactory() cfg := factory.CreateDefaultConfig().(*Config) cfg.ClientConfig.Endpoint = "dns://authority/backend.example.com:4317" - assert.NoError(t, cfg.Validate()) + assert.NoError(t, xconfmap.Validate(cfg)) } func TestValidUnixSocketEndpoint(t *testing.T) { factory := NewFactory() cfg := factory.CreateDefaultConfig().(*Config) cfg.ClientConfig.Endpoint = "unix:///my/unix/socket.sock" - assert.NoError(t, cfg.Validate()) -} - -func TestSanitizeEndpoint(t *testing.T) { - factory := NewFactory() - cfg := factory.CreateDefaultConfig().(*Config) - cfg.ClientConfig.Endpoint = "dns://authority/backend.example.com:4317" - assert.Equal(t, "authority/backend.example.com:4317", cfg.sanitizedEndpoint()) - cfg.ClientConfig.Endpoint = "dns:///backend.example.com:4317" - assert.Equal(t, "backend.example.com:4317", cfg.sanitizedEndpoint()) - cfg.ClientConfig.Endpoint = "dns:////backend.example.com:4317" - assert.Equal(t, "/backend.example.com:4317", cfg.sanitizedEndpoint()) + assert.NoError(t, xconfmap.Validate(cfg)) } From 927e17660d072a7bd71cced7bf2f5a9921ec453d Mon Sep 17 00:00:00 2001 From: Pablo Baeyens Date: Wed, 26 Nov 2025 17:54:31 +0100 Subject: [PATCH 2/4] Fix tests --- config/configgrpc/configgrpc_test.go | 4 ++-- exporter/otlpexporter/config.go | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/config/configgrpc/configgrpc_test.go b/config/configgrpc/configgrpc_test.go index b28ab48e7fc..e6eb114d4d8 100644 --- a/config/configgrpc/configgrpc_test.go +++ b/config/configgrpc/configgrpc_test.go @@ -483,7 +483,7 @@ func TestGRPCClientSettingsError(t *testing.T) { err: "failed to load TLS config: failed to load CA CertPool File: failed to load cert /doesnt/exist:", settings: ClientConfig{ Headers: nil, - Endpoint: "", + Endpoint: "localhost:1234", Compression: "", TLS: configtls.ClientConfig{ Config: configtls.Config{ @@ -498,7 +498,7 @@ func TestGRPCClientSettingsError(t *testing.T) { err: "failed to load TLS config: failed to load TLS cert and key: for auth via TLS, provide both certificate and key, or neither", settings: ClientConfig{ Headers: nil, - Endpoint: "", + Endpoint: "localhost:1234", Compression: "", TLS: configtls.ClientConfig{ Config: configtls.Config{ diff --git a/exporter/otlpexporter/config.go b/exporter/otlpexporter/config.go index 18dc659ff1f..27a0333837f 100644 --- a/exporter/otlpexporter/config.go +++ b/exporter/otlpexporter/config.go @@ -22,8 +22,10 @@ type Config struct { _ struct{} } -var _ component.Config = (*Config)(nil) -var _ xconfmap.Validator = (*Config)(nil) +var ( + _ component.Config = (*Config)(nil) + _ xconfmap.Validator = (*Config)(nil) +) func (c *Config) Validate() error { return nil From 509ec2ffb0525de8f4c7a4e11f0304775434c093 Mon Sep 17 00:00:00 2001 From: Pablo Baeyens Date: Fri, 28 Nov 2025 13:04:58 +0100 Subject: [PATCH 3/4] Do not fail if endpoint is unset --- config/configgrpc/configgrpc.go | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/config/configgrpc/configgrpc.go b/config/configgrpc/configgrpc.go index 025970c6cf6..0faa0af6c66 100644 --- a/config/configgrpc/configgrpc.go +++ b/config/configgrpc/configgrpc.go @@ -233,24 +233,21 @@ func (cc *ClientConfig) Validate() error { } return nil } + + if endpoint := cc.sanitizedEndpoint(); endpoint != "" { + // Validate that the port is in the address + _, port, err := net.SplitHostPort(endpoint) + if err != nil { + return err + } + if _, err := strconv.Atoi(port); err != nil { + return fmt.Errorf(`invalid port "%v"`, port) + } - endpoint := cc.sanitizedEndpoint() - if endpoint == "" { - return errors.New(`requires a non-empty "endpoint"`) - } - - // Validate that the port is in the address - _, port, err := net.SplitHostPort(endpoint) - if err != nil { - return err - } - if _, err := strconv.Atoi(port); err != nil { - return fmt.Errorf(`invalid port "%v"`, port) - } - - if cc.BalancerName != "" { - if balancer.Get(cc.BalancerName) == nil { - return fmt.Errorf("invalid balancer_name: %s", cc.BalancerName) + if cc.BalancerName != "" { + if balancer.Get(cc.BalancerName) == nil { + return fmt.Errorf("invalid balancer_name: %s", cc.BalancerName) + } } } From d25e48e54c07be2dc0a491c6cfead8899c49415c Mon Sep 17 00:00:00 2001 From: Pablo Baeyens Date: Fri, 28 Nov 2025 13:08:48 +0100 Subject: [PATCH 4/4] Restore validation for nonempty endpoint in the OTLP exporter --- config/configgrpc/configgrpc.go | 12 ++++++------ exporter/otlpexporter/config.go | 21 +++++++++++++++++++++ 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/config/configgrpc/configgrpc.go b/config/configgrpc/configgrpc.go index 0faa0af6c66..719dd93fc85 100644 --- a/config/configgrpc/configgrpc.go +++ b/config/configgrpc/configgrpc.go @@ -233,8 +233,8 @@ func (cc *ClientConfig) Validate() error { } return nil } - - if endpoint := cc.sanitizedEndpoint(); endpoint != "" { + + if endpoint := cc.sanitizedEndpoint(); endpoint != "" { // Validate that the port is in the address _, port, err := net.SplitHostPort(endpoint) if err != nil { @@ -243,11 +243,11 @@ func (cc *ClientConfig) Validate() error { if _, err := strconv.Atoi(port); err != nil { return fmt.Errorf(`invalid port "%v"`, port) } + } - if cc.BalancerName != "" { - if balancer.Get(cc.BalancerName) == nil { - return fmt.Errorf("invalid balancer_name: %s", cc.BalancerName) - } + if cc.BalancerName != "" { + if balancer.Get(cc.BalancerName) == nil { + return fmt.Errorf("invalid balancer_name: %s", cc.BalancerName) } } diff --git a/exporter/otlpexporter/config.go b/exporter/otlpexporter/config.go index 27a0333837f..1d1a9000712 100644 --- a/exporter/otlpexporter/config.go +++ b/exporter/otlpexporter/config.go @@ -4,6 +4,10 @@ package otlpexporter // import "go.opentelemetry.io/collector/exporter/otlpexporter" import ( + "errors" + "regexp" + "strings" + "go.opentelemetry.io/collector/component" "go.opentelemetry.io/collector/config/configgrpc" "go.opentelemetry.io/collector/config/configretry" @@ -28,5 +32,22 @@ var ( ) func (c *Config) Validate() error { + if endpoint := c.sanitizedEndpoint(); endpoint == "" { + return errors.New(`requires a non-empty "endpoint"`) + } return nil } + +func (c *Config) sanitizedEndpoint() string { + switch { + case strings.HasPrefix(c.ClientConfig.Endpoint, "http://"): + return strings.TrimPrefix(c.ClientConfig.Endpoint, "http://") + case strings.HasPrefix(c.ClientConfig.Endpoint, "https://"): + return strings.TrimPrefix(c.ClientConfig.Endpoint, "https://") + case strings.HasPrefix(c.ClientConfig.Endpoint, "dns://"): + r := regexp.MustCompile(`^dns:///?`) + return r.ReplaceAllString(c.ClientConfig.Endpoint, "") + default: + return c.ClientConfig.Endpoint + } +}