jmx-scraper add ssl support

README.md

@@ -15,11 +15,11 @@ feature or via instrumentation, this project is hopefully for you.
 ## Provided Libraries
 
 | Status* | Library                                                           |
-| ------- |-------------------------------------------------------------------|
+|---------|-------------------------------------------------------------------|
 | beta    | [AWS Resources](./aws-resources/README.md)                        |
 | stable  | [AWS X-Ray SDK Support](./aws-xray/README.md)                     |
 | alpha   | [AWS X-Ray Propagator](./aws-xray-propagator/README.md)           |
-| alpha   | [Baggage Processors](./baggage-processor/README.md) |
+| alpha   | [Baggage Processors](./baggage-processor/README.md)               |
 | alpha   | [zstd Compressor](./compressors/compressor-zstd/README.md)        |
 | alpha   | [Consistent Sampling](./consistent-sampling/README.md)            |
 | alpha   | [Disk Buffering](./disk-buffering/README.md)                      |
@@ -29,6 +29,7 @@ feature or via instrumentation, this project is hopefully for you.
 | alpha   | [JFR Connection](./jfr-connection/README.md)                      |
 | alpha   | [JFR Events](./jfr-events/README.md)                              |
 | alpha   | [JMX Metric Gatherer](./jmx-metrics/README.md)                    |
+| alpha   | [JMX Metric Scraper](./jmx-scraper/README.md)                     |
 | alpha   | [Kafka Support](./kafka-exporter/README.md)                       |
 | alpha   | [OpenTelemetry Maven Extension](./maven-extension/README.md)      |
 | alpha   | [Micrometer MeterProvider](./micrometer-meter-provider/README.md) |

jmx-scraper/README.md

@@ -45,6 +45,14 @@ For example the `otel.jmx.service.url` option can be set with the `OTEL_JMX_SERV
 | `otel.jmx.password`            | -             | password for JMX connection, mandatory when JMX authentication is set on target JVM with `com.sun.management.jmxremote.authenticate=true` |
 | `otel.jmx.remote.registry.ssl` | `false`       | connect to an SSL-protected registry when enabled on target JVM with `com.sun.management.jmxremote.registry.ssl=true`                     |
 
+When both `otel.jmx.target.system` and `otel.jmx.config` configuration options are used at the same time:
+
+- `otel.jmx.target.system` provides ready-to-use metrics and `otel.jmx.config` allows to add custom definitions.
+- The metrics definitions will be the aggregation of both.
+- There is no guarantee on the priority or any ability to override the definitions.
+
+If there is a need to override existing ready-to-use metrics or to keep control on the metrics definitions, using a custom YAML definition with `otel.jmx.config` is the recommended option.
+
 Supported values for `otel.jmx.target.system`:
 
 | `otel.jmx.target.system` | description           |

jmx-scraper/src/integrationTest/java/io/opentelemetry/contrib/jmxscraper/JmxConnectionTest.java

@@ -5,8 +5,6 @@
 
 package io.opentelemetry.contrib.jmxscraper;
 
-import static io.opentelemetry.contrib.jmxscraper.TestKeyStoreUtil.addTrustedCertificate;
-import static io.opentelemetry.contrib.jmxscraper.TestKeyStoreUtil.createKeyStore;
 import static org.assertj.core.api.Assertions.assertThat;
 
 import java.nio.file.Path;
@@ -94,24 +92,24 @@ private static void testServerSsl(Path tempDir, boolean sslRmiRegistry) {
     // server keystore with public/private key pair
     // client trust store with certificate from server
 
-    Path serverKeystore = tempDir.resolve("server.jks");
-    Path clientTrustStore = tempDir.resolve("client.jks");
+    TestKeyStore serverKeystore =
+        TestKeyStore.newKeyStore(tempDir.resolve("server.jks"), SERVER_PASSWORD);
+    TestKeyStore clientTrustStore =
+        TestKeyStore.newKeyStore(tempDir.resolve("client.jks"), CLIENT_PASSWORD);
 
-    X509Certificate serverCertificate = createKeyStore(serverKeystore, SERVER_PASSWORD);
-
-    createKeyStore(clientTrustStore, CLIENT_PASSWORD);
-    addTrustedCertificate(clientTrustStore, CLIENT_PASSWORD, serverCertificate);
+    X509Certificate serverCertificate = serverKeystore.addKeyPair();
+    clientTrustStore.addTrustedCertificate(serverCertificate);
 
     connectionTest(
         app ->
             (sslRmiRegistry ? app.withSslRmiRegistry(4242) : app)
                 .withJmxPort(JMX_PORT)
                 .withJmxSsl()
-                .withKeyStore(serverKeystore, SERVER_PASSWORD),
+                .withKeyStore(serverKeystore),
         scraper ->
             (sslRmiRegistry ? scraper.withSslRmiRegistry() : scraper)
                 .withRmiServiceUrl(APP_HOST, JMX_PORT)
-                .withTrustStore(clientTrustStore, CLIENT_PASSWORD));
+                .withTrustStore(clientTrustStore));
   }
 
   @Test
@@ -125,34 +123,36 @@ void serverSslClientSsl(@TempDir Path tempDir) {
     // client key store with public/private key pair
     // client trust store with certificate from server
 
-    Path serverKeystore = tempDir.resolve("server-keystore.jks");
-    Path serverTrustStore = tempDir.resolve("server-truststore.jks");
+    TestKeyStore serverKeystore =
+        TestKeyStore.newKeyStore(tempDir.resolve("server-keystore.jks"), SERVER_PASSWORD);
+    TestKeyStore serverTrustStore =
+        TestKeyStore.newKeyStore(tempDir.resolve("server-truststore.jks"), SERVER_PASSWORD);
 
-    X509Certificate serverCertificate = createKeyStore(serverKeystore, SERVER_PASSWORD);
-    createKeyStore(serverTrustStore, SERVER_PASSWORD);
+    X509Certificate serverCertificate = serverKeystore.addKeyPair();
 
-    Path clientKeystore = tempDir.resolve("client-keystore.jks");
-    Path clientTrustStore = tempDir.resolve("client-truststore.jks");
+    TestKeyStore clientKeystore =
+        TestKeyStore.newKeyStore(tempDir.resolve("client-keystore.jks"), CLIENT_PASSWORD);
+    TestKeyStore clientTrustStore =
+        TestKeyStore.newKeyStore(tempDir.resolve("client-truststore.jks"), CLIENT_PASSWORD);
 
-    X509Certificate clientCertificate = createKeyStore(clientKeystore, CLIENT_PASSWORD);
-    createKeyStore(clientTrustStore, CLIENT_PASSWORD);
+    X509Certificate clientCertificate = clientKeystore.addKeyPair();
 
     // adding certificates in trust stores
-    addTrustedCertificate(serverTrustStore, SERVER_PASSWORD, clientCertificate);
-    addTrustedCertificate(clientTrustStore, CLIENT_PASSWORD, serverCertificate);
+    clientTrustStore.addTrustedCertificate(serverCertificate);
+    serverTrustStore.addTrustedCertificate(clientCertificate);
 
     connectionTest(
         app ->
             app.withJmxPort(JMX_PORT)
                 .withJmxSsl()
                 .withClientSslCertificate()
-                .withKeyStore(serverKeystore, SERVER_PASSWORD)
-                .withTrustStore(serverTrustStore, SERVER_PASSWORD),
+                .withKeyStore(serverKeystore)
+                .withTrustStore(serverTrustStore),
         scraper ->
             scraper
                 .withRmiServiceUrl(APP_HOST, JMX_PORT)
-                .withKeyStore(clientKeystore, CLIENT_PASSWORD)
-                .withTrustStore(clientTrustStore, CLIENT_PASSWORD));
+                .withKeyStore(clientKeystore)
+                .withTrustStore(clientTrustStore));
   }
 
   private static void connectionTest(

jmx-scraper/src/integrationTest/java/io/opentelemetry/contrib/jmxscraper/JmxScraperContainer.java

@@ -32,10 +32,8 @@ public class JmxScraperContainer extends GenericContainer<JmxScraperContainer> {
   private String password;
   private final List<String> extraJars;
   private boolean testJmx;
-  private Path keyStore;
-  private String keyStorePassword;
-  private Path trustStore;
-  private String trustStorePassword;
+  private TestKeyStore keyStore;
+  private TestKeyStore trustStore;
   private boolean sslRmiRegistry;
 
   public JmxScraperContainer(String otlpEndpoint, String baseImage) {
@@ -146,28 +144,24 @@ public JmxScraperContainer withTestJmx() {
   /**
    * Configure key store for the scraper JVM
    *
-   * @param keyStore path to key store
-   * @param password key store password
+   * @param keyStore key store
    * @return this
    */
   @CanIgnoreReturnValue
-  public JmxScraperContainer withKeyStore(Path keyStore, String password) {
+  public JmxScraperContainer withKeyStore(TestKeyStore keyStore) {
     this.keyStore = keyStore;
-    this.keyStorePassword = password;
     return this;
   }
 
   /**
    * Configure trust store for the scraper JVM
    *
-   * @param trustStore path to trust store
-   * @param password trust store password
+   * @param trustStore trust store
    * @return this
    */
   @CanIgnoreReturnValue
-  public JmxScraperContainer withTrustStore(Path trustStore, String password) {
+  public JmxScraperContainer withTrustStore(TestKeyStore trustStore) {
     this.trustStore = trustStore;
-    this.trustStorePassword = password;
     return this;
   }
 
@@ -208,8 +202,8 @@ public void start() {
       arguments.add("-Dotel.jmx.password=" + password);
     }
 
-    arguments.addAll(addKeyStore(keyStore, keyStorePassword, /* keyStore= */ true));
-    arguments.addAll(addKeyStore(trustStore, trustStorePassword, /* keyStore= */ false));
+    arguments.addAll(addSecureStore(keyStore, /* isKeyStore= */ true));
+    arguments.addAll(addSecureStore(trustStore, /* isKeyStore= */ false));
 
     if (sslRmiRegistry) {
       arguments.add("-Dotel.jmx.remote.registry.ssl=true");
@@ -249,14 +243,16 @@ public void start() {
     super.start();
   }
 
-  private List<String> addKeyStore(Path path, String password, boolean keyStore) {
-    if (path == null) {
+  private List<String> addSecureStore(TestKeyStore keyStore, boolean isKeyStore) {
+    if (keyStore == null) {
       return Collections.emptyList();
     }
+    Path path = keyStore.getPath();
     String containerPath = "/" + path.getFileName().toString();
     this.withCopyFileToContainer(MountableFile.forHostPath(path), containerPath);
 
-    String prefix = String.format("-Djavax.net.ssl.%sStore", keyStore ? "key" : "trust");
-    return Arrays.asList(prefix + "=" + containerPath, prefix + "Password=" + password);
+    String prefix = String.format("-Djavax.net.ssl.%sStore", isKeyStore ? "key" : "trust");
+    return Arrays.asList(
+        prefix + "=" + containerPath, prefix + "Password=" + keyStore.getPassword());
   }
 }

jmx-scraper/src/integrationTest/java/io/opentelemetry/contrib/jmxscraper/TestAppContainer.java

@@ -29,10 +29,8 @@ public class TestAppContainer extends GenericContainer<TestAppContainer> {
   private String pwd;
   private boolean jmxSsl;
   private boolean jmxSslRegistry;
-  private Path keyStore;
-  private String keyStorePassword;
-  private Path trustStore;
-  private String trustStorePassword;
+  private TestKeyStore keyStore;
+  private TestKeyStore trustStore;
   private int jmxPort;
   private int jmxRmiPort;
   private boolean clientCertificate;
@@ -115,28 +113,24 @@ public TestAppContainer withClientSslCertificate() {
   /**
    * Configure key store for the remote JVM
    *
-   * @param keyStore path to key store
-   * @param password key store password
+   * @param keyStore key store
    * @return this
    */
   @CanIgnoreReturnValue
-  public TestAppContainer withKeyStore(Path keyStore, String password) {
+  public TestAppContainer withKeyStore(TestKeyStore keyStore) {
     this.keyStore = keyStore;
-    this.keyStorePassword = password;
     return this;
   }
 
   /**
    * Configure trust store for the remote JVM
    *
-   * @param trustStore path to trust store
-   * @param password trust store password
+   * @param trustStore trust store
    * @return this
    */
   @CanIgnoreReturnValue
-  public TestAppContainer withTrustStore(Path trustStore, String password) {
+  public TestAppContainer withTrustStore(TestKeyStore trustStore) {
     this.trustStore = trustStore;
-    this.trustStorePassword = password;
     return this;
   }
 
@@ -176,8 +170,8 @@ public void start() {
     }
 
     // add optional key and trust stores
-    addKeyStore(keyStore, keyStorePassword, /* keyStore= */ true, properties);
-    addKeyStore(trustStore, trustStorePassword, /* keyStore= */ false, properties);
+    addSecureStore(keyStore, /* isKeyStore= */ true, properties);
+    addSecureStore(trustStore, /* isKeyStore= */ false, properties);
 
     String confArgs =
         properties.entrySet().stream()
@@ -198,17 +192,18 @@ public void start() {
     super.start();
   }
 
-  private void addKeyStore(
-      Path path, String password, boolean keyStore, Map<String, String> properties) {
-    if (path == null) {
+  private void addSecureStore(
+      TestKeyStore keyStore, boolean isKeyStore, Map<String, String> properties) {
+    if (keyStore == null) {
       return;
     }
+    Path path = keyStore.getPath();
     String containerPath = "/" + path.getFileName().toString();
     this.withCopyFileToContainer(MountableFile.forHostPath(path), containerPath);
 
-    String prefix = String.format("javax.net.ssl.%sStore", keyStore ? "key" : "trust");
+    String prefix = String.format("javax.net.ssl.%sStore", isKeyStore ? "key" : "trust");
     properties.put(prefix, containerPath);
-    properties.put(prefix + "Password", password);
+    properties.put(prefix + "Password", keyStore.getPassword());
   }
 
   private static Path createPwdFile(String login, String pwd) {