Why is this important?
The current implementation of the OTLP interface lib is that the client side (requirer) determines if the communication is secure via the provider's endpoint scheme. This has worked so far because we have only implemented this for the opentelemetry-collector charms which use the otlp exporters allowing this behavior. However, the gRPC spec states that you only need:
ipv4:address[:port][,address[:port],...] -- IPv4 addresses
Steps to resolve
- The provider allows the charm author to define the entire endpoint; no changes to the
add_endpoint API is needed.
- We use the root store for communication in most charms, so there is no need to communicate CA certs in the databag.
- We do need to update the
OtlpEndpoint model to include the insecure information since secure communication is scoped per endpoint.
- We do not need to update the requirer because the
endpoints API offers the list of OtlpEndpoint which now has extra insecure context for the charm author to do with as they please.
Why is this important?
The current implementation of the OTLP interface lib is that the client side (requirer) determines if the communication is secure via the provider's endpoint scheme. This has worked so far because we have only implemented this for the
opentelemetry-collectorcharms which use theotlpexporters allowing this behavior. However, the gRPC spec states that you only need:Steps to resolve
add_endpointAPI is needed.OtlpEndpointmodel to include theinsecureinformation since secure communication is scoped per endpoint.endpointsAPI offers the list ofOtlpEndpointwhich now has extrainsecurecontext for the charm author to do with as they please.