Implement Client Key and Certificate File Support for All OTLP Exporters

CHANGELOG.md

@@ -20,6 +20,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   ([#4103](https://github.com/open-telemetry/opentelemetry-python/pull/4103))
 - Update semantic conventions to version 1.27.0
   ([#4104](https://github.com/open-telemetry/opentelemetry-python/pull/4104))
+- Implement Client Key and Certificate File Support for All OTLP Exporters
+  ([#4116](https://github.com/open-telemetry/opentelemetry-python/pull/4116))
 
 ## Version 1.26.0/0.47b0 (2024-07-25)
 

exporter/opentelemetry-exporter-otlp-proto-grpc/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py

@@ -34,6 +34,8 @@
 
 from opentelemetry.sdk.environment_variables import (
     OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_LOGS_CLIENT_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_LOGS_CLIENT_KEY,
     OTEL_EXPORTER_OTLP_LOGS_COMPRESSION,
     OTEL_EXPORTER_OTLP_LOGS_ENDPOINT,
     OTEL_EXPORTER_OTLP_LOGS_HEADERS,
@@ -71,7 +73,10 @@ def __init__(
             and environ.get(OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE) is not None
         ):
             credentials = _get_credentials(
-                credentials, OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE
+                credentials,
+                OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE,
+                OTEL_EXPORTER_OTLP_LOGS_CLIENT_KEY,
+                OTEL_EXPORTER_OTLP_LOGS_CLIENT_CERTIFICATE,
             )
 
         environ_timeout = environ.get(OTEL_EXPORTER_OTLP_LOGS_TIMEOUT)

exporter/opentelemetry-exporter-otlp-proto-grpc/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py

@@ -61,6 +61,8 @@
 )
 from opentelemetry.proto.resource.v1.resource_pb2 import Resource  # noqa: F401
 from opentelemetry.sdk.environment_variables import (
+    OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_CLIENT_KEY,
     OTEL_EXPORTER_OTLP_CERTIFICATE,
     OTEL_EXPORTER_OTLP_COMPRESSION,
     OTEL_EXPORTER_OTLP_ENDPOINT,
@@ -118,22 +120,48 @@ def get_resource_data(
     return _get_resource_data(sdk_resource_scope_data, resource_class, name)
 
 
-def _load_credential_from_file(filepath) -> ChannelCredentials:
+def _get_file_content(file_path: str) -> bytes:
+    with open(file_path, "rb") as file:
+        return file.read()
+
+
+def _load_credentials(
+    certificate_file: str,
+    client_key_file: str,
+    client_certificate_file: str,
+) -> Optional[ChannelCredentials]:
     try:
-        with open(filepath, "rb") as creds_file:
-            credential = creds_file.read()
-            return ssl_channel_credentials(credential)
-    except FileNotFoundError:
-        logger.exception("Failed to read credential file")
+        root_certificates = _get_file_content(certificate_file)
+        private_key = _get_file_content(client_key_file)
+        certificate_chain = _get_file_content(client_certificate_file)
+        return ssl_channel_credentials(
+            root_certificates=root_certificates,
+            private_key=private_key,
+            certificate_chain=certificate_chain,
+        )
+    except FileNotFoundError as e:
+        logger.exception(
+            f"Failed to read credential file: {e.filename}. Please check if the file exists and is accessible."
+        )
         return None
 
 
-def _get_credentials(creds, environ_key):
+def _get_credentials(
+    creds: Optional[ChannelCredentials],
+    certificate_file_env_key: str,
+    client_key_file_env_key: str,
+    client_certificate_file_env_key: str,
+) -> ChannelCredentials:
     if creds is not None:
         return creds
-    creds_env = environ.get(environ_key)
-    if creds_env:
-        return _load_credential_from_file(creds_env)
+
+    certificate_file = environ.get(certificate_file_env_key)
+    if certificate_file:
+        client_key_file = environ.get(client_key_file_env_key)
+        client_certificate_file = environ.get(client_certificate_file_env_key)
+        return _load_credentials(
+            certificate_file, client_key_file, client_certificate_file
+        )
     return ssl_channel_credentials()
 
 
@@ -214,7 +242,10 @@ def __init__(
             )
         else:
             credentials = _get_credentials(
-                credentials, OTEL_EXPORTER_OTLP_CERTIFICATE
+                credentials,
+                OTEL_EXPORTER_OTLP_CERTIFICATE,
+                OTEL_EXPORTER_OTLP_CLIENT_KEY,
+                OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE,
             )
             self._client = self._stub(
                 secure_channel(

exporter/opentelemetry-exporter-otlp-proto-grpc/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py

@@ -42,6 +42,8 @@
 from opentelemetry.proto.metrics.v1 import metrics_pb2 as pb2  # noqa: F401
 from opentelemetry.sdk.environment_variables import (
     OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_METRICS_CLIENT_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY,
     OTEL_EXPORTER_OTLP_METRICS_COMPRESSION,
     OTEL_EXPORTER_OTLP_METRICS_ENDPOINT,
     OTEL_EXPORTER_OTLP_METRICS_HEADERS,
@@ -113,7 +115,10 @@ def __init__(
             and environ.get(OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE) is not None
         ):
             credentials = _get_credentials(
-                credentials, OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE
+                credentials,
+                OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE,
+                OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY,
+                OTEL_EXPORTER_OTLP_METRICS_CLIENT_CERTIFICATE,
             )
 
         environ_timeout = environ.get(OTEL_EXPORTER_OTLP_METRICS_TIMEOUT)

exporter/opentelemetry-exporter-otlp-proto-grpc/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py

@@ -48,6 +48,8 @@
 )
 from opentelemetry.proto.trace.v1.trace_pb2 import Status  # noqa: F401
 from opentelemetry.sdk.environment_variables import (
+    OTEL_EXPORTER_OTLP_TRACES_CLIENT_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_TRACES_CLIENT_KEY,
     OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE,
     OTEL_EXPORTER_OTLP_TRACES_COMPRESSION,
     OTEL_EXPORTER_OTLP_TRACES_ENDPOINT,
@@ -105,7 +107,10 @@ def __init__(
             and environ.get(OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE) is not None
         ):
             credentials = _get_credentials(
-                credentials, OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE
+                credentials,
+                OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE,
+                OTEL_EXPORTER_OTLP_TRACES_CLIENT_KEY,
+                OTEL_EXPORTER_OTLP_TRACES_CLIENT_CERTIFICATE,
             )
 
         environ_timeout = environ.get(OTEL_EXPORTER_OTLP_TRACES_TIMEOUT)

exporter/opentelemetry-exporter-otlp-proto-grpc/tests/logs/test_otlp_logs_exporter.py

@@ -53,6 +53,8 @@
 from opentelemetry.sdk._logs.export import LogExportResult
 from opentelemetry.sdk.environment_variables import (
     OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_LOGS_CLIENT_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_LOGS_CLIENT_KEY,
     OTEL_EXPORTER_OTLP_LOGS_COMPRESSION,
     OTEL_EXPORTER_OTLP_LOGS_ENDPOINT,
     OTEL_EXPORTER_OTLP_LOGS_HEADERS,
@@ -212,6 +214,10 @@ def test_exporting(self):
             OTEL_EXPORTER_OTLP_LOGS_ENDPOINT: "logs:4317",
             OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE: THIS_DIR
             + "/../fixtures/test.cert",
+            OTEL_EXPORTER_OTLP_LOGS_CLIENT_CERTIFICATE: THIS_DIR
+            + "/../fixtures/test-client-cert.pem",
+            OTEL_EXPORTER_OTLP_LOGS_CLIENT_KEY: THIS_DIR
+            + "/../fixtures/test-client-key.pem",
             OTEL_EXPORTER_OTLP_LOGS_HEADERS: " key1=value1,KEY2 = VALUE=2",
             OTEL_EXPORTER_OTLP_LOGS_TIMEOUT: "10",
             OTEL_EXPORTER_OTLP_LOGS_COMPRESSION: "gzip",

exporter/opentelemetry-exporter-otlp-proto-grpc/tests/test_otlp_metrics_exporter.py

@@ -45,6 +45,8 @@
 from opentelemetry.sdk.environment_variables import (
     OTEL_EXPORTER_OTLP_COMPRESSION,
     OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_METRICS_CLIENT_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY,
     OTEL_EXPORTER_OTLP_METRICS_COMPRESSION,
     OTEL_EXPORTER_OTLP_METRICS_DEFAULT_HISTOGRAM_AGGREGATION,
     OTEL_EXPORTER_OTLP_METRICS_ENDPOINT,
@@ -223,6 +225,10 @@ def test_preferred_temporality(self):
             OTEL_EXPORTER_OTLP_METRICS_ENDPOINT: "collector:4317",
             OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE: THIS_DIR
             + "/fixtures/test.cert",
+            OTEL_EXPORTER_OTLP_METRICS_CLIENT_CERTIFICATE: THIS_DIR
+            + "/fixtures/test-client-cert.pem",
+            OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY: THIS_DIR
+            + "/fixtures/test-client-key.pem",
             OTEL_EXPORTER_OTLP_METRICS_HEADERS: " key1=value1,KEY2 = value=2",
             OTEL_EXPORTER_OTLP_METRICS_TIMEOUT: "10",
             OTEL_EXPORTER_OTLP_METRICS_COMPRESSION: "gzip",

exporter/opentelemetry-exporter-otlp-proto-grpc/tests/test_otlp_trace_exporter.py

@@ -56,6 +56,8 @@
 from opentelemetry.sdk.environment_variables import (
     OTEL_EXPORTER_OTLP_COMPRESSION,
     OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_TRACES_CLIENT_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_TRACES_CLIENT_KEY,
     OTEL_EXPORTER_OTLP_TRACES_COMPRESSION,
     OTEL_EXPORTER_OTLP_TRACES_ENDPOINT,
     OTEL_EXPORTER_OTLP_TRACES_HEADERS,
@@ -232,6 +234,10 @@ def test_exporting(self):
             OTEL_EXPORTER_OTLP_TRACES_ENDPOINT: "collector:4317",
             OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE: THIS_DIR
             + "/fixtures/test.cert",
+            OTEL_EXPORTER_OTLP_TRACES_CLIENT_CERTIFICATE: THIS_DIR
+            + "/fixtures/test-client-cert.pem",
+            OTEL_EXPORTER_OTLP_TRACES_CLIENT_KEY: THIS_DIR
+            + "/fixtures/test-client-key.pem",
             OTEL_EXPORTER_OTLP_TRACES_HEADERS: " key1=value1,KEY2 = value=2",
             OTEL_EXPORTER_OTLP_TRACES_TIMEOUT: "10",
             OTEL_EXPORTER_OTLP_TRACES_COMPRESSION: "gzip",
@@ -868,20 +874,6 @@ def test_translate_key_values(self):
         self.assertTrue(isinstance(arr_value.values[1], AnyValue))
         self.assertEqual(arr_value.values[1].string_value, "123")
 
-        # Tracing specs currently does not support Mapping type attributes
-        # map_value = _translate_key_values(
-        #     "map_type", {"asd": "123", "def": "456"}
-        # )
-        # self.assertTrue(isinstance(map_value, KeyValue))
-        # self.assertEqual(map_value.key, "map_type")
-        # self.assertTrue(isinstance(map_value.value, AnyValue))
-        # self.assertTrue(isinstance(map_value.value.kvlist_value, KeyValueList))
-
-        # kvlist_value = map_value.value.kvlist_value
-        # self.assertTrue(isinstance(kvlist_value.values[0], KeyValue))
-        # self.assertEqual(kvlist_value.values[0].key, "asd")
-        # self.assertEqual(kvlist_value.values[0].value.string_value, "123")
-
     def test_dropped_values(self):
         span = get_span_with_dropped_attributes_events_links()
         # pylint:disable=protected-access

exporter/opentelemetry-exporter-otlp-proto-http/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py

@@ -28,12 +28,16 @@
 from opentelemetry.exporter.otlp.proto.common._log_encoder import encode_logs
 from opentelemetry.sdk.environment_variables import (
     OTEL_EXPORTER_OTLP_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_CLIENT_KEY,
     OTEL_EXPORTER_OTLP_COMPRESSION,
     OTEL_EXPORTER_OTLP_ENDPOINT,
     OTEL_EXPORTER_OTLP_HEADERS,
     OTEL_EXPORTER_OTLP_TIMEOUT,
     OTEL_EXPORTER_OTLP_LOGS_ENDPOINT,
     OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_LOGS_CLIENT_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_LOGS_CLIENT_KEY,
     OTEL_EXPORTER_OTLP_LOGS_HEADERS,
     OTEL_EXPORTER_OTLP_LOGS_TIMEOUT,
     OTEL_EXPORTER_OTLP_LOGS_COMPRESSION,
@@ -67,6 +71,8 @@ def __init__(
         self,
         endpoint: Optional[str] = None,
         certificate_file: Optional[str] = None,
+        client_key_file: Optional[str] = None,
+        client_certificate_file: Optional[str] = None,
         headers: Optional[Dict[str, str]] = None,
         timeout: Optional[int] = None,
         compression: Optional[Compression] = None,
@@ -78,10 +84,25 @@ def __init__(
                 environ.get(OTEL_EXPORTER_OTLP_ENDPOINT, DEFAULT_ENDPOINT)
             ),
         )
+        # Keeping these as instance variables because they are used in tests
         self._certificate_file = certificate_file or environ.get(
             OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE,
             environ.get(OTEL_EXPORTER_OTLP_CERTIFICATE, True),
         )
+        self._client_key_file = client_key_file or environ.get(
+            OTEL_EXPORTER_OTLP_LOGS_CLIENT_KEY,
+            environ.get(OTEL_EXPORTER_OTLP_CLIENT_KEY, None),
+        )
+        self._client_certificate_file = client_certificate_file or environ.get(
+            OTEL_EXPORTER_OTLP_LOGS_CLIENT_CERTIFICATE,
+            environ.get(OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE, None),
+        )
+        self._client_cert = self._client_certificate_file
+        if self._client_certificate_file and self._client_key_file:
+            self._client_cert = (
+                self._client_certificate_file,
+                self._client_key_file,
+            )
         headers_string = environ.get(
             OTEL_EXPORTER_OTLP_LOGS_HEADERS,
             environ.get(OTEL_EXPORTER_OTLP_HEADERS, ""),
@@ -120,6 +141,7 @@ def _export(self, serialized_data: bytes):
             data=data,
             verify=self._certificate_file,
             timeout=self._timeout,
+            cert=self._client_cert,
         )
 
     @staticmethod

exporter/opentelemetry-exporter-otlp-proto-http/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py

@@ -51,11 +51,15 @@
 from opentelemetry.sdk.environment_variables import (
     OTEL_EXPORTER_OTLP_ENDPOINT,
     OTEL_EXPORTER_OTLP_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_CLIENT_KEY,
     OTEL_EXPORTER_OTLP_HEADERS,
     OTEL_EXPORTER_OTLP_TIMEOUT,
     OTEL_EXPORTER_OTLP_COMPRESSION,
     OTEL_EXPORTER_OTLP_METRICS_ENDPOINT,
     OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_METRICS_CLIENT_CERTIFICATE,
+    OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY,
     OTEL_EXPORTER_OTLP_METRICS_HEADERS,
     OTEL_EXPORTER_OTLP_METRICS_TIMEOUT,
     OTEL_EXPORTER_OTLP_METRICS_COMPRESSION,
@@ -96,6 +100,8 @@ def __init__(
         self,
         endpoint: Optional[str] = None,
         certificate_file: Optional[str] = None,
+        client_key_file: Optional[str] = None,
+        client_certificate_file: Optional[str] = None,
         headers: Optional[Dict[str, str]] = None,
         timeout: Optional[int] = None,
         compression: Optional[Compression] = None,
@@ -113,6 +119,20 @@ def __init__(
             OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE,
             environ.get(OTEL_EXPORTER_OTLP_CERTIFICATE, True),
         )
+        self._client_key_file = client_key_file or environ.get(
+            OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY,
+            environ.get(OTEL_EXPORTER_OTLP_CLIENT_KEY, None),
+        )
+        self._client_certificate_file = client_certificate_file or environ.get(
+            OTEL_EXPORTER_OTLP_METRICS_CLIENT_CERTIFICATE,
+            environ.get(OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE, None),
+        )
+        self._client_cert = self._client_certificate_file
+        if self._client_certificate_file and self._client_key_file:
+            self._client_cert = (
+                self._client_certificate_file,
+                self._client_key_file,
+            )
         headers_string = environ.get(
             OTEL_EXPORTER_OTLP_METRICS_HEADERS,
             environ.get(OTEL_EXPORTER_OTLP_HEADERS, ""),
@@ -156,6 +176,7 @@ def _export(self, serialized_data: bytes):
             data=data,
             verify=self._certificate_file,
             timeout=self._timeout,
+            cert=self._client_cert,
         )
 
     @staticmethod