fix: add error handling for insecure HTTP endpoints with TLS client configuration by sandy2008 · Pull Request #7914 · open-telemetry/opentelemetry-go (original) (raw)

Summary

This PR moves the insecure + TLS config validation into the core OTLP HTTP exporters in opentelemetry-go (trace, metric, and log), instead of relying on validation in external/config-wrapper code.

This aligns with feedback from open-telemetry/opentelemetry-go-contrib PR open-telemetry/opentelemetry-go-contrib#8560: these packages are maintained/released together, so the check should be enforced in this repo as well.

What changed

• Added exporter-level validation error:
  • "insecure HTTP endpoint cannot use TLS client configuration"
• Enforced in:
  • otlpmetrichttp client construction
  • otlploghttp client construction
  • otlptracehttp client startup (Start, since NewClient does not return an error)
• Added tests in all three exporters to cover:
  • Error when WithInsecure() and WithTLSClientConfig(...) are both set
  • No error when a custom WithHTTPClient(...) is provided (preserves existing precedence semantics)

Behavior

• Invalid config (insecure + TLS config) now fails fast directly in exporters.
• Existing WithHTTPClient override behavior remains unchanged.

Testing

Ran:

• go test ./... in exporters/otlp/otlpmetric/otlpmetrichttp
• go test ./... in exporters/otlp/otlplog/otlploghttp
• go test ./... in exporters/otlp/otlptrace/otlptracehttp

Related

• open-telemetry/opentelemetry-go-contrib PR (otelconf: fail closed when OTLP HTTP exporter uses http endpoint with TLS/mTLS config opentelemetry-go-contrib#8560)