Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[configtls] Validate MinVersion and MaxVersion #9475

Closed
mx-psi opened this issue Feb 6, 2024 · 6 comments
Closed

[configtls] Validate MinVersion and MaxVersion #9475

mx-psi opened this issue Feb 6, 2024 · 6 comments
Assignees
@molejnik88
Labels
area:config good first issue Good for newcomers release:allowed-for-ga
Milestone
go.opentelemetry....

Comments

@mx-psi
Copy link
Member

mx-psi commented Feb 6, 2024

We effectively restrict the allowed versions to the set defined here:

opentelemetry-collector/config/configtls/configtls.go

Line 382 in f5a7315

var tlsVersions = map[string]uint16{

We should validate for it! This can be done after 1.0 per the rules we have here

opentelemetry-collector/VERSIONING.md

Lines 52 to 54 in f5a7315

* **Making validation rules more strict**. A valid configuration struct as defined by its `Validate` method return value
must continue to be valid after a change to the validation rules, except when the configuration struct would cause an error
on its intended usage (e.g. when calling a method or when passed to any method or function in any module under opentelemetry-collector).

Still, it would be nice to have before 1.0 IMO
@andrzej-stencel andrzej-stencel added the good first issue Good for newcomers label Feb 16, 2024
@molejnik88
Copy link
Contributor

molejnik88 commented Feb 25, 2024
edited
Loading

Hi,
Isn't MinVersion validated here: configtls.go#L176 and MaxVersion validated here: configtls.go#L180?

Do we want to call LoadTLSConfig in respective components' config.Validate() methods?

@TylerHelmuth
Copy link
Member

@molejnik88 we should add a Validate function to TLSSetting. When a component's config uses TLSSetting and Validate is called for the component's config, it will also call TLSSetting's Validate.

@yurishkuro
Copy link
Member

When a component's config uses TLSSetting and Validate is called for the component's config, it will also call TLSSetting's Validate.

@TylerHelmuth are you saying this would be automatic, or does each config's Validate need to call TLSSettings.Validate() explicitly?

@TylerHelmuth
Copy link
Member

As long as I am reading this correctly, it is automatic. The component framework will call validate on the entire config, which ends up making Validate calls on anything it can within the config struct.

@molejnik88
Copy link
Contributor

I'd like to work on this issue. Can you please assign it to me?

@atoulme
Copy link
Contributor

atoulme commented Feb 26, 2024

Done, go for it

@molejnik88 molejnik88 mentioned this issue Feb 28, 2024
Merged
dmitryax pushed a commit that referenced this issue Mar 7, 2024
@molejnik88
[config/configtls] Validate MinVersion and MaxVersion (#9664)
d9e00e0 
**Description:**
Add `Validate()` method to `TLSSetting` and validate tls `min_version`
and `max_version`.

**Link to tracking Issue:** 
#9475
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@molejnik88 molejnik88

Labels
area:config good first issue Good for newcomers release:allowed-for-ga
Projects
Collector: v1
Archived in project
Milestone
go.opentelemetry.io/collector/config/...
Development

No branches or pull requests
6 participants
@atoulme @yurishkuro @mx-psi @TylerHelmuth @molejnik88 @andrzej-stencel