diff --git a/config/config.go b/config/config.go index 9ed57fa5c..2c5fc447a 100644 --- a/config/config.go +++ b/config/config.go @@ -558,7 +558,7 @@ func (t *TracingConfig) UnmarshalYAML(unmarshal func(interface{}) error) error { return err } - if err := validateHeaders(t.Headers); err != nil { + if err := validateHeadersForTracing(t.Headers); err != nil { return err } @@ -805,6 +805,18 @@ func (c *RemoteWriteConfig) UnmarshalYAML(unmarshal func(interface{}) error) err return nil } +func validateHeadersForTracing(headers map[string]string) error { + for header := range headers { + if strings.ToLower(header) == "authorization" { + return errors.New("custom authorization header configuration is not yet supported") + } + if _, ok := reservedHeaders[strings.ToLower(header)]; ok { + return errors.Errorf("%s is a reserved header. It must not be changed", header) + } + } + return nil +} + func validateHeaders(headers map[string]string) error { for header := range headers { if strings.ToLower(header) == "authorization" { diff --git a/config/config_test.go b/config/config_test.go index 72c930105..c82601fcc 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -1464,6 +1464,10 @@ var expectedErrors = []struct { filename: "tracing_invalid_header.bad.yml", errMsg: "x-prometheus-remote-write-version is a reserved header. It must not be changed", }, + { + filename: "tracing_invalid_authorization_header.bad.yml", + errMsg: "authorization header configuration is not yet supported", + }, { filename: "tracing_invalid_compression.bad.yml", errMsg: "invalid compression type foo provided, valid options: gzip", diff --git a/config/testdata/tracing_invalid_authorization_header.bad.yml b/config/testdata/tracing_invalid_authorization_header.bad.yml new file mode 100644 index 000000000..4519bbecb --- /dev/null +++ b/config/testdata/tracing_invalid_authorization_header.bad.yml @@ -0,0 +1,5 @@ +tracing: + sampling_fraction: 1 + endpoint: "localhost:4317" + headers: + "authorization": foo diff --git a/tracing/tracing.go b/tracing/tracing.go index 3ee867921..c82332065 100644 --- a/tracing/tracing.go +++ b/tracing/tracing.go @@ -194,15 +194,11 @@ func getClient(tracingCfg config.TracingConfig) (otlptrace.Client, error) { opts = append(opts, otlptracegrpc.WithTimeout(time.Duration(tracingCfg.Timeout))) } - // Configure TLS only if config is not empty. - var blankTLSConfig config_util.TLSConfig - if tracingCfg.TLSConfig != blankTLSConfig { - tlsConf, err := config_util.NewTLSConfig(&tracingCfg.TLSConfig) - if err != nil { - return nil, err - } - opts = append(opts, otlptracegrpc.WithTLSCredentials(credentials.NewTLS(tlsConf))) + tlsConf, err := config_util.NewTLSConfig(&tracingCfg.TLSConfig) + if err != nil { + return nil, err } + opts = append(opts, otlptracegrpc.WithTLSCredentials(credentials.NewTLS(tlsConf))) client = otlptracegrpc.NewClient(opts...) case config.TracingClientHTTP: @@ -221,15 +217,11 @@ func getClient(tracingCfg config.TracingConfig) (otlptrace.Client, error) { opts = append(opts, otlptracehttp.WithTimeout(time.Duration(tracingCfg.Timeout))) } - // Configure TLS only if config is not empty. - var blankTLSConfig config_util.TLSConfig - if tracingCfg.TLSConfig != blankTLSConfig { - tlsConf, err := config_util.NewTLSConfig(&tracingCfg.TLSConfig) - if err != nil { - return nil, err - } - opts = append(opts, otlptracehttp.WithTLSClientConfig(tlsConf)) + tlsConf, err := config_util.NewTLSConfig(&tracingCfg.TLSConfig) + if err != nil { + return nil, err } + opts = append(opts, otlptracehttp.WithTLSClientConfig(tlsConf)) client = otlptracehttp.NewClient(opts...) }