[feature] Reduce TLS config (#13)

Author: adschr

exporter/solarwindsexporter/config.go

@@ -45,9 +45,6 @@ type Config struct {
 	ingestionToken configopaque.String `mapstructure:"-"`
 	// endpointURL stores the URL provided by the Solarwinds Extension.
 	endpointURL string `mapstructure:"-"`
-	// insecure stores the option to disable TLS provided
-	// by the Solarwinds Extension.
-	insecure bool `mapstructure:"-"`
 }
 
 // extensionAsComponent tries to parse `extension` value of the form 'type/name'
@@ -124,9 +121,6 @@ func (cfg *Config) OTLPConfig() (*otlpexporter.Config, error) {
 		ClientConfig:  clientCfg,
 	}
 
-	// Disable TLS for testing.
-	otlpConfig.ClientConfig.TLSSetting.Insecure = cfg.insecure
-
 	if err := otlpConfig.Validate(); err != nil {
 		return nil, err
 	}

exporter/solarwindsexporter/solarwinds_exporter.go

@@ -108,10 +108,6 @@ func (swiExporter *solarwindsExporter) initExporterType(
 	}
 	swiExporter.config.endpointURL = url
 
-	// Get TLS settings for testing.
-	insecure := endpointCfg.Insecure()
-	swiExporter.config.insecure = insecure
-
 	otlpExporter := otlpexporter.NewFactory()
 	otlpCfg, err := swiExporter.config.OTLPConfig()
 	if err != nil {

extension/solarwindsextension/config_test.go

@@ -42,7 +42,6 @@ func TestConfigUnmarshalFull(t *testing.T) {
 		EndpointURLOverride: "127.0.0.1:1234",
 		IngestionToken:      "TOKEN",
 		CollectorName:       "test-collector",
-		Insecure:            true,
 	}, cfg)
 }
 
@@ -115,23 +114,6 @@ func TestConfigValidateMissingCollectorName(t *testing.T) {
 	)
 }
 
-// TestConfigValidateInsecureInProd tests that 'insecure'
-// cannot be enabled for a production endpoint.
-func TestConfigValidateInsecureInProd(t *testing.T) {
-	cfgFile := testutil.LoadConfigTestdata(t, "insecure_in_prod")
-
-	// Parse configuration.
-	factory := NewFactory()
-	cfg := factory.CreateDefaultConfig()
-	require.NoError(t, cfgFile.Unmarshal(&cfg))
-
-	assert.ErrorContains(
-		t,
-		cfg.(*internal.Config).Validate(),
-		"invalid configuration: 'insecure'",
-	)
-}
-
 // TestConfigTokenRedacted checks that the configuration
 // type doesn't leak its secret token unless it is accessed explicitly.
 func TestConfigTokenRedacted(t *testing.T) {

extension/solarwindsextension/endpoint_config.go

@@ -23,7 +23,6 @@ import (
 type EndpointConfig interface {
 	Url() (string, error)
 	Token() configopaque.String
-	Insecure() bool
 }
 
 type endpointConfig struct{ cfg *internal.Config }
@@ -41,7 +40,3 @@ func (c *endpointConfig) Url() (string, error) {
 func (c *endpointConfig) Token() configopaque.String {
 	return c.cfg.IngestionToken
 }
-
-func (c *endpointConfig) Insecure() bool {
-	return c.cfg.Insecure
-}

extension/solarwindsextension/internal/config.go

@@ -36,21 +36,15 @@ type Config struct {
 	IngestionToken configopaque.String `mapstructure:"token"`
 	// CollectorName name of the collector passed in the heartbeat metric
 	CollectorName string `mapstructure:"collector_name"`
-	// Insecure disables TLS in the exporters.
-
 	// ⚠️ Warning: For testing purpose only.
 	// EndpointURLOverride sets OTLP endpoint directly, it overrides the DataCenter configuration.
 	EndpointURLOverride string `mapstructure:"endpoint_url_override"`
-	// ⚠️ Warning: For testing purpose only.
-	// Insecure disables the TLS security. It can be used only together with EndpointURLOverride.
-	Insecure bool `mapstructure:"insecure"`
 }
 
 var (
 	ErrMissingDataCenter    = errors.New("invalid configuration: 'data_center' must be set")
 	ErrMissingToken         = errors.New("invalid configuration: 'token' must be set")
 	ErrMissingCollectorName = errors.New("invalid configuration: 'collector_name' must be set")
-	ErrInsecureInProd       = errors.New("invalid configuration: 'insecure' is not allowed in production mode")
 )
 
 // NewDefaultConfig creates a new default configuration.
@@ -67,10 +61,6 @@ func (cfg *Config) Validate() error {
 		return ErrMissingDataCenter
 	}
 
-	if cfg.Insecure && cfg.EndpointURLOverride == "" {
-		return ErrInsecureInProd
-	}
-
 	if _, err := cfg.EndpointUrl(); err != nil {
 		return fmt.Errorf("invalid 'data_center' value: %w", err)
 	}
@@ -113,11 +103,6 @@ func (cfg *Config) OTLPConfig() (*otlpexporter.Config, error) {
 		},
 	}
 
-	// Disable TLS for testing.
-	if cfg.Insecure {
-		otlpConfig.ClientConfig.TLSSetting.Insecure = true
-	}
-
 	if err = otlpConfig.Validate(); err != nil {
 		return nil, err
 	}

extension/solarwindsextension/testdata/full.yaml

@@ -2,4 +2,3 @@ token: "TOKEN"
 data_center: "na-01"
 collector_name: "test-collector"
 endpoint_url_override: "127.0.0.1:1234"
-insecure: true