[kafka] OTEL helper instead of tlscfg package #6270
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: chahatsagarmain <[email protected]>
Signed-off-by: chahatsagarmain <[email protected]>
yurishkuro
reviewed
Nov 28, 2024
yurishkuro
reviewed
Nov 28, 2024
yurishkuro
reviewed
Nov 28, 2024
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #6270 +/- ##
===========================================
+ Coverage 48.78% 96.44% +47.65%
===========================================
Files 179 355 +176
Lines 10799 20152 +9353
===========================================
+ Hits 5268 19435 +14167
+ Misses 5088 528 -4560
+ Partials 443 189 -254
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
yurishkuro
reviewed
Nov 28, 2024
Signed-off-by: chahatsagarmain <[email protected]>
yurishkuro
approved these changes
Nov 28, 2024
3 tasks
This was referenced Jul 23, 2025
yurishkuro
added a commit
that referenced
this pull request
Jul 31, 2025
## Which problem is this PR solving? - Resolves #6744 ## Description of the changes ### Issue: - PR #6270 introduced a regression in Kafka TLS configuration. The original code allowed TLS to be used with any authentication method (plaintext, kerberos, tls) by checking `config.Authentication == tls || config.TLS.Enabled`. However, the pr changed this to only `config.Authentication == tls`, breaking SASL_SSL configurations where users need `authentication=plaintext` with `tls.enabled=true`. - continuation of pr #6764 - fix some issues: - Fixed incorrect TLS detection logic: ``` // CORRECT - Simple OTEL-compliant logic if config.Authentication == tls || !config.TLS.Insecure { if err := setTLSConfiguration(&config.TLS, saramaConfig, logger); err != nil { return err } } ``` - Fixed security vulnerability: ``` // SECURE - Proper CA handling based on actual TLS usage if config.Authentication == tls { tlsCfg.Insecure = false tlsCfg.IncludeSystemCACertsPool = true } else if v.GetBool(configPrefix + ".tls.enabled") { tlsCfg.Insecure = false tlsCfg.IncludeSystemCACertsPool = true } ``` ``` // Always load TLS configuration from viper (cleaner approach) tlsClientConfig := tlscfg.ClientFlagsConfig{Prefix: configPrefix} tlsCfg, err := tlsClientConfig.InitFromViper(v) // Then configure based on usage ``` ## Checklist - [x] I have read https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md - [x] I have signed all commits - [x] I have added unit tests for the new functionality - [x] I have run lint and test steps successfully - for `jaeger`: `make lint test` - for `jaeger-ui`: `npm run lint` and `npm run test` --------- Signed-off-by: Yuri Shkuro <[email protected]> Signed-off-by: amol-verma-allen <[email protected]> Signed-off-by: Amol Verma <[email protected]> Signed-off-by: AnmolxSingh <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Mahad Zaryab <[email protected]> Signed-off-by: Mend Renovate <[email protected]> Signed-off-by: Amol Verma <[email protected]> Signed-off-by: w-h-a <[email protected]> Signed-off-by: zzzk1 <[email protected]> Signed-off-by: Manik2708 <[email protected]> Signed-off-by: SatyamAgrawal <[email protected]> Signed-off-by: Yuri Shkuro <[email protected]> Signed-off-by: cs-308-2023 <[email protected]> Signed-off-by: jinjia <[email protected]> Signed-off-by: Mohammed Shuraih Shaikh <[email protected]> Signed-off-by: sAchin-680 <[email protected]> Signed-off-by: danish9039 <[email protected]> Signed-off-by: hippie-danish <[email protected]> Signed-off-by: Oyefule <[email protected]> Signed-off-by: Andreas Gerstmayr <[email protected]> Signed-off-by: pipiland <[email protected]> Signed-off-by: Mahad Zaryab <[email protected]> Signed-off-by: anmol7344 <[email protected]> Signed-off-by: Anmol <[email protected]> Signed-off-by: pipiland <[email protected]> Signed-off-by: Anurag Singh Rajawat <[email protected]> Signed-off-by: albertteoh <[email protected]> Signed-off-by: Batuhan Apaydin <[email protected]> Signed-off-by: Damian Maslanka <[email protected]> Signed-off-by: Shubham Solanki <[email protected]> Signed-off-by: Denys Vitali <[email protected]> Signed-off-by: Timon Engelke <[email protected]> Signed-off-by: zhengkezhou1 <[email protected]> Signed-off-by: Amol Verma ( Dingus ) <[email protected]> Signed-off-by: Parship Chowdhury <[email protected]> Co-authored-by: Yuri Shkuro <[email protected]> Co-authored-by: Amol Verma <[email protected]> Co-authored-by: Anmol <[email protected]> Co-authored-by: Yuri Shkuro <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mahad Zaryab <[email protected]> Co-authored-by: Mend Renovate <[email protected]> Co-authored-by: Wes Anderson <[email protected]> Co-authored-by: Zhengke Zhou <[email protected]> Co-authored-by: Mahad Zaryab <[email protected]> Co-authored-by: Manik Mehta <[email protected]> Co-authored-by: amol-verma-allen <[email protected]> Co-authored-by: SatyamAgrawal <[email protected]> Co-authored-by: Aditya Ruhela <[email protected]> Co-authored-by: jinjia <[email protected]> Co-authored-by: shuraih775 <[email protected]> Co-authored-by: SACHIN KUMAR <[email protected]> Co-authored-by: hippie-danish <[email protected]> Co-authored-by: Oyefule Oluwatayo <[email protected]> Co-authored-by: Andreas Gerstmayr <[email protected]> Co-authored-by: pipiland <[email protected]> Co-authored-by: Anurag Rajawat <[email protected]> Co-authored-by: Albert <[email protected]> Co-authored-by: Batuhan Apaydın <[email protected]> Co-authored-by: Damian Maślanka <[email protected]> Co-authored-by: Shubham Solanki <[email protected]> Co-authored-by: Denys Vitali <[email protected]> Co-authored-by: Timon Engelke <[email protected]> Co-authored-by: Amol Verma ( Dingus ) <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Which problem is this PR solving?
Description of the changes
How was this change tested?
Checklist
jaeger:make lint testjaeger-ui:yarn lintandyarn test