feat(): add mtls support

Author: sandy2008

src/OpenTelemetry.Exporter.OpenTelemetryProtocol/Implementation/OtlpSpecConfigDefinitions.cs

@@ -31,4 +31,9 @@ internal static class OtlpSpecConfigDefinitions
     public const string TracesHeadersEnvVarName = "OTEL_EXPORTER_OTLP_TRACES_HEADERS";
     public const string TracesTimeoutEnvVarName = "OTEL_EXPORTER_OTLP_TRACES_TIMEOUT";
     public const string TracesProtocolEnvVarName = "OTEL_EXPORTER_OTLP_TRACES_PROTOCOL";
+
+    // mTLS certificate environment variables
+    public const string CertificateEnvVarName = "OTEL_EXPORTER_OTLP_CERTIFICATE";
+    public const string ClientKeyEnvVarName = "OTEL_EXPORTER_OTLP_CLIENT_KEY";
+    public const string ClientCertificateEnvVarName = "OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE";
 }

src/OpenTelemetry.Exporter.OpenTelemetryProtocol/OtlpExporterOptions.cs

@@ -311,5 +311,38 @@ private void ApplyConfiguration(
         {
             throw new NotSupportedException($"OtlpExporterOptionsConfigurationType '{configurationType}' is not supported.");
         }
+
+#if NET8_0_OR_GREATER
+        // Apply mTLS configuration from environment variables
+        this.ApplyMtlsConfiguration(configuration);
+#endif
+    }
+
+#if NET8_0_OR_GREATER
+    private void ApplyMtlsConfiguration(IConfiguration configuration)
+    {
+        Debug.Assert(configuration != null, "configuration was null");
+
+        // Check and apply CA certificate path from environment variable
+        if (configuration.TryGetStringValue(OtlpSpecConfigDefinitions.CertificateEnvVarName, out var caCertPath))
+        {
+            this.MtlsOptions ??= new OtlpMtlsOptions();
+            this.MtlsOptions.CaCertificatePath = caCertPath;
+        }
+
+        // Check and apply client certificate path from environment variable
+        if (configuration.TryGetStringValue(OtlpSpecConfigDefinitions.ClientCertificateEnvVarName, out var clientCertPath))
+        {
+            this.MtlsOptions ??= new OtlpMtlsOptions();
+            this.MtlsOptions.ClientCertificatePath = clientCertPath;
+        }
+
+        // Check and apply client key path from environment variable
+        if (configuration.TryGetStringValue(OtlpSpecConfigDefinitions.ClientKeyEnvVarName, out var clientKeyPath))
+        {
+            this.MtlsOptions ??= new OtlpMtlsOptions();
+            this.MtlsOptions.ClientKeyPath = clientKeyPath;
+        }
     }
+#endif
 }

src/OpenTelemetry.Exporter.OpenTelemetryProtocol/README.md

@@ -450,6 +450,15 @@ or reader
   | `OTEL_EXPORTER_OTLP_TIMEOUT`  | `TimeoutMilliseconds`                 |
   | `OTEL_EXPORTER_OTLP_PROTOCOL` | `Protocol` (`grpc` or `http/protobuf`)|
 
+  The following environment variables can be used to configure mTLS
+  (mutual TLS) authentication (.NET 8.0+ only):
+
+  | Environment variable                   | `OtlpMtlsOptions` property    | Description                           |
+  | ---------------------------------------| ------------------------------|---------------------------------------|
+  | `OTEL_EXPORTER_OTLP_CERTIFICATE`      | `CaCertificatePath`           | Path to CA certificate file (PEM)    |
+  | `OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE` | `ClientCertificatePath`      | Path to client certificate file (PEM)|
+  | `OTEL_EXPORTER_OTLP_CLIENT_KEY`       | `ClientKeyPath`               | Path to client private key file (PEM)|
+
 * Logs:
 
   The following environment variables can be used to override the default values

test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/OtlpExporterOptionsTests.cs

@@ -263,4 +263,107 @@ public void OtlpExporterOptions_ApplyDefaultsTest()
         Assert.NotEqual(defaultOptionsWithData.TimeoutMilliseconds, targetOptionsWithData.TimeoutMilliseconds);
         Assert.NotEqual(defaultOptionsWithData.HttpClientFactory, targetOptionsWithData.HttpClientFactory);
     }
+
+#if NET8_0_OR_GREATER
+    [Fact]
+    public void OtlpExporterOptions_MtlsEnvironmentVariables()
+    {
+        // Test CA certificate environment variable
+        Environment.SetEnvironmentVariable("OTEL_EXPORTER_OTLP_CERTIFICATE", "/path/to/ca.crt");
+
+        try
+        {
+            var options = new OtlpExporterOptions();
+
+            Assert.NotNull(options.MtlsOptions);
+            Assert.Equal("/path/to/ca.crt", options.MtlsOptions.CaCertificatePath);
+        }
+        finally
+        {
+            Environment.SetEnvironmentVariable("OTEL_EXPORTER_OTLP_CERTIFICATE", null);
+        }
+    }
+
+    [Fact]
+    public void OtlpExporterOptions_MtlsEnvironmentVariables_ClientCertificate()
+    {
+        // Test client certificate and key environment variables
+        Environment.SetEnvironmentVariable("OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE", "/path/to/client.crt");
+        Environment.SetEnvironmentVariable("OTEL_EXPORTER_OTLP_CLIENT_KEY", "/path/to/client.key");
+
+        try
+        {
+            var options = new OtlpExporterOptions();
+
+            Assert.NotNull(options.MtlsOptions);
+            Assert.Equal("/path/to/client.crt", options.MtlsOptions.ClientCertificatePath);
+            Assert.Equal("/path/to/client.key", options.MtlsOptions.ClientKeyPath);
+            Assert.True(options.MtlsOptions.IsEnabled);
+        }
+        finally
+        {
+            Environment.SetEnvironmentVariable("OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE", null);
+            Environment.SetEnvironmentVariable("OTEL_EXPORTER_OTLP_CLIENT_KEY", null);
+        }
+    }
+
+    [Fact]
+    public void OtlpExporterOptions_MtlsEnvironmentVariables_AllCertificates()
+    {
+        // Test all mTLS environment variables together
+        Environment.SetEnvironmentVariable("OTEL_EXPORTER_OTLP_CERTIFICATE", "/path/to/ca.crt");
+        Environment.SetEnvironmentVariable("OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE", "/path/to/client.crt");
+        Environment.SetEnvironmentVariable("OTEL_EXPORTER_OTLP_CLIENT_KEY", "/path/to/client.key");
+
+        try
+        {
+            var options = new OtlpExporterOptions();
+
+            Assert.NotNull(options.MtlsOptions);
+            Assert.Equal("/path/to/ca.crt", options.MtlsOptions.CaCertificatePath);
+            Assert.Equal("/path/to/client.crt", options.MtlsOptions.ClientCertificatePath);
+            Assert.Equal("/path/to/client.key", options.MtlsOptions.ClientKeyPath);
+            Assert.True(options.MtlsOptions.IsEnabled);
+        }
+        finally
+        {
+            Environment.SetEnvironmentVariable("OTEL_EXPORTER_OTLP_CERTIFICATE", null);
+            Environment.SetEnvironmentVariable("OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE", null);
+            Environment.SetEnvironmentVariable("OTEL_EXPORTER_OTLP_CLIENT_KEY", null);
+        }
+    }
+
+    [Fact]
+    public void OtlpExporterOptions_MtlsEnvironmentVariables_NoEnvironmentVariables()
+    {
+        // Ensure no mTLS options are set when no environment variables are present
+        var options = new OtlpExporterOptions();
+
+        Assert.Null(options.MtlsOptions);
+    }
+
+    [Fact]
+    public void OtlpExporterOptions_MtlsEnvironmentVariables_UsingIConfiguration()
+    {
+        // Test using IConfiguration instead of environment variables
+        var values = new Dictionary<string, string?>
+        {
+            ["OTEL_EXPORTER_OTLP_CERTIFICATE"] = "/config/path/to/ca.crt",
+            ["OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE"] = "/config/path/to/client.crt",
+            ["OTEL_EXPORTER_OTLP_CLIENT_KEY"] = "/config/path/to/client.key",
+        };
+
+        var configuration = new ConfigurationBuilder()
+            .AddInMemoryCollection(values)
+            .Build();
+
+        var options = new OtlpExporterOptions(configuration, OtlpExporterOptionsConfigurationType.Default, new());
+
+        Assert.NotNull(options.MtlsOptions);
+        Assert.Equal("/config/path/to/ca.crt", options.MtlsOptions.CaCertificatePath);
+        Assert.Equal("/config/path/to/client.crt", options.MtlsOptions.ClientCertificatePath);
+        Assert.Equal("/config/path/to/client.key", options.MtlsOptions.ClientKeyPath);
+        Assert.True(options.MtlsOptions.IsEnabled);
+    }
+#endif
 }