[feature request] Insecure GRPC export option

[Leonardo-Ferreira]

Package

OpenTelemetry.Exporter.OpenTelemetryProtocol

Is your feature request related to a problem?

API to perform export via GRPC protocol over non-TLS connection

What is the expected behavior?

builder.AddOtlpExporter(options =>
{
    options.Endpoint = new Uri(myEndpoint + "v1/traces");
    options.Protocol = OTEL_Exporter.OtlpExportProtocol.Grpc;                
    options.Insecure = true;
});

Which alternative solutions or features have you considered?

N/A

Additional context

The protocol has this option mapped:

Insecure: Whether to enable client transport security for the exporter’s gRPC connection. This option only applies to OTLP/gRPC when an endpoint is provided without the http or https scheme - OTLP/HTTP always uses the scheme provided for the endpoint. Implementations MAY choose to not implement the insecure option if it is not required or supported by the underlying gRPC client implementation.

Default: false
Env vars: OTEL_EXPORTER_OTLP_INSECURE OTEL_EXPORTER_OTLP_TRACES_INSECURE OTEL_EXPORTER_OTLP_METRICS_INSECURE OTEL_EXPORTER_OTLP_LOGS_INSECURE [2]
Type: Boolean

Tip

_{React with 👍 to help prioritize this issue. Please use comments to provide useful context, avoiding +1 or me too, to help us triage it. Learn more here.}

[martincostello]

"Insecure" could mean many things. A better approach might be to just expose a hook that lets you configure the client/transport that allows you to make it "insecure" for your specific needs.

[Leonardo-Ferreira]

I tried to provide a HttpClient that does not verify the certificate like

builder.AddOtlpExporter(options =>
{
    options.Endpoint = new Uri(myBaseUri + "v1/traces");
    options.Protocol = OtlpExportProtocol.Grpc;
    options.HttpClientFactory = () =>
    {
        var httpClient = new System.Net.Http.HttpClient();
        //httpClient.DefaultRequestHeaders.ExpectContinue = false;
        var handler = new System.Net.Http.HttpClientHandler
        {
            ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true
        };
        httpClient = new System.Net.Http.HttpClient(handler);
        return httpClient;
    };
});

but it didn't work

[martincostello]

but it didn't work

In what way did it not work?

---

I guess there's some confusion here between the security of two different things.

The first is the certificate, which should be resolved with ServerCertificateCustomValidationCallback trusting anything, which should fix an untrusted/expired/etc. TLS certificate when using https.

The second would be using HTTP instead of HTTPS, which is what you need. I would have thought that that should be catered for if your base URI is using http:// instead of https://.

This option only applies to OTLP/gRPC when an endpoint is provided without the http or https scheme - OTLP/HTTP always uses the scheme provided for the endpoint

Is your myBaseUri value actually specifying the scheme? If not, include it and see whether that resolves the issue. My understanding on reading the quoted text above is that it should prefer the scheme you specified, and then should work correctly without us needing to add an option.