Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify if the OTLP exporter has to support all protocols and protocol related env vars #3720

Closed
pellared opened this issue Oct 13, 2023 · 2 comments
Closed

Clarify if the OTLP exporter has to support all protocols and protocol related env vars #3720

pellared opened this issue Oct 13, 2023 · 2 comments
Assignees
@yurishkuro

Comments

@pellared
Copy link
Member

Is it necessary for the OTLP exporter to intentionally support OTEL_EXPORTER_OTLP_PROTOCOL, OTEL_EXPORTER_OTLP_TRACES_PROTOCOL, OTEL_EXPORTER_OTLP_METRICS_PROTOCOL, OTEL_EXPORTER_OTLP_LOGS_PROTOCOL?

This requirement would create a dependency for the OTLP exporter on all the libraries utilized for implementing the transport protocols (such as the HTTP client, JSON parser, protobuf parser, and gRPC client). This means that users who only require the HTTP protocol might not want to introduce any gRPC dependencies to their application. In certain programming languages, like Go (as mentioned in this paper), it is customary to minimize the number of dependencies. This approach also helps reduce the overall "security surface" of the components. It's important to note that if a gRPC library used by the exporter had a CVE, the entire exporter would be considered vulnerable as well (since most security static analysis tools solely check dependencies and not how the code is structured).

Currently, most languages (such as C++, Go, Java, Python, JavaScript, and Ruby) follow the principle of minimizing the number of dependencies, with a separate OTLP exporter implementation for each protocol. Many of these languages also have additional "configurator" components that enable the creation of exporters selected via environmental variables (for instance, OTEL_TRACES_EXPORTER and OTEL_EXPORTER_OTLP_PROTOCOL).

However, in some languages, an OTLP exporter supports multiple protocols (.NET, Erlang, PHP, Rust). It's worth mentioning that for Rust, optional dependencies are supported, and it makes complete sense to structure it that way.

I believe that the decision of how OTEL_EXPORTER_OTLP_PROTOCOL, OTEL_EXPORTER_OTLP_TRACES_PROTOCOL, OTEL_EXPORTER_OTLP_METRICS_PROTOCOL, OTEL_EXPORTER_OTLP_LOGS_PROTOCOL should be supported should be made by the language Special Interest Group (SIG).

I suggest updating the specification to indicate that OTEL_EXPORTER_OTLP_PROTOCOL, OTEL_EXPORTER_OTLP_TRACES_PROTOCOL, OTEL_EXPORTER_OTLP_METRICS_PROTOCOL, OTEL_EXPORTER_OTLP_LOGS_PROTOCOL SHOULD be supported, with a footnote explaining that the support for these environment variables could be provided through separate components.
@pellared
Copy link
Member Author

Duplicates #3721 (I wanted to have a label)

@Oberon00
Copy link
Member

@pellared Next time, we can add the labels later on

@pellared pellared closed this as not planned Won't fix, can't repro, duplicate, stale Oct 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yurishkuro yurishkuro

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Oberon00 @yurishkuro @pellared