[exporter/clickhouse] TLS configuration is ignored if neither cert_file nor key_file are set #43911
Description
Component(s)
exporter/clickhouse
What happened?
Description
#22805 introduced TLS parameters for the ClickHouse exporter. It seems that these parameters are only taken into account if cert_file or key_file are set (so client-side TLS). However, the other configuration options, such as ca_file, would also be useful for server-side TLS.
I think this due to this condition in exporter/clickhouseexporter/config.go:
if cfg.TLS.CertFile != "" || cfg.TLS.KeyFile != ""
Steps to Reproduce
I stumbled across this issue when configuring ClickHouse to do server-side TLS. I configured the exporter according to the documentation. In particular, I wanted to use these fields:
exporters:
clickhouse:
endpoint: . . .
tls:
insecure: false
insecure_skip_verify: false
ca_file: CAroot.crt
server_name_override: my-server
Expected Result
The TLS configuration is taken into account.
Actual Result
The TLS configuration was ignored until I added the fields cert_file and key_file, even though the ClickHouse server does not expect client-side TLS for the configured user. Once I added these fields, the exporter was able to send data to ClickHouse.
Collector version
v0.138.0
Environment information
OpenTelemetry Collector configuration
receivers:
otlp/grpc:
protocols:
grpc:
endpoint: 0.0.0.0:4317
processors:
exporters:
clickhouse:
endpoint: tcp://localhost:35979
username: my-user
password: my-password
database: my-db
tls:
ca_file: /ca.pem
server_name_override: my-server
insecure: false
insecure_skip_verify: false
cert_file: /cert.pem
key_file: /cert.pem
connection_params:
secure: 'true'
create_schema: false
extensions: {}
service:
pipelines:
metrics/otlp/grpc-clickhouse:
receivers:
- otlp/grpc
processors:
exporters:
- clickhouseLog output
Additional context
No response
Tip
React with 👍 to help prioritize this issue. Please use comments to provide useful context, avoiding +1 or me too, to help us triage it. Learn more here.