Need clarification on how OpAMP sends sensitive credential data to the client #80
Comments
|
We discussed the possibility to add arbitrary key/values to message ConnectionSettings {
map<string,string> other_settings = 7;
}A few things that we need to clarify with this approach:
|
|
I looked at my initial prototype implementation where I actually use the OpAMP connection settings and own metrics connection settings and the code doesn't benefit in any way from the fact that ConnectionSettings is a shared message. I am leaning towards having dedicated messages for each connection type, e.g. message OpAMPConnectionSettings {
string destination_endpoint = 1;
Headers headers = 2;
TLSCertificate certificate = 3;
// in the future maybe we can add a field to specify the transport type for OpAMP (i.e. HTTP or WebSocket)
...
}
message TelemetryConnectionSettings {
string destination_endpoint = 1;
Headers headers = 2;
TLSCertificate certificate = 3;
// in the future maybe we can add a field to specify the transport type for OTLP (i.e. HTTP or gRPC)
// or even add support for non-OTLP destinations.
}
message OtherConnectionSettings {
string destination_endpoint = 1;
Headers headers = 2;
TLSCertificate certificate = 3;
map<string,string> other_settings = 4; // agent-specific settings
...
}Splitting the messages allows them to carry only the fields that are applicable to the particular destination type and allows to evolve them separately in the future. @andykellr @dsvanlani what do you think? |
|
@andykellr @pmm-sumo @dsvanlani here is a draft that shows what it looks like in Go: open-telemetry/opamp-go#82 What do you think? |
This changes splits connection settings by the type of the connection so that each type has a corresponding message that records the appropriate data. See proposal here open-telemetry#80 (comment) Contributes to open-telemetry#80
This changes splits connection settings by the type of the connection so that each type has a corresponding message that records the appropriate data. See proposal here open-telemetry#80 (comment) I also deleted proxy-related settings since it wasn't clear when and how when can be used. These can be added later when the use case is clear. Contributes to open-telemetry#80
This changes splits connection settings by the type of the connection so that each type has a corresponding message that records the appropriate data. See proposal here #80 (comment) I also deleted proxy-related settings since it wasn't clear when and how when can be used. These can be added later when the use case is clear. Contributes to #80
|
@andykellr @dsvanlani now that we have the |
|
This should work well. |
This was first discussed in the workgroup on 5/3/2022.
Issue
How do we handle sending sensitive credentials to the client? Consider this use case.
A client uses an exporter that needs an API Key to send data. It does not want to store the key in its configuration directly but rather in a file located on disk. OpAMP should establish a way to send this sensitive data so that a client can recognize it, store it, and not report it back in its
EffectiveConfigstatus message. Additionally, OpAMP should have the capability of sending a message that would update these credentials.It's not clear in the spec how these credentials should be sent.
Discussed solutions
AgentRemoteConfigmessage.In this case the client would need to know to redact certain fields of its
EffectiveConfigstatus message.ConnectionSettingsOffersMessage.Similar to above but the client wouldn't be required to send its
EffectiveConfigafter this message. The message might need to be expanded to be able to send arbitrary key-value pairs, leaving it up to the client to know what to do with them.The text was updated successfully, but these errors were encountered: