More validation

pavolloffay · pavolloffay · commit 6bed10597129 · 2024-10-11T10:09:25.000+02:00
Signed-off-by: Pavol Loffay &lt;p.loffay@gmail.com&gt;
diff --git a/apis/v1alpha1/instrumentation_webhook.go b/apis/v1alpha1/instrumentation_webhook.go
@@ -237,14 +237,28 @@ func (w InstrumentationWebhook) validate(r *Instrumentation) (admission.Warnings
 		return warnings, fmt.Errorf("spec.sampler.type is not valid: %s", r.Spec.Sampler.Type)
 	}
 
-	if r.Spec.Exporter.TLS != nil {
-		tls := r.Spec.Exporter.TLS
+	warnings = append(warnings, validateExporter(r.Spec.Exporter)...)
+
+	return warnings, nil
+}
+
+func validateExporter(exporter Exporter) []string {
+	var warnings []string
+	if exporter.TLS != nil {
+		tls := exporter.TLS
 		if tls.Key != "" && tls.Cert == "" || tls.Cert != "" && tls.Key == "" {
 			warnings = append(warnings, "both exporter.tls.key and exporter.tls.cert mut be set")
 		}
+
+		if !strings.HasPrefix(exporter.Endpoint, "https://") {
+			warnings = append(warnings, "exporter.tls is configured but exporter.endpoint is not enabling TLS with https://")
+		}
+	}
+	if strings.HasPrefix(exporter.Endpoint, "https://") && exporter.TLS == nil {
+		warnings = append(warnings, "exporter is using https:// but exporter.tls is unset")
 	}
 
-	return warnings, nil
+	return warnings
 }
 
 func validateJaegerRemoteSamplerArgument(argument string) error {
diff --git a/apis/v1alpha1/instrumentation_webhook_test.go b/apis/v1alpha1/instrumentation_webhook_test.go
@@ -114,14 +114,15 @@ func TestInstrumentationValidatingWebhook(t *testing.T) {
 			},
 		},
 		{
-			name: "tls cert set but missing key",
+			name: "exporter: tls cert set but missing key",
 			inst: Instrumentation{
 				Spec: InstrumentationSpec{
 					Sampler: Sampler{
 						Type:     ParentBasedTraceIDRatio,
 						Argument: "0.99",
 					},
 					Exporter: Exporter{
+						Endpoint: "https://collector:4317",
 						TLS: &TLS{
 							Cert: "cert",
 						},
@@ -131,14 +132,15 @@ func TestInstrumentationValidatingWebhook(t *testing.T) {
 			warnings: []string{"both exporter.tls.key and exporter.tls.cert mut be set"},
 		},
 		{
-			name: "tls key set but missing cert",
+			name: "exporter: tls key set but missing cert",
 			inst: Instrumentation{
 				Spec: InstrumentationSpec{
 					Sampler: Sampler{
 						Type:     ParentBasedTraceIDRatio,
 						Argument: "0.99",
 					},
 					Exporter: Exporter{
+						Endpoint: "https://collector:4317",
 						TLS: &TLS{
 							Key: "key",
 						},
@@ -148,14 +150,49 @@ func TestInstrumentationValidatingWebhook(t *testing.T) {
 			warnings: []string{"both exporter.tls.key and exporter.tls.cert mut be set"},
 		},
 		{
-			name: "no warning set",
+			name: "exporter: tls set but using http://",
 			inst: Instrumentation{
 				Spec: InstrumentationSpec{
 					Sampler: Sampler{
 						Type:     ParentBasedTraceIDRatio,
 						Argument: "0.99",
 					},
 					Exporter: Exporter{
+						Endpoint: "http://collector:4317",
+						TLS: &TLS{
+							Key:  "key",
+							Cert: "cert",
+						},
+					},
+				},
+			},
+			warnings: []string{"exporter.tls is configured but exporter.endpoint is not enabling TLS with https://"},
+		},
+		{
+			name: "exporter: exporter using http://, but the tls is nil",
+			inst: Instrumentation{
+				Spec: InstrumentationSpec{
+					Sampler: Sampler{
+						Type:     ParentBasedTraceIDRatio,
+						Argument: "0.99",
+					},
+					Exporter: Exporter{
+						Endpoint: "https://collector:4317",
+					},
+				},
+			},
+			warnings: []string{"exporter is using https:// but exporter.tls is unset"},
+		},
+		{
+			name: "exporter no warning set",
+			inst: Instrumentation{
+				Spec: InstrumentationSpec{
+					Sampler: Sampler{
+						Type:     ParentBasedTraceIDRatio,
+						Argument: "0.99",
+					},
+					Exporter: Exporter{
+						Endpoint: "https://collector:4317",
 						TLS: &TLS{
 							Key:  "key",
 							Cert: "cert",
