[jaeger-v2] Migrate ElasticSearch/OpenSearch to use OTEL's TLS config…

…uration (jaegertracing#6079)

## Which problem is this PR solving?
- Towards jaegertracing#6059

## Description of the changes
- Migrated the ElasticSearch/OpenSearch configurations to use OTEL's TLS
configurations
- In a follow up PR, I'll re-evaluate the groupings of the
configurations and add the missing mapstructure tags

## How was this change tested?
- CI

## Checklist
- [x] I have read
https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md
- [x] I have signed all commits
- [x] I have added unit tests for the new functionality
- [x] I have run lint and test steps successfully
  - for `jaeger`: `make lint test`
  - for `jaeger-ui`: `yarn lint` and `yarn test`

Signed-off-by: Mahad Zaryab <mahadzaryab1@gmail.com>

pkg/es/config/config.go

@@ -21,12 +21,12 @@ import (
 	"github.com/asaskevich/govalidator"
 	esV8 "github.com/elastic/go-elasticsearch/v8"
 	"github.com/olivere/elastic"
+	"go.opentelemetry.io/collector/config/configtls"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
 	"go.uber.org/zap/zapgrpc"
 
 	"github.com/jaegertracing/jaeger/pkg/bearertoken"
-	"github.com/jaegertracing/jaeger/pkg/config/tlscfg"
 	"github.com/jaegertracing/jaeger/pkg/es"
 	eswrapper "github.com/jaegertracing/jaeger/pkg/es/wrapper"
 	"github.com/jaegertracing/jaeger/pkg/metrics"
@@ -70,35 +70,34 @@ func (p IndexPrefix) Apply(indexName string) string {
 
 // Configuration describes the configuration properties needed to connect to an ElasticSearch cluster
 type Configuration struct {
-	Servers                  []string      `mapstructure:"server_urls" valid:"required,url"`
-	RemoteReadClusters       []string      `mapstructure:"remote_read_clusters"`
-	Username                 string        `mapstructure:"username"`
-	Password                 string        `mapstructure:"password" json:"-"`
-	TokenFilePath            string        `mapstructure:"token_file"`
-	PasswordFilePath         string        `mapstructure:"password_file"`
-	AllowTokenFromContext    bool          `mapstructure:"-"`
-	Sniffer                  bool          `mapstructure:"sniffer"` // https://github.com/olivere/elastic/wiki/Sniffing
-	SnifferTLSEnabled        bool          `mapstructure:"sniffer_tls_enabled"`
-	MaxDocCount              int           `mapstructure:"-"` // Defines maximum number of results to fetch from storage per query
-	MaxSpanAge               time.Duration `mapstructure:"-"` // configures the maximum lookback on span reads
-	Timeout                  time.Duration `mapstructure:"-"`
-	BulkSize                 int           `mapstructure:"-"`
-	BulkWorkers              int           `mapstructure:"-"`
-	BulkActions              int           `mapstructure:"-"`
-	BulkFlushInterval        time.Duration `mapstructure:"-"`
-	Indices                  Indices       `mapstructure:"indices"`
-	ServiceCacheTTL          time.Duration `mapstructure:"service_cache_ttl"`
-	AdaptiveSamplingLookback time.Duration `mapstructure:"-"`
-	Tags                     TagsAsFields  `mapstructure:"tags_as_fields"`
-	Enabled                  bool          `mapstructure:"-"`
-	// TODO: migration to OTEL's TLS configuration
-	TLS                  tlscfg.Options `mapstructure:"tls"`
-	UseReadWriteAliases  bool           `mapstructure:"use_aliases"`
-	CreateIndexTemplates bool           `mapstructure:"create_mappings"`
-	UseILM               bool           `mapstructure:"use_ilm"`
-	Version              uint           `mapstructure:"version"`
-	LogLevel             string         `mapstructure:"log_level"`
-	SendGetBodyAs        string         `mapstructure:"send_get_body_as"`
+	Servers                  []string               `mapstructure:"server_urls" valid:"required,url"`
+	RemoteReadClusters       []string               `mapstructure:"remote_read_clusters"`
+	Username                 string                 `mapstructure:"username"`
+	Password                 string                 `mapstructure:"password" json:"-"`
+	TokenFilePath            string                 `mapstructure:"token_file"`
+	PasswordFilePath         string                 `mapstructure:"password_file"`
+	AllowTokenFromContext    bool                   `mapstructure:"-"`
+	Sniffer                  bool                   `mapstructure:"sniffer"` // https://github.com/olivere/elastic/wiki/Sniffing
+	SnifferTLSEnabled        bool                   `mapstructure:"sniffer_tls_enabled"`
+	MaxDocCount              int                    `mapstructure:"-"` // Defines maximum number of results to fetch from storage per query
+	MaxSpanAge               time.Duration          `mapstructure:"-"` // configures the maximum lookback on span reads
+	Timeout                  time.Duration          `mapstructure:"-"`
+	BulkSize                 int                    `mapstructure:"-"`
+	BulkWorkers              int                    `mapstructure:"-"`
+	BulkActions              int                    `mapstructure:"-"`
+	BulkFlushInterval        time.Duration          `mapstructure:"-"`
+	Indices                  Indices                `mapstructure:"indices"`
+	ServiceCacheTTL          time.Duration          `mapstructure:"service_cache_ttl"`
+	AdaptiveSamplingLookback time.Duration          `mapstructure:"-"`
+	Tags                     TagsAsFields           `mapstructure:"tags_as_fields"`
+	Enabled                  bool                   `mapstructure:"-"`
+	TLS                      configtls.ClientConfig `mapstructure:"tls"`
+	UseReadWriteAliases      bool                   `mapstructure:"use_aliases"`
+	CreateIndexTemplates     bool                   `mapstructure:"create_mappings"`
+	UseILM                   bool                   `mapstructure:"use_ilm"`
+	Version                  uint                   `mapstructure:"version"`
+	LogLevel                 string                 `mapstructure:"log_level"`
+	SendGetBodyAs            string                 `mapstructure:"send_get_body_as"`
 }
 
 // TagsAsFields holds configuration for tag schema.
@@ -440,8 +439,8 @@ func addLoggerOptions(options []elastic.ClientOptionFunc, logLevel string, logge
 
 // GetHTTPRoundTripper returns configured http.RoundTripper
 func GetHTTPRoundTripper(c *Configuration, logger *zap.Logger) (http.RoundTripper, error) {
-	if c.TLS.Enabled {
-		ctlsConfig, err := c.TLS.Config(logger)
+	if !c.TLS.Insecure {
+		ctlsConfig, err := c.TLS.LoadTLSConfig(context.Background())
 		if err != nil {
 			return nil, err
 		}
@@ -454,10 +453,10 @@ func GetHTTPRoundTripper(c *Configuration, logger *zap.Logger) (http.RoundTrippe
 	httpTransport := &http.Transport{
 		Proxy: http.ProxyFromEnvironment,
 		// #nosec G402
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: c.TLS.SkipHostVerify},
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: c.TLS.InsecureSkipVerify},
 	}
-	if c.TLS.CAPath != "" {
-		ctlsConfig, err := c.TLS.Config(logger)
+	if c.TLS.CAFile != "" {
+		ctlsConfig, err := c.TLS.LoadTLSConfig(context.Background())
 		if err != nil {
 			return nil, err
 		}

pkg/es/config/config_test.go

@@ -13,9 +13,9 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"go.opentelemetry.io/collector/config/configtls"
 	"go.uber.org/zap"
 
-	"github.com/jaegertracing/jaeger/pkg/config/tlscfg"
 	"github.com/jaegertracing/jaeger/pkg/metrics"
 	"github.com/jaegertracing/jaeger/pkg/testutils"
 )
@@ -139,7 +139,7 @@ func TestNewClient(t *testing.T) {
 				PasswordFilePath:      "",
 				BulkSize:              -1, // disable bulk; we want immediate flush
 				Version:               0,
-				TLS:                   tlscfg.Options{Enabled: true},
+				TLS:                   configtls.ClientConfig{Insecure: false},
 			},
 			expectedError: false,
 		},
@@ -154,8 +154,13 @@ func TestNewClient(t *testing.T) {
 				PasswordFilePath:      "",
 				BulkSize:              -1, // disable bulk; we want immediate flush
 				Version:               0,
-				TLS:                   tlscfg.Options{Enabled: false, CAPath: certFilePath.Name()},
-				TokenFilePath:         pwdtokenFile,
+				TLS: configtls.ClientConfig{
+					Insecure: true,
+					Config: configtls.Config{
+						CAFile: certFilePath.Name(),
+					},
+				},
+				TokenFilePath: pwdtokenFile,
 			},
 			expectedError: false,
 		},
@@ -308,8 +313,6 @@ func TestNewClient(t *testing.T) {
 				err = client.Close()
 				require.NoError(t, err)
 			}
-			err = config.TLS.Close()
-			require.NoError(t, err)
 		})
 	}
 }

plugin/storage/es/factory.go

@@ -343,10 +343,6 @@ func (f *Factory) Close() error {
 	for _, w := range f.watchers {
 		errs = append(errs, w.Close())
 	}
-	if cfg := f.Options.Get(archiveNamespace); cfg != nil {
-		errs = append(errs, cfg.TLS.Close())
-	}
-	errs = append(errs, f.Options.GetPrimary().TLS.Close())
 	errs = append(errs, f.getPrimaryClient().Close())
 	if client := f.getArchiveClient(); client != nil {
 		errs = append(errs, client.Close())

plugin/storage/es/options.go

@@ -379,12 +379,12 @@ func initFromViper(cfg *namespaceConfig, v *viper.Viper) {
 
 	// Daily is recommended for dependencies calculation, and this index size is very small
 	cfg.Indices.Dependencies.DateLayout = initDateLayout(cfg.Indices.Dependencies.DateLayout, separator)
-	var err error
-	cfg.TLS, err = cfg.getTLSFlagsConfig().InitFromViper(v)
+	tlsconfig, err := cfg.getTLSFlagsConfig().InitFromViper(v)
 	if err != nil {
 		// TODO refactor to be able to return error
 		log.Fatal(err)
 	}
+	cfg.TLS = tlsconfig.ToOtelClientConfig()
 }
 
 // GetPrimary returns primary configuration.

plugin/storage/es/options_test.go

@@ -88,8 +88,8 @@ func TestOptionsWithFlags(t *testing.T) {
 	assert.Equal(t, 48*time.Hour, primary.MaxSpanAge)
 	assert.True(t, primary.Sniffer)
 	assert.True(t, primary.SnifferTLSEnabled)
-	assert.True(t, primary.TLS.Enabled)
-	assert.True(t, primary.TLS.SkipHostVerify)
+	assert.False(t, primary.TLS.Insecure)
+	assert.True(t, primary.TLS.InsecureSkipVerify)
 	assert.True(t, primary.Tags.AllAsFields)
 	assert.Equal(t, "!", primary.Tags.DotReplacement)
 	assert.Equal(t, "./file.txt", primary.Tags.File)