Expose TLS/Insecure params via Logfire config

[gaby]

Description

Add support for sending data to a URL that uses a self-signed cert and also support for specifying TLS cert/key/ca.

I believe the HTTP exporter from OpenTelemetry has a param insecure for doing this. This is not exposed as part of LogfireConfig. There's also params for specifying cert/key/ca.

https://opentelemetry.io/docs/specs/otel/protocol/exporter/

These params are mostly needed for sending data to self-hosted endpoints or a self-hosted Logfire in the future.

[Kludex]

These params are mostly needed for sending data to self-hosted endpoints or a self-hosted Logfire in the future.

Are they needed now?

[gaby]

@Kludex I'm testing logfire in a lab without internet access, so basically using it for sending the OTEL data to a local tool that ingests.

I can do this use base_url, in the logfire config as told via Slack but if the server has self-signed certs it won't work unless I trust the Cert on every host.

I have a setup use vanilla opentelemetry-sdk, just trying to replace it all with logfire.

[Kludex]

Ah, I see the conversation on slack: https://pydanticlogfire.slack.com/archives/C06EDRBSAH3/p1714527101176449

Yep, PR is welcome! :)

[gaby]

I will give it a try this week, figure creating a formal ticket would help :-)

[alexmojaki]

Insecure: Whether to enable client transport security for the exporter's gRPC connection. This option only applies to OTLP/gRPC when an endpoint is provided without the http or https scheme - OTLP/HTTP always uses the scheme provided for the endpoint.

We use HTTP, specifically opentelemetry.exporter.otlp.proto.http.trace_exporter.OTLPSpanExporter so there's no insecure parameter.

For the certificate, you can set the OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE environment variable.

Alternatively, since you already have a vanilla OTEL setup, you presumably you have a span processor somewhere in there. You can use it like so:

logfire.configure(processors=[my_span_processor], send_to_logfire=False)

[Kludex]

@gaby is @alexmojaki 's solution enough for you? We can try to improve documentation (not sure where that would fit yet).

[gaby]

@Kludex I'm not sure if ths solves the problem. While I can set the ENV via python, it's not as clean/ideal as using params for Cert/Key/CA.

The insecure part, I have to double check. I'm trying to get rid of all the vanilla OpenTelemetry since code looks cleaner with Logfire.

Maybe I can open a ticket in OpenTelemetry for them to add the insecure param on the SDK

[alexmojaki]

Maybe I can open a ticket in OpenTelemetry for them to add the insecure param on the SDK

It was explicitly removed in open-telemetry/opentelemetry-python#1649, I think having it was against the spec.

[gaby]

@alexmojaki I see theor point, if certs are set there's no need for the insecure flag. Totally valid.

From a logfire perspective, being able to specify cert/key/ca params would be useful. Currently using the ENV variables is doable, just not very pythonic.