Description
Describe the bug
When attempting to configure TLS using environment variables for the contents of the certs there is an error parsing the value of the certificates.
Steps to reproduce
Use the following configuration file:
---
receivers:
otlp:
protocols:
http:
endpoint: 0.0.0.0:4318
processors:
batch:
exporters:
kafka:
auth:
tls:
# DOES NOT WORK: Contents of the cert in the env variable
ca_pem: ${env:CA_PEM}
# WORKS
# ca_pem: |
# -----BEGIN CERTIFICATE-----
# MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL
# MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC
# VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx
# NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD
# TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu
# ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j
# V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj
# gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA
# FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE
# CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS
# BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE
# BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju
# Wm7DCfrPNGVwFWUQOmsPue9rZBgO
# -----END CERTIFICATE-----
# WORKS: Above contents stored to a file
#ca_file: ca.pem
insecure_skip_verify: true
service:
pipelines:
logs:
receivers: [otlp]
processors: [batch]
exporters: [kafka]
Create a ca.pem file with the content:
-----BEGIN CERTIFICATE-----
MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL
MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC
VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx
NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD
TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu
ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j
V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj
gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA
FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE
CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS
BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE
BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju
Wm7DCfrPNGVwFWUQOmsPue9rZBgO
-----END CERTIFICATE-----
Set env variable to the content of the cert:
export CA_PEM=$(cat ca.pem)
Run otel collector with the configuration file:
otelcol --config config.yml
What did you expect to see?
I expected that when ca_pem: ${env:CA_PEM} was specified that otel collector would parse the cert.
What did you see instead?
When ca_pem: ${env:CA_PEM} is specified, I get the following error:
Error: cannot start pipelines: error loading tls config: failed to load TLS config: failed to load CA CertPool PEM: failed to parse cert
2024/06/13 18:05:57 collector server run finished with error: cannot start pipelines: error loading tls config: failed to load TLS config: failed to load CA CertPool PEM: failed to parse cert
When I comment out that configuration and use either ca_pem: | CONTENT or ca_file: ca.pem the above error is not present and the collector starts up.
What version did you use?
Version: 0.102.1
What config did you use?
The above configuration file.
Environment
Docker image: golang:1.22
otelcol was fetched from Github and unpacked within the docker image manually.
OTEL_COLLECTOR_VERSION=0.102.1
OTEL_COLLECTOR_ARTIFACT=otelcol_${OTEL_COLLECTOR_VERSION}_linux_amd64.tar.gz
OTEL_COLLECTOR_DEST=.
wget https://github.com/open-telemetry/opentelemetry-collector-releases/releases/download/v$OTEL_COLLECTOR_VERSION/$OTEL_COLLECTOR_ARTIFACT
tar -xzvf $OTEL_COLLECTOR_ARTIFACT -C $OTEL_COLLECTOR_DEST otelcol
Additional context