tracing: option to use a GetClientCertificates function

tracing/tracing.go

@@ -2,6 +2,8 @@ package tracing
 
 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
 	"os"
 
 	"go.ntppool.org/common/logger"
@@ -26,9 +28,18 @@ func Tracer() trace.Tracer {
 	return traceProvider.Tracer("ntppool-tracer")
 }
 
+func Start(ctx context.Context, spanName string, opts ...trace.SpanStartOption) (context.Context, trace.Span) {
+	return Tracer().Start(ctx, spanName, opts...)
+}
+
+type GetClientCertificate func(*tls.CertificateRequestInfo) (*tls.Certificate, error)
+
 type TracerConfig struct {
 	ServiceName string
 	Environment string
+
+	CertificateProvider GetClientCertificate
+	RootCAs             *x509.CertPool
 }
 
 var emptyTpShutdownFunc = func(_ context.Context) error {
@@ -45,7 +56,7 @@ func InitTracer(ctx context.Context, cfg *TracerConfig) (TpShutdownFunc, error)
 	var exporter otelsdktrace.SpanExporter
 
 	if otlpEndPoint := os.Getenv("OTEL_EXPORTER_OTLP_ENDPOINT"); len(otlpEndPoint) > 0 {
-		exporter, err = newOLTPExporter(ctx)
+		exporter, err = newOLTPExporter(ctx, cfg)
 	}
 
 	if err != nil {
@@ -69,8 +80,18 @@ func InitTracer(ctx context.Context, cfg *TracerConfig) (TpShutdownFunc, error)
 	return tp.Shutdown, nil
 }
 
-func newOLTPExporter(ctx context.Context) (otelsdktrace.SpanExporter, error) {
-	client := otlptracehttp.NewClient()
+func newOLTPExporter(ctx context.Context, cfg *TracerConfig) (otelsdktrace.SpanExporter, error) {
+
+	opts := []otlptracehttp.Option{otlptracehttp.WithCompression(otlptracehttp.GzipCompression)}
+
+	if cfg.CertificateProvider != nil {
+		opts = append(opts, otlptracehttp.WithTLSClientConfig(&tls.Config{
+			GetClientCertificate: cfg.CertificateProvider,
+			RootCAs:              cfg.RootCAs,
+		}))
+	}
+
+	client := otlptracehttp.NewClient(opts...)
 	exporter, err := otlptrace.New(ctx, client)
 	if err != nil {
 		logger.Setup().Error("creating OTLP trace exporter", "err", err)