1. Add more unit tests

2. Fix the code in order to parse valid header keys only
3. Add global error messages

Author: tongoss

exporters/otlp/otlplog/otlploggrpc/config.go

@@ -439,6 +439,7 @@ func convHeaders(s string) (map[string]string, error) {
 	for _, header := range strings.Split(s, ",") {
 		rawKey, rawVal, found := strings.Cut(header, "=")
 		if !found {
+			global.Error(errors.New("missing '="), "parse headers", "input", header)
 			err = errors.Join(err, fmt.Errorf("invalid header: %s", header))
 			continue
 		}
@@ -447,20 +448,26 @@ func convHeaders(s string) (map[string]string, error) {
 
 		// Validate the key.
 		if !isValidHeaderKey(key) {
+			global.Error(errors.New("invalid header key"), "parse headers", "key", key)
 			err = errors.Join(err, fmt.Errorf("invalid header key: %s", rawKey))
 			continue
 		}
 
 		// Only decode the value.
 		escVal, e := url.PathUnescape(rawVal)
 		if e != nil {
+			global.Error(err, "escape header value", "value", rawVal)
 			err = errors.Join(err, fmt.Errorf("invalid header value: %s", rawVal))
 			continue
 		}
 		val := strings.TrimSpace(escVal)
 
 		out[key] = val
 	}
+	// If at least one valid header exists, reset err to nil
+	if len(out) > 0 {
+		err = nil
+	}
 	return out, err
 }
 

exporters/otlp/otlplog/otlploggrpc/config_test.go

@@ -80,6 +80,8 @@ func TestNewConfig(t *testing.T) {
 	require.NoError(t, err, "testing TLS config")
 
 	headers := map[string]string{"a": "A"}
+	percentDecodedHeaders := map[string]string{"user%2Did": "42", "user%20name": "alice smith"}
+	validHeaders := map[string]string{"valid-key": "value"}
 	rc := retry.Config{}
 
 	dialOptions := []grpc.DialOption{grpc.WithUserAgent("test-agent")}
@@ -338,7 +340,7 @@ func TestNewConfig(t *testing.T) {
 			name: "InvalidEnvironmentVariables",
 			envars: map[string]string{
 				"OTEL_EXPORTER_OTLP_LOGS_ENDPOINT":           "%invalid",
-				"OTEL_EXPORTER_OTLP_LOGS_HEADERS":            "a,%ZZ=valid,key=%ZZ",
+				"OTEL_EXPORTER_OTLP_LOGS_HEADERS":            "invalid key=value",
 				"OTEL_EXPORTER_OTLP_LOGS_COMPRESSION":        "xz",
 				"OTEL_EXPORTER_OTLP_LOGS_TIMEOUT":            "100 seconds",
 				"OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE":        "invalid_cert",
@@ -355,9 +357,7 @@ func TestNewConfig(t *testing.T) {
 				`failed to load TLS:`,
 				`certificate not added`,
 				`tls: failed to find any PEM data in certificate input`,
-				`invalid OTEL_EXPORTER_OTLP_LOGS_HEADERS value a,%ZZ=valid,key=%ZZ:`,
-				`invalid header: a`,
-				`invalid header value: %ZZ`,
+				`invalid OTEL_EXPORTER_OTLP_LOGS_HEADERS value invalid key=value: invalid header key: invalid key`,
 				`invalid OTEL_EXPORTER_OTLP_LOGS_COMPRESSION value xz: unknown compression: xz`,
 				`invalid OTEL_EXPORTER_OTLP_LOGS_TIMEOUT value 100 seconds: strconv.Atoi: parsing "100 seconds": invalid syntax`,
 			},
@@ -439,6 +439,48 @@ func TestNewConfig(t *testing.T) {
 				timeout:  newSetting(defaultTimeout),
 			},
 		},
+		{
+			name: "with percent-encoded headers",
+			envars: map[string]string{
+				"OTEL_EXPORTER_OTLP_LOGS_ENDPOINT":           "https://env.endpoint:8080/prefix",
+				"OTEL_EXPORTER_OTLP_LOGS_HEADERS":            "user%2Did=42,user%20name=alice%20smith",
+				"OTEL_EXPORTER_OTLP_LOGS_COMPRESSION":        "gzip",
+				"OTEL_EXPORTER_OTLP_LOGS_TIMEOUT":            "15000",
+				"OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE":        "cert_path",
+				"OTEL_EXPORTER_OTLP_LOGS_CLIENT_CERTIFICATE": "cert_path",
+				"OTEL_EXPORTER_OTLP_LOGS_CLIENT_KEY":         "key_path",
+			},
+			want: config{
+				endpoint:    newSetting("env.endpoint:8080"),
+				insecure:    newSetting(false),
+				tlsCfg:      newSetting(tlsCfg),
+				headers:     newSetting(percentDecodedHeaders),
+				compression: newSetting(GzipCompression),
+				timeout:     newSetting(15 * time.Second),
+				retryCfg:    newSetting(defaultRetryCfg),
+			},
+		},
+		{
+			name: "with invalid header key",
+			envars: map[string]string{
+				"OTEL_EXPORTER_OTLP_LOGS_ENDPOINT":           "https://env.endpoint:8080/prefix",
+				"OTEL_EXPORTER_OTLP_LOGS_HEADERS":            "valid-key=value,invalid key=value",
+				"OTEL_EXPORTER_OTLP_LOGS_COMPRESSION":        "gzip",
+				"OTEL_EXPORTER_OTLP_LOGS_TIMEOUT":            "15000",
+				"OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE":        "cert_path",
+				"OTEL_EXPORTER_OTLP_LOGS_CLIENT_CERTIFICATE": "cert_path",
+				"OTEL_EXPORTER_OTLP_LOGS_CLIENT_KEY":         "key_path",
+			},
+			want: config{
+				endpoint:    newSetting("env.endpoint:8080"),
+				insecure:    newSetting(false),
+				tlsCfg:      newSetting(tlsCfg),
+				headers:     newSetting(validHeaders),
+				compression: newSetting(GzipCompression),
+				timeout:     newSetting(15 * time.Second),
+				retryCfg:    newSetting(defaultRetryCfg),
+			},
+		},
 	}
 
 	for _, tc := range testcases {
@@ -493,3 +535,73 @@ func assertTLSConfig(t *testing.T, want, got setting[*tls.Config]) {
 	}
 	assert.Equal(t, want.Value.Certificates, got.Value.Certificates, "Certificates")
 }
+
+func TestConvHeaders(t *testing.T) {
+	tests := []struct {
+		name  string
+		value string
+		want  map[string]string
+	}{
+		{
+			name:  "simple test",
+			value: "userId=alice",
+			want:  map[string]string{"userId": "alice"},
+		},
+		{
+			name:  "simple test with spaces",
+			value: " userId = alice  ",
+			want:  map[string]string{"userId": "alice"},
+		},
+		{
+			name:  "simple header conforms to RFC 3986 spec",
+			value: " userId = alice+test ",
+			want:  map[string]string{"userId": "alice+test"},
+		},
+		{
+			name:  "multiple headers encoded",
+			value: "userId=alice,serverNode=DF%3A28,isProduction=false",
+			want: map[string]string{
+				"userId":       "alice",
+				"serverNode":   "DF:28",
+				"isProduction": "false",
+			},
+		},
+		{
+			name:  "multiple headers encoded per RFC 3986 spec",
+			value: "userId=alice+test,serverNode=DF%3A28,isProduction=false,namespace=localhost/test",
+			want: map[string]string{
+				"userId":       "alice+test",
+				"serverNode":   "DF:28",
+				"isProduction": "false",
+				"namespace":    "localhost/test",
+			},
+		},
+		{
+			name:  "invalid headers format",
+			value: "userId:alice",
+			want:  map[string]string{},
+		},
+		{
+			name:  "invalid key",
+			value: "%XX=missing,userId=alice",
+			want: map[string]string{
+				"%XX":    "missing",
+				"userId": "alice",
+			},
+		},
+		{
+			name:  "invalid value",
+			value: "missing=%XX,userId=alice",
+			want: map[string]string{
+				"userId": "alice",
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			keyValues, _ := convHeaders(tt.value)
+			assert.Equal(t, tt.want, keyValues)
+		})
+	}
+}

exporters/otlp/otlplog/otlploghttp/config.go

@@ -541,6 +541,7 @@ func convHeaders(s string) (map[string]string, error) {
 	for _, header := range strings.Split(s, ",") {
 		rawKey, rawVal, found := strings.Cut(header, "=")
 		if !found {
+			global.Error(errors.New("missing '="), "parse headers", "input", header)
 			err = errors.Join(err, fmt.Errorf("invalid header: %s", header))
 			continue
 		}
@@ -549,20 +550,26 @@ func convHeaders(s string) (map[string]string, error) {
 
 		// Validate the key.
 		if !isValidHeaderKey(key) {
+			global.Error(errors.New("invalid header key"), "parse headers", "key", key)
 			err = errors.Join(err, fmt.Errorf("invalid header key: %s", rawKey))
 			continue
 		}
 
 		// Only decode the value.
 		escVal, e := url.PathUnescape(rawVal)
 		if e != nil {
+			global.Error(err, "escape header value", "value", rawVal)
 			err = errors.Join(err, fmt.Errorf("invalid header value: %s", rawVal))
 			continue
 		}
 		val := strings.TrimSpace(escVal)
 
 		out[key] = val
 	}
+	// If at least one valid header exists, reset err to nil
+	if len(out) > 0 {
+		err = nil
+	}
 	return out, err
 }
 

exporters/otlp/otlplog/otlploghttp/config_test.go

@@ -80,6 +80,8 @@ func TestNewConfig(t *testing.T) {
 	require.NoError(t, err, "testing TLS config")
 
 	headers := map[string]string{"a": "A"}
+	percentDecodedHeaders := map[string]string{"user%2Did": "42", "user%20name": "alice smith"}
+	validHeaders := map[string]string{"valid-key": "value"}
 	rc := retry.Config{}
 
 	testcases := []struct {
@@ -344,7 +346,7 @@ func TestNewConfig(t *testing.T) {
 			name: "InvalidEnvironmentVariables",
 			envars: map[string]string{
 				"OTEL_EXPORTER_OTLP_LOGS_ENDPOINT":           "%invalid",
-				"OTEL_EXPORTER_OTLP_LOGS_HEADERS":            "a,%ZZ=valid,key=%ZZ",
+				"OTEL_EXPORTER_OTLP_LOGS_HEADERS":            "invalid key=value",
 				"OTEL_EXPORTER_OTLP_LOGS_COMPRESSION":        "xz",
 				"OTEL_EXPORTER_OTLP_LOGS_TIMEOUT":            "100 seconds",
 				"OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE":        "invalid_cert",
@@ -362,13 +364,55 @@ func TestNewConfig(t *testing.T) {
 				`failed to load TLS:`,
 				`certificate not added`,
 				`tls: failed to find any PEM data in certificate input`,
-				`invalid OTEL_EXPORTER_OTLP_LOGS_HEADERS value a,%ZZ=valid,key=%ZZ:`,
-				`invalid header: a`,
-				`invalid header value: %ZZ`,
+				`invalid OTEL_EXPORTER_OTLP_LOGS_HEADERS value invalid key=value: invalid header key: invalid key`,
 				`invalid OTEL_EXPORTER_OTLP_LOGS_COMPRESSION value xz: unknown compression: xz`,
 				`invalid OTEL_EXPORTER_OTLP_LOGS_TIMEOUT value 100 seconds: strconv.Atoi: parsing "100 seconds": invalid syntax`,
 			},
 		},
+		{
+			name: "with percent-encoded headers",
+			envars: map[string]string{
+				"OTEL_EXPORTER_OTLP_LOGS_ENDPOINT":           "https://env.endpoint:8080/prefix",
+				"OTEL_EXPORTER_OTLP_LOGS_HEADERS":            "user%2Did=42,user%20name=alice%20smith",
+				"OTEL_EXPORTER_OTLP_LOGS_COMPRESSION":        "gzip",
+				"OTEL_EXPORTER_OTLP_LOGS_TIMEOUT":            "15000",
+				"OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE":        "cert_path",
+				"OTEL_EXPORTER_OTLP_LOGS_CLIENT_CERTIFICATE": "cert_path",
+				"OTEL_EXPORTER_OTLP_LOGS_CLIENT_KEY":         "key_path",
+			},
+			want: config{
+				endpoint:    newSetting("env.endpoint:8080"),
+				path:        newSetting("/prefix"),
+				insecure:    newSetting(false),
+				tlsCfg:      newSetting(tlsCfg),
+				headers:     newSetting(percentDecodedHeaders),
+				compression: newSetting(GzipCompression),
+				timeout:     newSetting(15 * time.Second),
+				retryCfg:    newSetting(defaultRetryCfg),
+			},
+		},
+		{
+			name: "with invalid header key",
+			envars: map[string]string{
+				"OTEL_EXPORTER_OTLP_LOGS_ENDPOINT":           "https://env.endpoint:8080/prefix",
+				"OTEL_EXPORTER_OTLP_LOGS_HEADERS":            "valid-key=value,invalid key=value",
+				"OTEL_EXPORTER_OTLP_LOGS_COMPRESSION":        "gzip",
+				"OTEL_EXPORTER_OTLP_LOGS_TIMEOUT":            "15000",
+				"OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE":        "cert_path",
+				"OTEL_EXPORTER_OTLP_LOGS_CLIENT_CERTIFICATE": "cert_path",
+				"OTEL_EXPORTER_OTLP_LOGS_CLIENT_KEY":         "key_path",
+			},
+			want: config{
+				endpoint:    newSetting("env.endpoint:8080"),
+				path:        newSetting("/prefix"),
+				insecure:    newSetting(false),
+				tlsCfg:      newSetting(tlsCfg),
+				headers:     newSetting(validHeaders),
+				compression: newSetting(GzipCompression),
+				timeout:     newSetting(15 * time.Second),
+				retryCfg:    newSetting(defaultRetryCfg),
+			},
+		},
 	}
 
 	for _, tc := range testcases {
@@ -435,3 +479,73 @@ func TestWithProxy(t *testing.T) {
 	assert.True(t, c.proxy.Set)
 	assert.NotNil(t, c.proxy.Value)
 }
+
+func TestConvHeaders(t *testing.T) {
+	tests := []struct {
+		name  string
+		value string
+		want  map[string]string
+	}{
+		{
+			name:  "simple test",
+			value: "userId=alice",
+			want:  map[string]string{"userId": "alice"},
+		},
+		{
+			name:  "simple test with spaces",
+			value: " userId = alice  ",
+			want:  map[string]string{"userId": "alice"},
+		},
+		{
+			name:  "simple header conforms to RFC 3986 spec",
+			value: " userId = alice+test ",
+			want:  map[string]string{"userId": "alice+test"},
+		},
+		{
+			name:  "multiple headers encoded",
+			value: "userId=alice,serverNode=DF%3A28,isProduction=false",
+			want: map[string]string{
+				"userId":       "alice",
+				"serverNode":   "DF:28",
+				"isProduction": "false",
+			},
+		},
+		{
+			name:  "multiple headers encoded per RFC 3986 spec",
+			value: "userId=alice+test,serverNode=DF%3A28,isProduction=false,namespace=localhost/test",
+			want: map[string]string{
+				"userId":       "alice+test",
+				"serverNode":   "DF:28",
+				"isProduction": "false",
+				"namespace":    "localhost/test",
+			},
+		},
+		{
+			name:  "invalid headers format",
+			value: "userId:alice",
+			want:  map[string]string{},
+		},
+		{
+			name:  "invalid key",
+			value: "%XX=missing,userId=alice",
+			want: map[string]string{
+				"%XX":    "missing",
+				"userId": "alice",
+			},
+		},
+		{
+			name:  "invalid value",
+			value: "missing=%XX,userId=alice",
+			want: map[string]string{
+				"userId": "alice",
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			keyValues, _ := convHeaders(tt.value)
+			assert.Equal(t, tt.want, keyValues)
+		})
+	}
+}