add sse config to tempo

[KyriosGN0]

What this PR does:

Which issue(s) this PR fixes:
Fixes #1486

Checklist

• Tests updated
• Documentation added
• CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

[javiermolinar]

Is this needed?

https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-encryption-faq.html

[KyriosGN0]

@javiermolinar according to this, it is needed

[javiermolinar]

Looking good! I added a few comments. Consider adding some unit tests giving the range of options and the different errors this can have.

[javiermolinar]

This condition is wrong, for instance, the following configuration:

 sse:
        type: blabla

Will create a PutObjectOption with SSE

[KyriosGN0]

it should not, since buildSSEConfig checks if the config is incorrect, did you happen to test it and see it working (i didn't have the change to test it myself yet nor write test)

[javiermolinar]

In that scenario, sseConfig = nil and err != nil, therefore it will go for the else branch. It doesn't matter since the sseConfig is nil so it won't affect. Maybe we could log a warning indicating that the SSE type is not valid

[javiermolinar]

I would expect an early fatal error if the SSE is set but wrongly configured. Nevertheless, it will fail trying to write or read the blocks

[KyriosGN0]

what do you mean erroring fataly?, at the moment the buildSSEConfig will return errUnsupportedSSEType if it is configured with unsupported SSE type, and i have added an error for missing KMSKeyID, what else am i missing

[javiermolinar]

As a user configuring SSE I would like to know if my configuration is not correctly set. Maybe a warning log?

[KyriosGN0]

if we've set a the config incorrectly we should error, i'll try to set up a minio locally with SSE and spin up tempo and test various configs

[knylander-grafana]

Will this PR impact how a user configures Tempo? Should we update the config doc in this PR or open a doc issue specifically for those changes?

[javiermolinar]

Will this PR impact how a user configures Tempo? Should we update the config doc in this PR or open a doc issue specifically for those changes?

It will add a way to configure server-side encryption for S3. It should be documented.

[knylander-grafana]

Thank you for updating the changelog. Should we add doc for this config option? Is it a user-accessible configuration option?

[KyriosGN0]

@knylander-grafana i will update the docs and ping you once i've verified it works, Thanks!

[KyriosGN0]

hey @javiermolinar, im still trying to test with minio, could you (plase) try to test with S3 bucket in AWS ?

[KyriosGN0]

hey @javiermolinar did you have a chance to test this ? if not i'll try to spin this myself and hopefully incur too much cost

[javiermolinar]

hey @javiermolinar did you have a chance to test this ? if not i'll try to spin this myself and hopefully incur too much cost

Hey, I'll take a look at this on Monday

[javiermolinar]

Thank you for your patience @KyriosGN0, this looks much better now, we need to fix the conflicts and add the new configuration to the docs and we are ready to go:

https://github.com/grafana/tempo/blob/main/docs/sources/tempo/configuration/_index.md#storage

[KyriosGN0]

@javiermolinar fixed the conflicts and added dock @knylander-grafana, can you check please?

[javiermolinar]

@javiermolinar fixed the conflicts and added dock @knylander-grafana, can you check please?

One pending comment and we are ready