Redact OTLP header and Datadog key configs in telemetry#11583
Draft
bm1549 wants to merge 1 commit into
Draft
Conversation
bm1549
added
comp: telemetry
Contributor
|
bm1549
force-pushed
the
brian.marks/omit-sensitive-config-telemetry
branch
from
6f11563 to
19f31ad
Compare
Contributor
🟢 Java Benchmark SLOs — All performance SLOs passed
PR vs. master results
Commit: Load and DaCapo benchmarks can be triggered manually in the GitLab pipeline. Results will appear in the Benchmarking Platform UI after completion. |
…telemetry Add the OTLP exporter header configurations and the Datadog API key and application key configurations to the telemetry configuration filter list so their values are reported as "<hidden>" in the configuration telemetry: - OTEL_EXPORTER_OTLP_HEADERS - OTEL_EXPORTER_OTLP_TRACES_HEADERS - OTEL_EXPORTER_OTLP_METRICS_HEADERS - OTEL_EXPORTER_OTLP_LOGS_HEADERS - DD_API_KEY - DD_APPLICATION_KEY (and its DD_APP_KEY alias) For each configuration, every form that can reach ConfigSetting is covered: the dotted configuration names (otlp.traces.headers, otlp.metrics.headers, otlp.logs.headers, application-key, app-key) and the environment-variable names. Mark these configurations, DD_API_KEY, and DD_APPLICATION_KEY with "sensitive: true" in metadata/supported-configurations.json. Migrate ConfigSettingTest to JUnit 5 and extend it to cover the OTLP header and application key configurations, including an assertion that the configured value is not present in the reported telemetry value. Update ConfigCollectorTest so the application key collected through the ConfigCollector pipeline is asserted to render as "<hidden>". Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
bm1549
force-pushed
the
brian.marks/omit-sensitive-config-telemetry
branch
from
19f31ad to
9639e05
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What Does This Do
Renders the OTLP exporter header configurations and the Datadog API and application keys as
<hidden>in configuration telemetry, and marks themsensitive: trueinmetadata/supported-configurations.json.Motivation
These configurations should not be included in configuration telemetry.
Additional Notes
ConfigSettingTestwas migrated from Groovy to JUnit 5 as part of adding coverage.Contributor Checklist
type:and (comp:orinst:) labels in addition to any other useful labelsclose,fix, or any linking keywords when referencing an issueJira ticket: N/A