-
Notifications
You must be signed in to change notification settings - Fork 544
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(mongodb): add db statement serializer config #626
feat(mongodb): add db statement serializer config #626
Conversation
wonder why insert statement was not collected vs update statement which always does. guess the intention was not to leak sensitive information via span attributes, but then it should probably include update as well? |
Codecov Report
@@ Coverage Diff @@
## main #626 +/- ##
==========================================
+ Coverage 96.68% 96.70% +0.01%
==========================================
Files 13 15 +2
Lines 634 697 +63
Branches 124 128 +4
==========================================
+ Hits 613 674 +61
- Misses 21 23 +2
|
@blumamir Sensitive information may appear anywhere - even in an HTTP request URL - and also in an update statement, as you mentioned |
You are right, I don't know what was the initial intention for separating With regards to the update-insert issue, I feel that adding a new instrumentation option that has the name Anyway, these are all thoughts and suggestions, but other people might have different opinion :) |
@blumamir I generally agree; I would only add that we're dealing with sensitive information anyway - it's unavoidable and has to be addressed somehow (e.g., provide a mechanism for doing that as part of OTEL, regardless of the source of the data). I tend to agree that the best solution would be breaking the existing behavior of the instrumentation and avoid the distinction between insert/update with a mechanism similar to the DB statement serializer., but let's hear other opinions on that :) |
Well i wrote this code and don't remember why i did this, i don't think it was to avoid leaking data since we already use |
@vmarchaud So I'll go ahead and remove this logic and add the ability to override the existing db statement serialization with a dbStatementSerializer config. Agreed? |
Yes :) |
20f2e44
to
cfb8486
Compare
cfb8486
to
8362ac7
Compare
@vmarchaud Done :) |
plugins/node/opentelemetry-instrumentation-mongodb/src/instrumentation.ts
Show resolved
Hide resolved
137b330
to
2b6eda7
Compare
3b61c55
to
906ce3b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, one suggestion
this._config.dbStatementSerializer || | ||
this._defaultDbStatementSerializer.bind(this); | ||
|
||
if (typeof dbStatementSerializer === 'function') { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you should do this checking a bit earlier for example
const dbStatementSerializer: DbStatementSerializer =
typeof this._config.dbStatementSerializer === 'function' ? this._config.dbStatementSerializer :
this._defaultDbStatementSerializer.bind(this);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
05ddd96
to
fbb5bdc
Compare
@nozik CI is failing because of an unused import:
|
fbb5bdc
to
aa00598
Compare
@obecny @vmarchaud Done and done :) |
This is ready for merge but I don't have access to write to your branch so I can't update the PR to merge it. Please update the branch or give maintainers write acess to it. |
@dyladan Done |
looks like lint now fails due to legitimate reasons. |
4fa8843
to
251bdb2
Compare
Which problem is this PR solving?
Short description of the changes