Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FDS-2525] Authenticated export of telemetry data #1527

Merged
merged 53 commits into from
Nov 13, 2024
Merged
Show file tree
Hide file tree
Changes from 46 commits
Commits
Show all changes
53 commits
Select commit Hold shift + click to select a range
b369ef4
Adding changes for synapse entity tracking
BryanFauble Sep 17, 2024
30def7e
Create unique test suites for each run
BryanFauble Sep 17, 2024
093e179
Remove extra try-catch
BryanFauble Sep 17, 2024
05e936c
Remove todo
BryanFauble Sep 17, 2024
57b8408
Remove un-needed code
BryanFauble Sep 17, 2024
2ef297f
mypy flagged issues
BryanFauble Sep 17, 2024
476b627
mypy flagged issues
BryanFauble Sep 17, 2024
9b08554
pylint patching
BryanFauble Sep 17, 2024
e4eff7a
pylint issue resolution
BryanFauble Sep 17, 2024
6226efa
Remove py3.10 only feature
BryanFauble Sep 17, 2024
6b77396
Merge branch 'develop' into fds-2386-synapse-refactoring
BryanFauble Sep 19, 2024
906a298
Patching for issues
BryanFauble Sep 19, 2024
a7fab56
Merge remote-tracking branch 'origin/develop-fix-gh-workflow' into fd…
BryanFauble Sep 19, 2024
fe9b27e
Bug patching
BryanFauble Sep 19, 2024
b445853
Merge branch 'develop' into fds-2386-synapse-refactoring
BryanFauble Sep 19, 2024
f10640e
Adding tests for io_utils changes
BryanFauble Sep 19, 2024
38eb3ec
Log tests to CLI (Temp)
BryanFauble Sep 19, 2024
51bc8fc
Create dir if not exsists
BryanFauble Sep 20, 2024
058eed4
Merge branch 'develop' into fds-2386-synapse-refactoring
BryanFauble Sep 20, 2024
14fdc96
Don't log the cli
BryanFauble Sep 20, 2024
cd60d3c
Update to released version of synapse python client
BryanFauble Sep 20, 2024
662461d
Add docstrings
BryanFauble Sep 20, 2024
ff02757
Code review feedback
BryanFauble Sep 25, 2024
f84fad0
Don't build data docs if not logging for debug
BryanFauble Sep 25, 2024
8cc688b
assertion that entity_type is not None
BryanFauble Sep 25, 2024
a92a27f
Attach package version
BryanFauble Oct 8, 2024
6489df4
Include the file size of the manifest used in the operation
BryanFauble Oct 8, 2024
07afa48
Move version of package to Resource definition
BryanFauble Oct 8, 2024
8f10eaf
Move to grabbing owner_id and exporting everything over GRPC lib
BryanFauble Oct 9, 2024
3a01976
Add examples
BryanFauble Oct 9, 2024
29a8e4c
Leave imports in
BryanFauble Oct 9, 2024
9aaa1e5
Correct to also export logs, and setting deployment environment inste…
BryanFauble Oct 10, 2024
95d2da6
Move over to `SERVICE_VERSION` instead of defining out own attribute
BryanFauble Oct 10, 2024
05d99bf
add tracing
linglp Oct 15, 2024
dc24976
Update suggested defaults
BryanFauble Oct 17, 2024
87d8341
Correct mis-spelled SynapseEntityTracker
BryanFauble Oct 23, 2024
5acc05c
Merge branch 'develop' into fds-2386-synapse-refactoring
BryanFauble Oct 23, 2024
b680351
Correct for diverged code
BryanFauble Oct 23, 2024
e6edc21
Merge branch 'fds-2386-synapse-refactoring' into attach-additional-te…
BryanFauble Oct 24, 2024
73879dd
Merge branch 'develop' into attach-additional-telemetry-data
BryanFauble Oct 24, 2024
248d8aa
increment synapseclient version
BryanFauble Oct 24, 2024
6a9fc2f
Add requests-oauth2client to supported oauth2 token exchange for auth…
BryanFauble Oct 29, 2024
4de4b24
Allow setting static exporter headers and add how to export data from…
BryanFauble Oct 30, 2024
0ab29dc
Remove hacky code due to self-signed SSL certs
BryanFauble Nov 4, 2024
8fe6d51
Add more comments to readme
BryanFauble Nov 4, 2024
7c06d42
Merge branch 'develop' into fds-2525-authenticated-exports
BryanFauble Nov 4, 2024
a096639
Correct version grabbing
BryanFauble Nov 12, 2024
adff2f1
Merge branch 'develop' into fds-2525-authenticated-exports
BryanFauble Nov 12, 2024
2e3b3cf
Add pip install to dockerfile to support pulling self package version
BryanFauble Nov 12, 2024
0b6a50d
Revert "Add pip install to dockerfile to support pulling self package…
BryanFauble Nov 12, 2024
30af57e
Revert "Correct version grabbing"
BryanFauble Nov 12, 2024
b718f85
Pull back setting service version as I could not get this working in …
BryanFauble Nov 12, 2024
5f8dc9f
Merge branch 'develop' into fds-2525-authenticated-exports
BryanFauble Nov 12, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 71 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,17 +33,20 @@
- [3. Start the virtual environment](#3-start-the-virtual-environment)
- [4. Install `schematic` dependencies](#4-install-schematic-dependencies)
- [5. Set up configuration files](#5-set-up-configuration-files)
- [6. Obtain Google credential files](#6-obtain-google-credential-files)
- [6. Obtain Google credential files](#6-obtain-google-credential-files-1)
- [7. Set up pre-commit hooks](#7-set-up-pre-commit-hooks)
- [8. Verify your setup](#8-verify-your-setup)
- [Command Line Usage](#command-line-usage)
- [Docker Usage](#docker-usage)
- [Running the REST API](#running-the-rest-api)
- [Example 1: Using the `config.yml` path](#example-1-using-the-configyml-path)
- [Example 2: Use environment variables](#example-2-use-environment-variables)
- [Running `schematic` to Validate Manifests](#running-schematic-to-validate-manifests)
- [Example for macOS/Linux](#example-for-macoslinux)
- [Example for Windows](#example-for-windows)
- [Running the REST API](#running-the-rest-api)
- [Example 1: Using the `config.yml` path](#example-1-using-the-configyml-path)
- [Example 2: Use environment variables](#example-2-use-environment-variables)
- [Running `schematic` to Validate Manifests](#running-schematic-to-validate-manifests)
- [Example for macOS/Linux](#example-for-macoslinux)
- [Example for Windows](#example-for-windows)
- [Exporting OpenTelemetry data from schematic](#exporting-opentelemetry-data-from-schematic)
- [Exporting OpenTelemetry data for SageBionetworks employees](#exporting-opentelemetry-data-for-sagebionetworks-employees)
- [Exporting data locally](#exporting-data-locally)
- [Contributors](#contributors)


Expand Down Expand Up @@ -482,6 +485,67 @@ docker run -v %cd%:/schematic \
-c config.yml validate -mp tests/data/mock_manifests/inValid_Test_Manifest.csv -dt MockComponent -js /schematic/data/example.model.jsonld
```

# Exporting OpenTelemetry data from schematic
This section is geared towards the SageBionetworks specific deployment of schematic as
an API server running in the Sage specific AWS account.


Schematic is setup to produce and export OpenTelemetry data while requests are flowing
through the application code. This may be accomplished by setting a few environment
variables wherever the application is running. Those variables are:

- `TRACING_EXPORT_FORMAT`: Determines in what format traces will be exported. Supported values: [`otlp`].
- `LOGGING_EXPORT_FORMAT`: Determines in what format logs will be exported. Supported values: [`otlp`].
- `TRACING_SERVICE_NAME`: The name of the service to attach for all exported traces.
- `LOGGING_SERVICE_NAME`: The name of the service to attach for all exported logs.
- `DEPLOYMENT_ENVIRONMENT`: The name of the environment to attach for all exported telemetry data.
- `OTEL_EXPORTER_OTLP_ENDPOINT`: The endpoint to export telemetry data to.

Authentication (Oauth2 client credential exchange):

Used in cases where an intermediate opentelemetry collector is not, or can not be used.
This option is not preferred over using an intermediate opentelemetry collector, but is
left in the code to show how we may export telemetry data with an authorization header
deried from an oauth2 client credential exchange flow.

- `TELEMETRY_EXPORTER_CLIENT_ID`: The ID of the client to use when executing the OAuth2.0 "Client Credentials" flow.
- `TELEMETRY_EXPORTER_CLIENT_SECRET`: The Secret of the client to use when executing the OAuth2.0 "Client Credentials" flow.
- `TELEMETRY_EXPORTER_CLIENT_TOKEN_ENDPOINT`: The Token endpoint to use when executing the OAuth2.0 "Client Credentials" flow.
- `TELEMETRY_EXPORTER_CLIENT_AUDIENCE`: The ID of the API server to use when executing the OAuth2.0 "Client Credentials" flow.

Authentication (Static Bearer token)

- `OTEL_EXPORTER_OTLP_HEADERS`: Used for developers to set a static Bearer token to be used when exporting telemetry data.

The above configuration will work when the application is running locally, in a
container, running in AWS, or running via CLI. The important part is that the
environment variables are set before the code executes, as the configuration is setup
when the code runs.

## Exporting OpenTelemetry data for SageBionetworks employees
The DPE (Data Processing & Engineering) team is responsible for maintaining and giving
out the above sensitive information. Please reach out to the DPE team if a new ID/Secret
is needed in order to export telemetry data in a new environment, or locally during
development.

### Exporting data locally
In order to conserve the number of monthly token requests that can be made the following
process should be followed instead of setting the `TELEMETRY_EXPORTER_CLIENT_*`
environment variables above.

1) Request access to a unique client ID/Secret that identifies you from DPE.
2) Retrieve a token that must be refreshed every 24 hours via cURL. The specific values will be given when the token is requested. Example:
```
curl --request POST \
--url https://TOKEN_URL.us.auth0.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"...","client_secret":"...","audience":"...","grant_type":"client_credentials"}'
```
3) Set an environment variable in your `.env` file like: `OTEL_EXPORTER_OTLP_HEADERS=Authorization=Bearer ey...`

If you fail to create a new access token after 24 hours you will see HTTP 403 JWT
Expired messages when the application attempts to export telemetry data.

# Contributors

Main contributors and developers:
Expand Down
10 changes: 9 additions & 1 deletion env.example
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,12 @@ SERVICE_ACCOUNT_CREDS='Provide service account creds'
# TRACING_SERVICE_NAME=schematic-api
# LOGGING_SERVICE_NAME=schematic-api
## Other examples: dev, staging, prod
# DEPLOYMENT_ENVIRONMENT=local
# DEPLOYMENT_ENVIRONMENT=local
# OTEL_EXPORTER_OTLP_ENDPOINT=https://..../telemetry
## Opentelemetry authentication
# TELEMETRY_EXPORTER_CLIENT_ID=...
# TELEMETRY_EXPORTER_CLIENT_SECRET-...
# TELEMETRY_EXPORTER_CLIENT_TOKEN_ENDPOINT=...
# TELEMETRY_EXPORTER_CLIENT_AUDIENCE=...
## Alternative Opentelemetry authentication: Sets a static Authorization header to use for all requests. Used when developing locally
# OTEL_EXPORTER_OTLP_HEADERS=Authorization=Bearer ey...
Loading
Loading