tracing: update to otelhttp roundtripper #2238
Conversation
|
fwiw, I am not a big fan of the way Edit: saw the issue you opened for otelhttptrace, I will look into an upstream patch for an option for this functionality. |
tonistiigi
force-pushed
the
http-tracing
branch
2 times, most recently
from
469b05b to
cf19610
Compare
|
@coryb I added your PR open-telemetry/opentelemetry-go-contrib#879 One issue is that I can see my authorization token in the trace. Definitely need to find a fix for that. Another smaller problem is that in Jaeger it doesn't show the timestamps of the events relative to span, but relative to trace. That means that the precision of the timestamps is really low. Obviously not a problem in your code but in Jaeger, but if you use Jaeger yourself would be nice to find some solution to that as well. |
|
Interesting, the headers annotations are actually in the original code, so your tokens were leaking just via one of the sub spans. I will update the PR to remove all the header annotations, don't think they add much value, not sure I want to just special case a few known auth headers. |
I'd be ok with just authorization headers (or maybe also if header contains "password/secret"). The most robust would be probably to add a filter option. Still, auth/secrets should be hidden by default I think. |
From the code that looks correct but for some reason I can't see any actual header values in Jaeger in previous version. Only the |
|
I have updated the otel PR to redact several headers by default, you can add more with |
tonistiigi
force-pushed
the
http-tracing
branch
2 times, most recently
from
9a37617 to
fe02b0e
Compare
|
Updated again. I'm ok with merging this with the replace rules. The worst that can happen if there is trouble in upstream is that we need to make a copy of these small utility packages to have it the way we like it. Looking that vendor brings in some cruft we would also save 80-90% size with that. |
|
We should probably also add a I am running buildkit with a branch I made with which merges both PRs: I also vote for releasing with the replace for now, we can fix when otel merges the issues. |
|
nvm. you already have a branch |
|
@coryb Updated. Please verify the branch. |
I am not sure if 836 is essential, it was the first issue I came across when diagnosing the leak, it seemed like a good fix anyway. 840 was essential to solve the goroutine leak though. I agree it is likely client issues, but they will be tricky to diagnose.
LGTM |
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
All patches proposed to upstream:
Signed-off-by: Tonis Tiigi tonistiigi@gmail.com