feat: add net_ldap instrumentation #1587
Conversation
scbjans
requested review from
fbogsany,
mwear,
robertlaurin,
dazuma,
ericmustin,
arielvalentin,
ahayworth,
plantfansam,
robbkidd,
simi,
kaylareopelle,
xuan-cao-swi and
a team
as code owners
.toys/.data/releases.yml
Outdated
| @@ -231,7 +237,8 @@ gems: | |||
|
|
|||
| - name: opentelemetry-propagator-google_cloud_trace_context | |||
| directory: propagator/google_cloud_trace_context | |||
| version_constant: [OpenTelemetry, Propagator, GoogleCloudTraceContext, VERSION] | |||
| version_constant: | |||
There was a problem hiding this comment.
Why did you add new lines to the GCP related definitions?
There was a problem hiding this comment.
Thanks for your quick review @arielvalentin !
I guess this is from the format on save option in VSCode which I accidentally committed. I'll revert it.
I'll respond to the other comments this Friday.
| module LDAP | ||
| # The Instrumentation class contains logic to detect and install the Net::LDAP | ||
| # instrumentation | ||
| class Instrumentation < OpenTelemetry::Instrumentation::Base |
There was a problem hiding this comment.
Is there a min version requirement?
There was a problem hiding this comment.
FYI: We tested the original implementation using gem 'net-ldap' 0.17.0 if that info helps in finding out some requirements. As it's a 0.x version we assumed all bets are off in this case....
There was a problem hiding this comment.
Thanks, I only tested this with net-ldap 0.19.0. I'm inclined to say we should set a minimal version to 0.17.1, since in that version Ruby3.x support was added (as in added to CI), since our minimum Ruby version is 3.1 (which is also EOL, shall I put up a PR for that as well?)
cb5f1c4
There was a problem hiding this comment.
That sounds very reasonable to me, we are also planning to upgrade anyways soon.
| yield(payload).tap do |response| | ||
| annotate_span_with_response!(span, response) | ||
| end | ||
| rescue StandardError => e |
There was a problem hiding this comment.
Doesn't in_span already handle Error Recording and setting the status?
There was a problem hiding this comment.
Yes it does, but it doesn't add the ldap.error_message attribute. I've updated this a bit, and in 0583992 we'll rescue specifically on a ::Net::LDAP::Error
| LDAP::Instrumentation.instance.config | ||
| end | ||
|
|
||
| def annotate_span_with_response!(span, response) |
There was a problem hiding this comment.
Only add a ! if you have an existing method that does not have a !
|
|
||
| return if ::Net::LDAP::ResultCodesNonError.include?(status_code) | ||
|
|
||
| span.record_exception(error_message) unless error_message.empty? |
There was a problem hiding this comment.
I believe record_exception is an explicit helper for exception events. Consider using the Span Status Code description instead.
release-please-config.json
Outdated
| @@ -227,4 +231,4 @@ | |||
| "version-file": "lib/opentelemetry/resource/detector/google_cloud_platform/version.rb" | |||
| } | |||
| } | |||
| } | |||
| } | |||
| OpenTelemetry::SemanticConventions::Trace::NET_PEER_NAME => host || hosts, | ||
| OpenTelemetry::SemanticConventions::Trace::NET_PEER_PORT => port, | ||
| OpenTelemetry::SemanticConventions::Trace::PEER_SERVICE => instrumentation_config[:peer_service] | ||
| }.merge!(OpenTelemetry::Common::HTTP::ClientContext.attributes) |
There was a problem hiding this comment.
why is this amending HTTP Client attributes? How is that relevant to LDAP lookups?
There was a problem hiding this comment.
TBH I just took the already existing stale PR that originally was opened to add this instrumentation. That did the job for me, and I thought it might be beneficial for others to have this instrumentation more easily available.
I rushed this a bit and skipped the due diligence (sorry!), so I'm glad you ask.
It doesn't: I removed it.
| @encryption = args[:encryption] | ||
| end | ||
|
|
||
| def instrument(event, payload) |
There was a problem hiding this comment.
Do we want more specific attribute mappers here for each of these events?
https://github.com/search?q=repo%3Aruby-ldap%2Fruby-net-ldap+%2Finstrument+%22%2F&type=code
I do not particularly like the practice of dumping json strings where we do not know if the contents of the provided payload have sensitive information in them.
There was a problem hiding this comment.
I agree.
My naive thought was that it would be handled in net-ldap itself, but upon closer inspection I see that this instrumentation can leak e.g. passwords in cleartext.
I'll need some time to figure out which specific attributes to include.
There was a problem hiding this comment.
Fixed and added test in 3d2ff26
|
|
||
| tracer.in_span( | ||
| event, | ||
| attributes: attributes.compact, |
There was a problem hiding this comment.
This allocates and extra hash object.
lets avoid that by checking if the values are present before adding them to the hash.
| tracer.in_span( | ||
| event, | ||
| attributes: attributes.compact, | ||
| kind: :client |
There was a problem hiding this comment.
Do you think LDAP qualifies as RPC? Would using RPC client semantics be right for this?
Would using ECS style events make more sense for these?
There was a problem hiding this comment.
I was inclined to say LDAP qualifies as RPC, but my AI friend does not agree with me. Apparently LDAP itself is not RPC, but it is often combined with RPC (e.g. when joining computers to Windows domains), but we're only instrumenting LDAP in this case. Semconv doesn't specify anything for ldap, and other languages don't seem to have ldap instrumentation.
I'm not sure what to do here.
| def initialize(args = {}) | ||
| super | ||
|
|
||
| @instrumentation_service = args[:instrumentation_service] || OpenTelemetry::Instrumentation::Net::LDAP::InstrumentationService.new({ |
There was a problem hiding this comment.
Another thought I have here, what if we added this otel instrumentation as a decorator to the injected service?
Largely based on prior work in #1432 by @Hareramrai and @jdehaan
Since that PR seems stale, I've updated it with some small edits to comply with release management using toys.
Should fix: github.com//issues/669