Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

requests: Allow controlling whether propagation headers are sent

See original GitHub issue

Problem

We’d like to use opentelemetry to instrument requests for internal HTTP requests, but we also send requests to external parties. If we put user IDs in baggage, we’d prefer not to send those outside of our systems, but there is no way to do that with the current approach.

Desired solution

Provide configuration for which origins have propagation enabled. This could take the form of allow- and deny-lists, or a user-provided callback that returns a boolean based on the request.

Alternatives

Let the user instrument individual Session objects so that they can use an instrumented Session for internal calls, and an uninstrumented one for external calls. The API could be mirrored off of the flask instrumentation, which provides an instrument_app method.

So, perhaps an interface like:

class RequestsInstrumentor(BaseInstrumentor):

    # ... existing contents

    def instrument_session(session: requests.Session) -> None:
        ...

    def uninstrument_session(session: requests.Session) -> None:
        ...

This has a downside of not creating spans for those calls, when all we actually want is to prevent context propagation. It also forces cookie saving and connection pooling on users, making it hard to get the same behaviour as the bare requests.{get, post, ...} methods.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:1
  • Comments:6 (4 by maintainers)

github_iconTop GitHub Comments

2reactions
owaiscommented, May 28, 2021

I think custom propagator is actually a pretty good solution for this use case. I don’t think we need to address this in stock propagators or SDKs since it is very easy to implement in each project. Someone could even publish a opentelemetry-baggae-with-privacy-respecting-feature-and-other-goodness to pypi for others to use 😄

As long as this project makes it possible for the community to build reliable solutions to such problems, I don’t think we need to address them here.

Closing this but feel free to re-open if anyone thinks this is not viable for all cases.

0reactions
owaiscommented, May 28, 2021

I do like the idea of something supported within the libraries themselves. The suppress_instrumentation thing looks like an internal detail though, and not something a library consumer should use. Is that right?

Right, it’s meant to be used only by the SDK and instrumentations.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Trace Context - W3C
This specification defines standard HTTP headers and a value format to propagate context information that enables distributed tracing ...
Read more >
Header propagation using ASP.NET Core - Craft Bakery
Imagine that you have REST API that calls external REST API. And you have to propagate requested HTTP headers to external API.
Read more >
header propagation (subgraph -> client) · Issue #1284 - GitHub
Our current header propagation plugin is all about managing headers from client -> subgraph. Currently, we don't propagate headers from ...
Read more >
python - Having trouble maintaining order of Session headers ...
As you see, requests initiates some headers even when we haven't told it to. Now what happens if we pass some headers to...
Read more >
Propagating HTTP headers from inbound request to multiple ...
I'd want my authentication headers saved from the request and then added to all (4+) HTTP requests sent by the flow. The closest...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

HTTP Span Attributes: `http.url` must not contain username / password

Next page

opentelemetry-instrumentation-grpc client instrumentation fails if channel has interceptors