Skip to content

Exclude OTLP header configurations from configuration telemetry#5868

Merged
bm1549 merged 8 commits into
masterfrom
brian.marks/omit-sensitive-config-telemetry
Jun 23, 2026
Merged

Exclude OTLP header configurations from configuration telemetry#5868
bm1549 merged 8 commits into
masterfrom
brian.marks/omit-sensitive-config-telemetry

Conversation

@bm1549

@bm1549 bm1549 commented Jun 6, 2026

Copy link
Copy Markdown
Contributor

What does this PR do?

Excludes the OTLP exporter header configurations (OTEL_EXPORTER_OTLP_HEADERS, OTEL_EXPORTER_OTLP_METRICS_HEADERS, OTEL_EXPORTER_OTLP_LOGS_HEADERS) from configuration telemetry, and marks them sensitive: true in supported-configurations.json.

Motivation:

These configurations should not be included in configuration telemetry.

Change log entry

None.

Additional Notes:

How to test the change?

Specs in spec/datadog/core/telemetry/event/app_started_spec.rb assert these values are absent from the configuration telemetry while keeping assertions for the non-sensitive OpenTelemetry exporter configurations.

@bm1549 bm1549 added the AI Generated Largely based on code generated by an AI or LLM. This label is the same across all dd-trace-* repos label Jun 6, 2026
@dd-octo-sts dd-octo-sts Bot added the core Involves Datadog core libraries label Jun 6, 2026
@dd-octo-sts

dd-octo-sts Bot commented Jun 6, 2026

Copy link
Copy Markdown
Contributor

Typing analysis

Note: Ignored files are excluded from the next sections.

steep:ignore comments

This PR clears 2 steep:ignore comments.

steep:ignore comments (+0-2)Cleared:
lib/datadog/core/telemetry/event/app_started.rb:155
lib/datadog/core/telemetry/event/app_started.rb:165

@datadog-datadog-prod-us1-2

datadog-datadog-prod-us1-2 Bot commented Jun 6, 2026

Copy link
Copy Markdown

Tests

🎉 All green!

🧪 All tests passed
❄️ No new flaky tests detected

🎯 Code Coverage (details)
Patch Coverage: 16.67%
Overall Coverage: 90.01% (-0.01%)

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 35e3616 | Docs | Datadog PR Page | Give us feedback!

bm1549 and others added 2 commits June 8, 2026 17:38
… telemetry

Mark the OTLP exporter header configurations and DD_API_KEY / DD_APP_KEY
as `sensitive: true` in supported-configurations.json, and ensure the OTLP
exporter header configurations are omitted from configuration telemetry
through their `skip_telemetry` flag.

Update the app_started specs to assert these values are absent from the
telemetry configuration while keeping assertions for the non-sensitive
OpenTelemetry exporter configurations.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@bm1549 bm1549 force-pushed the brian.marks/omit-sensitive-config-telemetry branch from b444497 to 4b3ec95 Compare June 8, 2026 21:39
@pr-commenter

pr-commenter Bot commented Jun 8, 2026

Copy link
Copy Markdown

Benchmarks

Benchmark execution time: 2026-06-23 18:47:17

Comparing candidate commit 35e3616 in PR branch brian.marks/omit-sensitive-config-telemetry with baseline commit fd1e1b0 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 48 metrics, 1 unstable metrics.

Explanation

This is an A/B test comparing a candidate commit's performance against that of a baseline commit. Performance changes are noted in the tables below as:

  • 🟩 = significantly better candidate vs. baseline
  • 🟥 = significantly worse candidate vs. baseline

We compute a confidence interval (CI) over the relative difference of means between metrics from the candidate and baseline commits, considering the baseline as the reference.

If the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD), the change is considered significant.

Feel free to reach out to #apm-benchmarking-platform on Slack if you have any questions.

More details about the CI and significant changes

You can imagine this CI as a range of values that is likely to contain the true difference of means between the candidate and baseline commits.

CIs of the difference of means are often centered around 0%, because often changes are not that big:

---------------------------------(------|---^--------)-------------------------------->
                              -0.6%    0%  0.3%     +1.2%
                                 |          |        |
         lower bound of the CI --'          |        |
sample mean (center of the CI) -------------'        |
         upper bound of the CI ----------------------'

As described above, a change is considered significant if the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD).

For instance, for an execution time metric, this confidence interval indicates a significantly worse performance:

----------------------------------------|---------|---(---------^---------)---------->
                                       0%        1%  1.3%      2.2%      3.1%
                                                  |   |         |         |
       significant impact threshold --------------'   |         |         |
                      lower bound of CI --------------'         |         |
       sample mean (center of the CI) --------------------------'         |
                      upper bound of CI ----------------------------------'

bm1549 and others added 2 commits June 9, 2026 17:49
… not reported

Add a flag-driven invariant that walks the live settings tree, assigns a
unique sentinel to every option declaring skip_telemetry true, and asserts
no sentinel reaches any reported configuration value or name. This auto-covers
future sensitive options without per-name enumeration.

Add a drift guard asserting the env-backed skip_telemetry options match the
entries marked sensitive in supported-configurations.json.

Extend the sweep to the DD_API_KEY and AI-Guard DD_APP_KEY options and to the
app-extended-heartbeat event, which inherits the same configuration builder.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… generic sweep

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@bm1549 bm1549 marked this pull request as ready for review June 9, 2026 22:14
@bm1549 bm1549 requested a review from a team as a code owner June 9, 2026 22:14
bm1549 and others added 2 commits June 9, 2026 18:44
…options

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

@vpellan vpellan left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but I feel like the sensitive field in supported-configurations.json and the related checks/specs should be their own PR as they are different from the original intent of that PR

Comment thread spec/datadog/core/telemetry/sensitive_configuration_registry_spec.rb Outdated
bm1549 and others added 2 commits June 23, 2026 13:03
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@bm1549 bm1549 merged commit 49368c6 into master Jun 23, 2026
587 checks passed
@bm1549 bm1549 deleted the brian.marks/omit-sensitive-config-telemetry branch June 23, 2026 20:42
@dd-octo-sts dd-octo-sts Bot added this to the 2.36.0 milestone Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

AI Generated Largely based on code generated by an AI or LLM. This label is the same across all dd-trace-* repos core Involves Datadog core libraries

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants