fix: Fix OTLP http responses #1010
Conversation
TylerHelmuth
changed the title
TylerHelmuth
force-pushed
the
tyler.fix-otlp-response
branch
from
3f7dec4
to
9262294
Compare
route/middleware.go
Outdated
| @@ -58,6 +59,26 @@ func (r *Router) apiKeyChecker(next http.Handler) http.Handler { | |||
| }) | |||
| } | |||
|
|
|||
| func (r *Router) apiKeyCheckerOTLP(next http.Handler) http.Handler { | |||
| return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { | |||
| apiKey := req.Header.Get(types.APIKeyHeader) | |||
There was a problem hiding this comment.
Might be nice to move API key validation into Husky at some point too
There was a problem hiding this comment.
The plan from the API team is to add a public method for that to libhoney, so I'd suggest we wait until they do that.
There was a problem hiding this comment.
An update on that: libhoney's planned public method is only to determine a key's classicness, but nothing further in the realm of validity checking.
|
@MikeGoldsmith the |
|
I'm open to making things better instead of just moving stuff around 😄
|
|
I'm working on a quick repro to manual test the fix. |
@robbkidd if it helps, my setup to test was telemetrygen -> collector -> refinery, with the collector exporting otlphttp using. |
|
I've got otel-cli -> collector 0.95.0 -> refinery. With a refinery build off the main branch and an invalid API key, I see the expected error in the collector: With a refinery build off this PR branch and an invalid API key, I don't see any error in the collector when I expect refinery to have sent an error response that collector would parse happily. 😕 |
|
@robbkidd the error you posted is the error this PR solves. It would happen with or without an invalid key. Are you saying with this PR's build you don't see any error message returned from the call? |
Correct. With the new build from this PR, I do see an error if I omit the x-honeycomb-team header entirely: But I see no error back in the collector when the x-honeycomb-team header is present and given a random key. That should return an Unauthorized error response and fail the collector's export attempt, right? |
|
@robbkidd I agree with you, I get the same result. I also tested |
|
@robbkidd ok after looking through Refinery this make sense. Refinery is currently only looking for specific keys if Changing this behavior seems out of scope for this PR. @kentquirk is there history behind this behavior? Should refinery be validating API keys it gets in the request? |
|
Refinery specifically doesn't validate API keys by default because that then makes rolling keys more difficult. We also have considered (and will again) features where Refinery would maintain its own list of keys and replace some or all of the incoming keys. If we change anything here, it would be a breaking change, so please don't do that now. We will certainly think about it again but it's a bigger product-level decision. |
|
@TylerHelmuth Ah! My memory is refreshed! No. Changing that is out of scope. I'll test with a list of acceptable keys for an error direct from Refinery. |
|
And that worked: |
## Which problem is this PR solving? - Releasing #1010 ## Short description of the changes - update CHANGELOG and RELEASE_NOTES - no documentation updates - no dependency license changes
robbkidd
added
type: bug
Which problem is this PR solving?
Refinery was not returning the correct OTLP payload and not always using the correct
Content-Typein the response.Short description of the changes
This PR attempts to fix the OTLP response while leaving other protocols unaffected.
ExportTraceServiceResponseobject is returned for success and a grpcStatusobject is used for failure.