-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Fix OTLP http responses #1010
Conversation
3f7dec4
to
9262294
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good but added some suggestions around moving some strings to consts
route/middleware.go
Outdated
@@ -58,6 +59,26 @@ func (r *Router) apiKeyChecker(next http.Handler) http.Handler { | |||
}) | |||
} | |||
|
|||
func (r *Router) apiKeyCheckerOTLP(next http.Handler) http.Handler { | |||
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { | |||
apiKey := req.Header.Get(types.APIKeyHeader) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Might be nice to move API key validation into Husky at some point too
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The plan from the API team is to add a public method for that to libhoney, so I'd suggest we wait until they do that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An update on that: libhoney's planned public method is only to determine a key's classicness, but nothing further in the realm of validity checking.
@MikeGoldsmith the |
I'm open to making things better instead of just moving stuff around 😄
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good 👍🏻
I'm working on a quick repro to manual test the fix. |
@robbkidd if it helps, my setup to test was telemetrygen -> collector -> refinery, with the collector exporting otlphttp using. |
I've got otel-cli -> collector 0.95.0 -> refinery. With a refinery build off the main branch and an invalid API key, I see the expected error in the collector:
With a refinery build off this PR branch and an invalid API key, I don't see any error in the collector when I expect refinery to have sent an error response that collector would parse happily. 😕 |
@robbkidd the error you posted is the error this PR solves. It would happen with or without an invalid key. Are you saying with this PR's build you don't see any error message returned from the call? |
Correct. With the new build from this PR, I do see an error if I omit the x-honeycomb-team header entirely:
But I see no error back in the collector when the x-honeycomb-team header is present and given a random key. That should return an Unauthorized error response and fail the collector's export attempt, right? |
@robbkidd I agree with you, I get the same result. I also tested |
@robbkidd ok after looking through Refinery this make sense. Refinery is currently only looking for specific keys if Changing this behavior seems out of scope for this PR. @kentquirk is there history behind this behavior? Should refinery be validating API keys it gets in the request? |
Refinery specifically doesn't validate API keys by default because that then makes rolling keys more difficult. We also have considered (and will again) features where Refinery would maintain its own list of keys and replace some or all of the incoming keys. If we change anything here, it would be a breaking change, so please don't do that now. We will certainly think about it again but it's a bigger product-level decision. |
@TylerHelmuth Ah! My memory is refreshed! No. Changing that is out of scope. I'll test with a list of acceptable keys for an error direct from Refinery. |
And that worked:
|
## Which problem is this PR solving? - Releasing #1010 ## Short description of the changes - update CHANGELOG and RELEASE_NOTES - no documentation updates - no dependency license changes
Which problem is this PR solving?
Refinery was not returning the correct OTLP payload and not always using the correct
Content-Type
in the response.Short description of the changes
This PR attempts to fix the OTLP response while leaving other protocols unaffected.
ExportTraceServiceResponse
object is returned for success and a grpcStatus
object is used for failure.