Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decode URL-encoded headers in environment vars #2312

Merged
merged 10 commits into from
Jan 4, 2022
Merged

Decode URL-encoded headers in environment vars #2312

merged 10 commits into from
Jan 4, 2022

Conversation

mattoberle
Copy link
Contributor

@mattoberle mattoberle commented Dec 8, 2021
edited
Loading

Description

The opentelemetry-specification wants OTEL_EXPORTER_OTLP_HEADERS to conform to the Baggage HTTP Header Format.

To effectively use the headers from OTEL_EXPORTER_OTLP_HEADERS for things like authentication (a common use case) the values need to be decoded.

Given a header like this:

export OTEL_EXPORTER_OTLP_HEADERS="Authorization=Basic base64"

The code prior to this commit would reject the header for containing white space mid-value.

If the header is modified to this:

export OTEL_EXPORTER_OTLP_HEADERS="Authorization=Basic%20base64"

The code prior to this commit would send the header as Authorization: Basic%20base64, which will be rejected upstream.

This change applies urllib.parse.unquote to header names and values, based on precedent set by the following libraries:

Fixes #2248 1

1 This PR does not restore previous functionality (where the header str could be provided with spaces in the values), but it does provide the ability to provide a header str with encoded spaces. I also added the ability to pass headers as Dict[str, str] to address both issues raised in #2248. These can be split into individual PRs if needed.

Note 1: This could probably use a documentation update that addresses the need to url-encode header values.
Note 2: I unquoted header names as well as values (based on prior art), but wasn't 100% clear if that's what the spec defines.
Note 3: Could this be considered a breaking change? Prior to this (including prior to the re-implementation of the header parsing) all names/values were sent as-is.

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • This change requires a documentation update

How Has This Been Tested?

  • Extending the unit tests for re.py

Does This PR Require a Contrib Repo Change?

  • No.

Checklist:

  • Followed the style guidelines of this project
  • Changelogs have been updated
  • Unit tests have been added
  • Documentation has been updated

@mattoberle mattoberle requested a review from a team as a code owner December 8, 2021 00:10
@linux-foundation-easycla
Copy link

CLA Not Signed

@mattoberle
Decode URL-encoded headers in environment vars
17c5f2a 
The [opentelemetry-specification](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md#specifying-headers-via-environment-variables) wants `OTEL_EXPORTER_OTLP_HEADERS` to conform to the [Baggage HTTP Header Format](https://github.com/w3c/baggage/blob/main/baggage/HTTP_HEADER_FORMAT.md).

To effectively use the headers from `OTEL_EXPORTER_OTLP_HEADERS` for
things like authentication (a common use case) the values need to be
decoded.

Given a header like this:

```
export OTEL_EXPORTER_OTLP_HEADERS="Authorization=Basic base64"
```

The code prior to this commit would reject the header for containing
whitespace mid-value.

If the header is modified to this:

```
export OTEL_EXPORTER_OTLP_HEADERS="Authorization=Basic%20base64"
```

The code prior to this commit would send the header as `Authorization:
Basic%20base64`, which will be rejected upstream.

This change applies `urllib.parse.unquote` to header **names** and
**values**, based on precedent set by the following libraries:

- [opentelemetry-go](https://github.com/open-telemetry/opentelemetry-go)
- [opentelemetry-js](https://github.com/open-telemetry/opentelemetry-js)
- [opentelemetry-ruby](https://github.com/open-telemetry/opentelemetry-ruby)
mattoberle and others added 4 commits December 7, 2021 19:25
@mattoberle
Update CHANGELOG
0cb2281
@mattoberle
Unquote header strings before calling str.strip()
9d9e08d 
Unquoting header keys and values **after** calling `str.strip()` opened
the possibility for user encoding errors where a header contained
invalid whitespace. Unquoting **before** `str.strip()` aligns
`opentelemetry-python` with other `opentelemetry-{lang}` libraries that
implemenent URL decoding.
@mattoberle
Allow gRPC headers in dict format
ab8ee36 
The HTTP exporter allows headers to be provided as `Dict[str, str]`.
The gRPC exporter required headers to be `Sequence[Tuple[str, str]]`.

This commit enables the `Dict[str, str]` format for gRPC.
@srikanthccv
Merge branch 'main' into issue/2248
6c5212e
srikanthccv
srikanthccv approved these changes Dec 9, 2021
View reviewed changes
Copy link
Member

@srikanthccv srikanthccv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lzchen lzchen merged commit d8bebdd into open-telemetry:main Jan 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lzchen lzchen lzchen left review comments

@owais owais owais approved these changes

@srikanthccv srikanthccv srikanthccv approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

grpc OTLPSpanExporter does not support HTTP authorization headers anymore
4 participants
@mattoberle @owais @lzchen @srikanthccv