Gate process command attributes under v3 preview#19082
Conversation
There was a problem hiding this comment.
Pull request overview
This PR gates the process.command_args and process.command_line resource attributes behind the otel.instrumentation.common.v3-preview preview flag, addressing the privacy/security risk of capturing full command lines (which can contain secrets) by default. Lower-risk attributes (process.pid, process.executable.path) continue to be emitted unconditionally. When v3 preview is enabled, users can opt the command attributes back in with otel.instrumentation.resources.experimental.process-command-attributes.enabled=true. The gating is applied only in the autoconfigure ProcessResourceProvider SPI; the declarative config process detector path (via ProcessResource.get()) is intentionally left unchanged.
Changes:
- Refactored
ProcessResourceto add abuildResource(boolean emitCommandAttributes)overload and extract command-attribute logic intoaddCommandAttributes(...). ProcessResourceProvidernow computes whether to emit command attributes based on the v3-preview flag and the new opt-in config key.- Added test coverage for all four flag/opt-in combinations, a new metadata config entry, and README documentation.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
instrumentation/resources/library/src/main/java/.../ProcessResource.java |
Adds buildResource(boolean) / doBuildResource(boolean) and extracts addCommandAttributes; preserves existing command-line/args logic. |
instrumentation/resources/library/src/main/java/.../ProcessResourceProvider.java |
Gates command attributes via emitCommandAttributes(config) using v3-preview + opt-in config keys. |
instrumentation/resources/library/src/test/java/.../ProcessResourceTest.java |
Adds tests for disabled, default-emit, opt-in-only, v3-suppressed, and v3+opt-in cases; refactors shared assertions. |
instrumentation/resources/metadata.yaml |
Declares the new opt-in boolean config and its declarative name. |
instrumentation/resources/library/README.md |
Documents process.command_args and the v3-preview gating behavior. |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
| : "process.command_args"); | ||
| assertThat(attributeKeys).contains("process.executable.path", "process.pid"); | ||
| assertThat(attributeKeys) | ||
| .doesNotContain("process.command_args", "process.command_line"); |
There was a problem hiding this comment.
declarative configuration no longer emits these attributes, related to open-telemetry/opentelemetry-configuration#671
laurit
left a comment
There was a problem hiding this comment.
If we are going to make this opt-in should we also stop attempting to sanitize it? Sanitizing probably won't hurt since it is unlikely that anybody really wants to send secrets to the backend.
Resolves #10151
Gate
process.command_argsandprocess.command_lineresource attributes underotel.instrumentation.common.v3-preview=true, while continuing to emit lower-risk process resource attributes such asprocess.pidandprocess.executable.path.In 3.0, users can opt into command attributes with
otel.instrumentation.resources.experimental.process-command-attributes.enabled=true.The public
ProcessResource.get()API is deprecated for removal in 3.0 in favor ofProcessResource.create(), withProcessResource.create(boolean)available for callers that explicitly choose whether command attributes should be emitted.Declarative users only receive process resource attributes when they explicitly list the
processdetector, for example:Note
The
processdetector does not emitprocess.command_argsorprocess.command_line. There is currently no detector-local YAML option to enable those attributes; that follow-up is tracked in open-telemetry/opentelemetry-configuration#671.