-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
494 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,136 @@ | ||
<?php | ||
/** | ||
* Elastic Transport | ||
* | ||
* @link https://github.com/elastic/elastic-transport-php | ||
* @copyright Copyright (c) Elasticsearch B.V (https://www.elastic.co) | ||
* @license https://opensource.org/licenses/MIT MIT License | ||
* | ||
* Licensed to Elasticsearch B.V under one or more agreements. | ||
* Elasticsearch B.V licenses this file to you under the MIT License. | ||
* See the LICENSE file in the project root for more information. | ||
*/ | ||
declare(strict_types=1); | ||
|
||
namespace Elastic\Transport; | ||
|
||
use Elastic\Transport\Exception\InvalidArgumentException; | ||
use Elastic\Transport\Serializer\JsonSerializer; | ||
use OpenTelemetry\API\Trace\TracerInterface; | ||
use OpenTelemetry\API\Trace\TracerProviderInterface; | ||
|
||
class OpenTelemetry | ||
{ | ||
const OTEL_TRACER_NAME = 'elasticsearch-api'; | ||
// Valid values for the enabled config are 'true' and 'false' | ||
const ENV_VARIABLE_ENABLED = 'OTEL_PHP_INSTRUMENTATION_ELASTICSEARCH_ENABLED'; | ||
/** | ||
* Describes how to handle search queries in the request body when assigned to | ||
* span attribute. | ||
* Valid values are 'raw', 'omit', 'sanitize'. Default is 'omit' | ||
*/ | ||
const ALLOWED_BODY_STRATEGIES = ['raw', 'omit', 'sanitize']; | ||
const ENV_VARIABLE_BODY_STRATEGY = 'OTEL_PHP_INSTRUMENTATION_ELASTICSEARCH_CAPTURE_SEARCH_QUERY'; | ||
const DEFAULT_BODY_STRATEGY = 'omit'; | ||
/** | ||
* A string list of keys whose values are redacted. This is only relevant if the body strategy is | ||
* 'sanitize'. For example, a config 'sensitive-key,other-key' will redact the values at | ||
* 'sensitive-key' and 'other-key' in addition to the default keys | ||
*/ | ||
const ENV_VARIABLE_BODY_SANITIZE_KEYS = 'OTEL_PHP_INSTRUMENTATION_ELASTICSEARCH_SEARCH_QUERY_SANITIZE_KEYS'; | ||
|
||
const SEARCH_ENDPOINTS = [ | ||
'search', | ||
'async_search.submit', | ||
'msearch', | ||
'eql.search', | ||
'terms_enum', | ||
'search_template', | ||
'msearch_template', | ||
'render_search_template', | ||
'esql.query' | ||
]; | ||
|
||
const DEFAULT_SANITIZER_KEY_PATTERNS = [ | ||
'password', | ||
'passwd', | ||
'pwd', | ||
'secret', | ||
'key', | ||
'token', | ||
'session', | ||
'credit', | ||
'card', | ||
'auth', | ||
'set-cookie', | ||
'email', | ||
'tel', | ||
'phone' | ||
]; | ||
const REDACTED_STRING = 'REDACTED'; | ||
|
||
private array $sanitizeKeys = []; | ||
private string $bodyStrategy; | ||
|
||
public function __construct() | ||
{ | ||
$strategy = getenv(self::ENV_VARIABLE_BODY_STRATEGY); | ||
if (false === $strategy) { | ||
$strategy = self::DEFAULT_BODY_STRATEGY; | ||
} | ||
if (!in_array($strategy, self::ALLOWED_BODY_STRATEGIES)) { | ||
throw new InvalidArgumentException(sprintf( | ||
'The body strategy specified %s is not valid. The available strategies are %s', | ||
$strategy, | ||
implode(',', self::ALLOWED_BODY_STRATEGIES) | ||
)); | ||
} | ||
$this->bodyStrategy = $strategy; | ||
$sanitizeKeys = getenv(self::ENV_VARIABLE_BODY_SANITIZE_KEYS); | ||
if (false !== $sanitizeKeys) { | ||
$this->sanitizeKeys = explode(',', $sanitizeKeys); | ||
} | ||
} | ||
|
||
public function processBody(string $body): string | ||
{ | ||
switch ($this->bodyStrategy) { | ||
case 'sanitize': | ||
return $this->sanitizeBody($body, $this->sanitizeKeys); | ||
case 'raw': | ||
return $body; | ||
default: | ||
return ''; | ||
} | ||
} | ||
|
||
public static function getTracer(TracerProviderInterface $tracerProvider): TracerInterface | ||
{ | ||
return $tracerProvider->getTracer( | ||
self::OTEL_TRACER_NAME, | ||
Transport::VERSION | ||
); | ||
} | ||
|
||
private function sanitizeBody(string $body, array $sanitizeKeys): string | ||
{ | ||
if (empty($body)) { | ||
return ''; | ||
} | ||
$json = json_decode($body, true); | ||
if (!is_array($json)) { | ||
return ''; | ||
} | ||
$patterns = array_merge(self::DEFAULT_SANITIZER_KEY_PATTERNS, $sanitizeKeys); | ||
|
||
// Convert the patterns array into a regex | ||
$regex = sprintf('/%s/', implode('|', $patterns)); | ||
// Recursively traverse the array and redact the specified keys | ||
array_walk_recursive($json, function (&$value, $key) use ($regex) { | ||
if (preg_match($regex, $key, $matches)) { | ||
$value = self::REDACTED_STRING; | ||
} | ||
}); | ||
return JsonSerializer::serialize($json); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.