search

zalando-zmon / opentracing-utils

Convenient utilities for adding OpenTracing support in your python projects
MIT License
20 stars 8 forks source link

Logging query parameters in trace_sqlalchemy #56

Closed yeger00 closed 3 years ago

yeger00 commented 3 years ago

Hello, First of all, thank you for maintaining this project. We are using it and it is very helpful. Second, I would like to know if it is possible, and is it a good practice, to log the parameters of a SQL query along the query itself (in the trace_sqlalchemy() function in _sqlalchemy.py . It might be very useful for debugging purposes.

The main downside I could think of is the possibility of logging private information of user's input.

I would like to know what do you think about it.

Thanks, Avi

mohabusama commented 3 years ago

Hi Avi,

Yes, this is exactly the problem with logging the parameters. Accidentally leaking PII or sensitive information should be avoided.

We could explore an alternative where we give flexibility on enriching the span to the caller. For instance:

def enrich_sqlalchemy_span(span, statement, parameters, context):
    # filter out parameters here and select the ones you might be interested in.
    sanitized_params = {}
    span.log_kv({"sanitized-params": sanitized_params})

trace_sqlalchemy(enrich_span=enrich_sqlalchemy_span)

This could be acceptable, since the implementation does not assume any control on how to log the params or any other data in the span and leaves this responsibility to the caller.

yeger00 commented 3 years ago

Hi, I think giving such an option might be a good compromise between "always log" and "never log". It would be great if you will add it.

Thanks, Avi

mohabusama commented 3 years ago

This has been released in 0.22.1. Thanks for the contribution :)