Log a warning when an environment variable without a value is expanded

Question

Log a warning when an environment variable without a value is expanded

dyladan opened this issue 2 years ago · comments

Related to #5614

Is your feature request related to a problem? Please describe.

In open-telemetry/opentelemetry-collector-contrib#11846 the user was trying to use "$ConnectionString" as a Username. The collector automatically interprets $ as an environment variable expansion. The environment variable was empty, so the Username field was interpreted as empty and failed validation. There was nothing logged in the collector to alert this user that their configuration was being mangled by the failed environment expansion.

Describe the solution you'd like

When an environment variable expansion has no value, log a warning.

Daniel Dyla · Answer 1 · Sat Jul 02 2022 02:29:37 GMT+0800 (China Standard Time)

Another possible "fix" for this is to log the full collector config at startup. IIRC this is what telegraf does. This would allow the user to see that their config is messed up.

One major issue with this solution is that you would need to reliably hide secrets while also making it possible to see if an expansion failed. We currently don't have any way to distinguish between expansions that are secret and should be obfuscated in logs and expansions that are not.

Pablo Baeyens · Answer 2 · Sat Jul 02 2022 18:18:50 GMT+0800 (China Standard Time)

I think we should fail fast instead of logging a warning. This is a breaking change, but I think it's worth it in terms of improved troubleshooting and we can have a feature gate to make the transition smoother. We probably also want to prioritize implementing #5228, which will be useful in this case.

For printing the configuration, we have #5223. If you have ideas on how to reliably hide secrets please participate in the discussion there!

Daniel Dyla · Answer 3 · Tue Jul 05 2022 21:09:52 GMT+0800 (China Standard Time)

I also think a fail-fast strategy is a good one. I didn't suggest it initially because I didn't know how conservative the collector SIG tends to be about those types of breaks. One possible midway solution is to have a strict mode which would toggle behavior between warn and failure

edit: a strict mode may also allow other similar enhancements such as failing to start up when an unknown config key is present which may catch typos in some cases

Pablo Baeyens · Answer 4 · Wed Jul 06 2022 23:19:25 GMT+0800 (China Standard Time)

failing to start up when an unknown config key is present which may catch typos in some cases

We already do this by default, so it makes all the more sense to be consistent with environment variables :) If I find some time this week I will try to address this

Pablo Baeyens · Answer 5 · Fri Aug 05 2022 16:07:34 GMT+0800 (China Standard Time)

I started making a PoC for raising a warning (and failing if enabled through a feature gate) on #5734. Since the logger is not available when loading the configuration, we have to signal the need to log a warning in some way. On the PR, I did this with a special error type ('NonFatalError') that needs to be handled by all configuration-related functions.

There are other alternatives, like changing providers/converters signature to return some sort of 'diagnostics' struct that includes any warnings, or giving up on logging a warning altogether.

@open-telemetry/collector-approvers What do you think is the best approach?

Pablo Baeyens · Answer 6 · Fri Feb 03 2023 20:12:32 GMT+0800 (China Standard Time)

I am adding this to the confmap milestone, we need to discuss if we want to change the behavior or if we want to make any changes on the Go API to allow for non fatal errors before reaching 1.0.

Anthony Mirabella · Answer 7 · Tue Feb 07 2023 09:31:00 GMT+0800 (China Standard Time)

Not a fan if the idea of failing if environment expansion encounters an unset value. That may or may not be an error as a user may wish to use that to add context to a value rather than be the only content of a value. Logging that a replacement failed makes sense and would be a good addition.

Pablo Baeyens · Answer 8 · Fri Feb 10 2023 23:55:20 GMT+0800 (China Standard Time)

[failing if environment expansion encounters an unset value] may or may not be an error as a user may wish to use that to add context to a value rather than be the only content of a value.

Would it be possible to support that through support for setting a default value if unset? (Not sure if we should do that, I am just trying to understand your point here)

Anthony Mirabella · Answer 9 · Sat Feb 11 2023 00:28:33 GMT+0800 (China Standard Time)

[failing if environment expansion encounters an unset value] may or may not be an error as a user may wish to use that to add context to a value rather than be the only content of a value.

Would it be possible to support that through support for setting a default value if unset? (Not sure if we should do that, I am just trying to understand your point here)

Maybe, but in that case I'd argue that the default default value should be an empty string which takes us right back to where we are today.

Antoine Toulme · Answer 10 · Thu Mar 14 2024 00:31:42 GMT+0800 (China Standard Time)

This was discussed in SIG meeting 3/13 as part of the open-telemetry/opentelemetry-collector-contrib#9984 issue review.

Tyler Helmuth · Answer 11 · Fri Apr 19 2024 03:36:49 GMT+0800 (China Standard Time)

@mx-psi is this closed by #9837

Pablo Baeyens · Answer 12 · Fri Apr 19 2024 18:39:50 GMT+0800 (China Standard Time)

@TylerHelmuth No, because the logger is noop. We need to pass a functioning logger, which is still a WIP