Update GraphQL Recommended vs Opt-In requirements#3118
Update GraphQL Recommended vs Opt-In requirements#3118trask merged 3 commits intoopen-telemetry:mainfrom
Conversation
|
Note you will have to change the model file, and then generate the update commands. The markdown is not to be modified manually. Also, consider adding a note to the opt_in explaining the rationaly. See an example here: semantic-conventions/model/http/spans.yaml Line 130 in 2e68756 |
abernix
force-pushed
the
abernix/graphql-spec-requirements
branch
from
9b4c12a to
05695a8
Compare
github-actions
Bot
added
enhancement
|
This PR contains changes to area(s) that do not have an active SIG/project and will be auto-closed:
Such changes may be rejected or put on hold until a new SIG/project is established. Please refer to the Semantic Convention Areas |
Thanks! And sorry, I realized that just after I opened it and shortly after I signed the CLA, which was the first thing I wanted to tackle. I'm not sure why this PR was just auto-closed though — do you have suggestions on that @joaopgrassi ? |
|
@joaopgrassi It looks like some relatively new automation auto-closed this, so ping again on the above if you get a chance. I guess this needs |
|
This PR contains changes to area(s) that do not have an active SIG/project and will be auto-closed:
Such changes may be rejected or put on hold until a new SIG/project is established. Please refer to the Semantic Convention Areas |
1 similar comment
|
This PR contains changes to area(s) that do not have an active SIG/project and will be auto-closed:
Such changes may be rejected or put on hold until a new SIG/project is established. Please refer to the Semantic Convention Areas |
|
This PR has been labeled as stale due to lack of activity. It will be automatically closed if there is no further activity over the next 7 days. |
|
Unfortunately, this fell stale over the holidays (I went on actual holiday! 😆 ). I'd like to revisit it and get it in shape if that's still possible. |
lmolkova
moved this from Untriaged
to Awaiting codeowners approval
in Semantic Conventions Triage
|
This PR has been labeled as stale due to lack of activity. It will be automatically closed if there is no further activity over the next 7 days. |
|
Sorry auto-close bot — I'll be back soon, I promise! |
Directs the SHOULD at instrumentation authors rather than application developers, per reviewer feedback -- the spec has no authority over app developers. Ref: open-telemetry#3118 (comment)
|
Ok, appreciate the patience. I believe this is is ready for review again. |
|
This PR has been labeled as stale due to lack of activity. It will be automatically closed if there is no further activity over the next 7 days. |
|
@joaopgrassi Is it possible to get this reviewed again? @lmolkova I think I addressed your feedback. Thanks! |
lmolkova
moved this from Awaiting codeowners approval
to Needs More Approval
in Semantic Conventions Triage
|
Is there anything else I need to do to help here? |
trask
moved this from Needs More Approval
to Ready to be Merged
in Semantic Conventions Triage
|
@abernix not sure what is wrong with the action, maybe you can try rebasing/squashing the commits to see if it gets happy again? It seems your PR is not allowed for maintainers to change it, so I can't push to it. |
Co-authored-by: Joao Grassi <[email protected]>
Directs the SHOULD at instrumentation authors rather than application developers, per reviewer feedback -- the spec has no authority over app developers. Ref: open-telemetry#3118 (comment)
abernix
force-pushed
the
abernix/graphql-spec-requirements
branch
from
4130511 to
6a33e77
Compare
|
@joaopgrassi Hmm, I rebased and pushed and it still is failing. I don't think it's related to my branch at all — it looks like an issue with the workflow that would affect any fork I think it's something like this: To figure out what files changed, Perhaps one fix would be adding |
|
I don't meant to claim understand what it means, but I will note that the failing CI check is not a "Required" check. |
0c84c2f
5 participants
Fixes #2985
Changes
Changes the firmness for
graphql.documentfromRecommendedtoOpt-In.Context
The
graphql.documentis user-inputted, often contains sensitive information, is potentially unbounded in length and is also high-cardinality in the same way as the existinggraphql.operation.name(which is already warned about).Put another way,
graphql.documentis a general liability to have listed asRecommendedwithout serious infrastructure considerations and needs. This makes it a better candidate for being anOpt-Inattribute. In our customer adoption of OpenTelemetry and GraphQL, we've found GraphQL customers following this configuration/instruction purely based on its naming in this (still, experimental) specification and not understanding the implications (or just not thinking them through).In most all cases, the lesser liability of
graphql.operation.name(The actual operation name) is sufficient, as in many GraphQL deployments there is a link between the two which can be correlated out of band (e.g., client code-bases, operation manifests, etc.). While the operation name isn't without its risk, but it's more likely to be dozens of bytes of a limited character set rather than dozens, hundreds or potentially thousands of kilobytes. In that regard, it's reasonable thatgraphql.operation.namebe left asRecommendedfor user experience (though the argument could easily be made that it should also beOpt-In).Merge requirement checklist
[chore]