From f4c9f744523d583ad5599b86dae6a33743ff60ff Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Fri, 13 Feb 2026 12:33:14 -0800 Subject: [PATCH 1/2] Add declarative config support for sensitive_query_parameters --- .../config/InstrumentationConfigUtil.java | 16 ++++++++++++++ .../config/InstrumentationConfigUtilTest.java | 22 +++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/api/incubator/src/main/java/io/opentelemetry/api/incubator/config/InstrumentationConfigUtil.java b/api/incubator/src/main/java/io/opentelemetry/api/incubator/config/InstrumentationConfigUtil.java index 4ec91325f46..183f129c351 100644 --- a/api/incubator/src/main/java/io/opentelemetry/api/incubator/config/InstrumentationConfigUtil.java +++ b/api/incubator/src/main/java/io/opentelemetry/api/incubator/config/InstrumentationConfigUtil.java @@ -115,6 +115,22 @@ public static List httpServerResponseCapturedHeaders(ConfigProvider conf "server"); } + /** + * Return {@code .instrumentation.general.sanitization.url.sensitive_query_parameters}, or null if + * none is configured. + * + * @throws DeclarativeConfigException if an unexpected type is encountered accessing the property + */ + @Nullable + public static List sensitiveQueryParameters(ConfigProvider configProvider) { + return getOrNull( + configProvider, + config -> config.getScalarList("sensitive_query_parameters", String.class), + "general", + "sanitization", + "url"); + } + /** * Return {@code .instrumentation.java.}, or null if none is configured. * diff --git a/api/incubator/src/test/java/io/opentelemetry/api/incubator/config/InstrumentationConfigUtilTest.java b/api/incubator/src/test/java/io/opentelemetry/api/incubator/config/InstrumentationConfigUtilTest.java index 9048d744d36..9f47127019f 100644 --- a/api/incubator/src/test/java/io/opentelemetry/api/incubator/config/InstrumentationConfigUtilTest.java +++ b/api/incubator/src/test/java/io/opentelemetry/api/incubator/config/InstrumentationConfigUtilTest.java @@ -46,6 +46,13 @@ class InstrumentationConfigUtilTest { + " response_captured_headers:\n" + " - server-response-header1\n" + " - server-response-header2\n" + + " sanitization:\n" + + " url:\n" + + " sensitive_query_parameters:\n" + + " - AWSAccessKeyId\n" + + " - Signature\n" + + " - sig\n" + + " - X-Goog-Signature\n" + " java:\n" + " example:\n" + " property: \"value\""; @@ -58,6 +65,8 @@ class InstrumentationConfigUtilTest { toConfigProvider("instrumentation/development:\n general:\n"); private static final ConfigProvider emptyHttpConfigProvider = toConfigProvider("instrumentation/development:\n general:\n http:\n"); + private static final ConfigProvider emptySanitizationConfigProvider = + toConfigProvider("instrumentation/development:\n general:\n sanitization:\n"); private static ConfigProvider toConfigProvider(String configYaml) { return SdkConfigProvider.create( @@ -140,6 +149,19 @@ void httpServerResponseCapturedHeaders() { .isNull(); } + @Test + void sensitiveQueryParameters() { + assertThat(InstrumentationConfigUtil.sensitiveQueryParameters(kitchenSinkConfigProvider)) + .isEqualTo(Arrays.asList("AWSAccessKeyId", "Signature", "sig", "X-Goog-Signature")); + assertThat( + InstrumentationConfigUtil.sensitiveQueryParameters(emptyInstrumentationConfigProvider)) + .isNull(); + assertThat(InstrumentationConfigUtil.sensitiveQueryParameters(emptyGeneralConfigProvider)) + .isNull(); + assertThat(InstrumentationConfigUtil.sensitiveQueryParameters(emptySanitizationConfigProvider)) + .isNull(); + } + @Test void javaInstrumentationConfig() { assertThat( From 55cbbb6f01a7b98308b40efcd5b18e252350f465 Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Wed, 18 Feb 2026 13:55:21 -0800 Subject: [PATCH 2/2] Change from returning null to returning default --- .../config/InstrumentationConfigUtil.java | 98 ++++++++++--------- .../config/InstrumentationConfigUtilTest.java | 30 +++--- 2 files changed, 68 insertions(+), 60 deletions(-) diff --git a/api/incubator/src/main/java/io/opentelemetry/api/incubator/config/InstrumentationConfigUtil.java b/api/incubator/src/main/java/io/opentelemetry/api/incubator/config/InstrumentationConfigUtil.java index 183f129c351..845ac38438d 100644 --- a/api/incubator/src/main/java/io/opentelemetry/api/incubator/config/InstrumentationConfigUtil.java +++ b/api/incubator/src/main/java/io/opentelemetry/api/incubator/config/InstrumentationConfigUtil.java @@ -5,7 +5,11 @@ package io.opentelemetry.api.incubator.config; +import static java.util.Collections.emptyList; + import com.fasterxml.jackson.databind.ObjectMapper; +import java.util.Arrays; +import java.util.Collections; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; @@ -18,6 +22,10 @@ */ public class InstrumentationConfigUtil { + private static final List DEFAULT_SENSITIVE_QUERY_PARAMETERS = + Collections.unmodifiableList( + Arrays.asList("AWSAccessKeyId", "Signature", "sig", "X-Goog-Signature")); + /** * Return a map representation of the peer service map entries in {@code * .instrumentation.general.peer.service_mapping}, or null if none is configured. @@ -52,83 +60,80 @@ public static Map peerServiceMapping(ConfigProvider configProvid } /** - * Return {@code .instrumentation.general.http.client.request_captured_headers}, or null if none - * is configured. + * Return {@code .instrumentation.general.http.client.request_captured_headers}, or empty list if + * none is configured. * * @throws DeclarativeConfigException if an unexpected type is encountered accessing the property */ - @Nullable public static List httpClientRequestCapturedHeaders(ConfigProvider configProvider) { - return getOrNull( - configProvider, - config -> config.getScalarList("request_captured_headers", String.class), - "general", - "http", - "client"); + return configProvider + .getInstrumentationConfig() + .get("general") + .get("http") + .get("client") + .getScalarList("request_captured_headers", String.class, emptyList()); } /** - * Return {@code .instrumentation.general.http.client.response_captured_headers}, or null if none - * is configured. + * Return {@code .instrumentation.general.http.client.response_captured_headers}, or empty list if + * none is configured. * * @throws DeclarativeConfigException if an unexpected type is encountered accessing the property */ - @Nullable public static List httpClientResponseCapturedHeaders(ConfigProvider configProvider) { - return getOrNull( - configProvider, - config -> config.getScalarList("response_captured_headers", String.class), - "general", - "http", - "client"); + return configProvider + .getInstrumentationConfig() + .get("general") + .get("http") + .get("client") + .getScalarList("response_captured_headers", String.class, emptyList()); } /** - * Return {@code .instrumentation.general.http.server.request_captured_headers}, or null if none - * is configured. + * Return {@code .instrumentation.general.http.server.request_captured_headers}, or empty list if + * none is configured. * * @throws DeclarativeConfigException if an unexpected type is encountered accessing the property */ - @Nullable public static List httpServerRequestCapturedHeaders(ConfigProvider configProvider) { - return getOrNull( - configProvider, - config -> config.getScalarList("request_captured_headers", String.class), - "general", - "http", - "server"); + return configProvider + .getInstrumentationConfig() + .get("general") + .get("http") + .get("server") + .getScalarList("request_captured_headers", String.class, emptyList()); } /** - * Return {@code .instrumentation.general.http.server.response_captured_headers}, or null if none - * is configured. + * Return {@code .instrumentation.general.http.server.response_captured_headers}, or empty list if + * none is configured. * * @throws DeclarativeConfigException if an unexpected type is encountered accessing the property */ - @Nullable public static List httpServerResponseCapturedHeaders(ConfigProvider configProvider) { - return getOrNull( - configProvider, - config -> config.getScalarList("response_captured_headers", String.class), - "general", - "http", - "server"); + return configProvider + .getInstrumentationConfig() + .get("general") + .get("http") + .get("server") + .getScalarList("response_captured_headers", String.class, emptyList()); } /** - * Return {@code .instrumentation.general.sanitization.url.sensitive_query_parameters}, or null if - * none is configured. + * Return {@code .instrumentation.general.sanitization.url.sensitive_query_parameters}, or the + * default list (currently {@code AWSAccessKeyId}, {@code Signature}, {@code sig}, {@code + * X-Goog-Signature}) if none is configured. * * @throws DeclarativeConfigException if an unexpected type is encountered accessing the property */ - @Nullable public static List sensitiveQueryParameters(ConfigProvider configProvider) { - return getOrNull( - configProvider, - config -> config.getScalarList("sensitive_query_parameters", String.class), - "general", - "sanitization", - "url"); + return configProvider + .getInstrumentationConfig() + .get("general") + .get("sanitization") + .get("url") + .getScalarList( + "sensitive_query_parameters", String.class, DEFAULT_SENSITIVE_QUERY_PARAMETERS); } /** @@ -149,7 +154,10 @@ public static DeclarativeConfigProperties javaInstrumentationConfig( * {@code segments}, or if {@code accessor} returns null. * *

See other methods in {@link InstrumentationConfigUtil} for usage examples. + * + * @deprecated Use {@link DeclarativeConfigProperties#get(String)} to walk segments. */ + @Deprecated @Nullable public static T getOrNull( ConfigProvider configProvider, diff --git a/api/incubator/src/test/java/io/opentelemetry/api/incubator/config/InstrumentationConfigUtilTest.java b/api/incubator/src/test/java/io/opentelemetry/api/incubator/config/InstrumentationConfigUtilTest.java index 9f47127019f..c16f1f54c49 100644 --- a/api/incubator/src/test/java/io/opentelemetry/api/incubator/config/InstrumentationConfigUtilTest.java +++ b/api/incubator/src/test/java/io/opentelemetry/api/incubator/config/InstrumentationConfigUtilTest.java @@ -93,12 +93,12 @@ void httpClientRequestCapturedHeaders() { assertThat( InstrumentationConfigUtil.httpClientRequestCapturedHeaders( emptyInstrumentationConfigProvider)) - .isNull(); + .isEmpty(); assertThat( InstrumentationConfigUtil.httpClientRequestCapturedHeaders(emptyGeneralConfigProvider)) - .isNull(); + .isEmpty(); assertThat(InstrumentationConfigUtil.httpClientRequestCapturedHeaders(emptyHttpConfigProvider)) - .isNull(); + .isEmpty(); } @Test @@ -109,12 +109,12 @@ void httpClientResponseCapturedHeaders() { assertThat( InstrumentationConfigUtil.httpClientResponseCapturedHeaders( emptyInstrumentationConfigProvider)) - .isNull(); + .isEmpty(); assertThat( InstrumentationConfigUtil.httpClientResponseCapturedHeaders(emptyGeneralConfigProvider)) - .isNull(); + .isEmpty(); assertThat(InstrumentationConfigUtil.httpClientResponseCapturedHeaders(emptyHttpConfigProvider)) - .isNull(); + .isEmpty(); } @Test @@ -125,12 +125,12 @@ void httpServerRequestCapturedHeaders() { assertThat( InstrumentationConfigUtil.httpServerRequestCapturedHeaders( emptyInstrumentationConfigProvider)) - .isNull(); + .isEmpty(); assertThat( InstrumentationConfigUtil.httpServerRequestCapturedHeaders(emptyGeneralConfigProvider)) - .isNull(); + .isEmpty(); assertThat(InstrumentationConfigUtil.httpServerRequestCapturedHeaders(emptyHttpConfigProvider)) - .isNull(); + .isEmpty(); } @Test @@ -141,12 +141,12 @@ void httpServerResponseCapturedHeaders() { assertThat( InstrumentationConfigUtil.httpServerResponseCapturedHeaders( emptyInstrumentationConfigProvider)) - .isNull(); + .isEmpty(); assertThat( InstrumentationConfigUtil.httpServerResponseCapturedHeaders(emptyGeneralConfigProvider)) - .isNull(); + .isEmpty(); assertThat(InstrumentationConfigUtil.httpServerResponseCapturedHeaders(emptyHttpConfigProvider)) - .isNull(); + .isEmpty(); } @Test @@ -155,11 +155,11 @@ void sensitiveQueryParameters() { .isEqualTo(Arrays.asList("AWSAccessKeyId", "Signature", "sig", "X-Goog-Signature")); assertThat( InstrumentationConfigUtil.sensitiveQueryParameters(emptyInstrumentationConfigProvider)) - .isNull(); + .isEqualTo(Arrays.asList("AWSAccessKeyId", "Signature", "sig", "X-Goog-Signature")); assertThat(InstrumentationConfigUtil.sensitiveQueryParameters(emptyGeneralConfigProvider)) - .isNull(); + .isEqualTo(Arrays.asList("AWSAccessKeyId", "Signature", "sig", "X-Goog-Signature")); assertThat(InstrumentationConfigUtil.sensitiveQueryParameters(emptySanitizationConfigProvider)) - .isNull(); + .isEqualTo(Arrays.asList("AWSAccessKeyId", "Signature", "sig", "X-Goog-Signature")); } @Test