Conversation
exporters/common/src/main/java/io/opentelemetry/exporter/internal/grpc/GrpcExporterBuilder.java
Outdated
Show resolved
Hide resolved
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #8224 +/- ##
============================================
- Coverage 90.31% 90.27% -0.04%
- Complexity 7652 7683 +31
============================================
Files 843 847 +4
Lines 23087 23160 +73
Branches 2312 2339 +27
============================================
+ Hits 20851 20908 +57
- Misses 1517 1526 +9
- Partials 719 726 +7 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
exporters/common/src/main/java/io/opentelemetry/exporter/internal/grpc/GrpcExporterBuilder.java
Show resolved
Hide resolved
...ender/jdk/src/test/java/io/opentelemetry/exporter/sender/jdk/internal/JdkHttpSenderTest.java
Show resolved
Hide resolved
| @Nullable RetryPolicy retryPolicy, | ||
| @Nullable ExecutorService executorService) { | ||
| @Nullable ExecutorService executorService, | ||
| long maxResponseBodySize) { |
There was a problem hiding this comment.
JaegerRemoteSamplerBuilder.setMaxSamplingStrategyResponseBodySize validates bytes > 0. But the sender constructors (JdkHttpSender, OkHttpHttpSender, OkHttpGrpcSender) accept any long without
validation. A caller can bypass the guard by constructing a sender directly with 0 or -1. Consider adding the validation at the sender level too, or document the expected invariant.
There was a problem hiding this comment.
All the sender constructors are internal, and have a bunch of other unvalidated parameters which could be equally corrupted if a user goes around the guards. There's a conversation here discussing where to add additional null checks beyond the guarantees from nullaway. I think we should adopt a policy of adding additional null checks at the API boundaries, but trusting nullaway once we're within the walled garden of internal code. The same would apply to parameter validation, I think.
There was a problem hiding this comment.
Well... setting directly to a low value like -1 or 0 will effectively bloc data export...
see:
if (bodyBytes.length > maxResponseBodySize) {
throw new ResponseBodyTooLargeException(
"HTTP response body exceeded limit of " + maxResponseBodySize + " bytes");
}
All bodies will be bigger that that.
.../okhttp/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/OkHttpHttpSender.java
Outdated
Show resolved
Hide resolved
...rs/sender/jdk/src/main/java/io/opentelemetry/exporter/sender/jdk/internal/JdkHttpSender.java
Show resolved
Hide resolved
| * Sets the maximum number of bytes to read from a sampling strategy response body. If unset, | ||
| * defaults to 4 MiB. Must be positive. | ||
| */ | ||
| public JaegerRemoteSamplerBuilder setMaxSamplingStrategyResponseBodySize(long bytes) { |
There was a problem hiding this comment.
GrpcExporterBuilder and HttpExporterBuilder hardcode 4MB with no setter. Only JaegerRemoteSamplerBuilder exposes a public setter. If a user wants to tighten the OTLP limit (say, to 64KB since responses are tiny), they can't. Worth a deliberate decision: intentionally omit setters for OTLP (since responses are well-known small), or add them for consistency?
There was a problem hiding this comment.
I omitted them in OTLP for now because we don't do anything with them and a 4mb limit is an improvement on the current no limit.
In contrast, for JaegerRemoteSampler, the default body size reduction is a change in behavior which could be meaningful so adding the setter seems essential.
…y-java into response-body-bounds
…alue GrpcResponse, HttpResponse
|
I had an oversight where I was enforcing the size limit against the response pre-decompression. This means that a response payload at the limit of 4mb, could decompress to a much larger size and have a big impact on memory. Fixing this means more complexity, including new enforcement that we only support gzip compressed resposnes. This issue has turned in quite the rabbit hole. On the bright side, there's pretty good abstract tests in AbstractHttpTelemetryExporterTest / AbstractGrpcTelemetryExporterTest that verify that all the sender implementations are doing the right thing. |
There was a problem hiding this comment.
Pull request overview
Adds response-body size bounding (default 4 MiB) to HTTP/gRPC sender configurations and updates sender implementations/tests to enforce the limit and handle gzip-encoded responses, aligning behavior with the spec guidance (HTTP: fail w/ exception; gRPC: fail w/ RESOURCE_EXHAUSTED).
Changes:
- Introduce
getMaxResponseBodySize()onHttpSenderConfig/GrpcSenderConfig(default 4 MiB) and document sender expectations. - Enforce bounded response reads (and gzip handling) in OkHttp and JDK senders; add Jaeger Remote Sampler builder option for sampling strategy response size.
- Extend OTLP exporter test infrastructure to generate oversized responses and validate failure behavior (including gzip cases).
Reviewed changes
Copilot reviewed 36 out of 36 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| sdk/common/src/main/java/io/opentelemetry/sdk/common/export/HttpSenderConfig.java | Adds configurable max response body size (default 4 MiB). |
| sdk/common/src/main/java/io/opentelemetry/sdk/common/export/HttpSender.java | Documents max-sized response body expectation. |
| sdk/common/src/main/java/io/opentelemetry/sdk/common/export/GrpcSenderConfig.java | Adds configurable max response body size (default 4 MiB). |
| sdk/common/src/main/java/io/opentelemetry/sdk/common/export/GrpcSender.java | Documents max-sized response message expectation. |
| sdk-extensions/jaeger-remote-sampler/.../JaegerRemoteSamplerBuilder.java | Adds sampler-specific response body size setting and wires into sender config. |
| exporters/sender/okhttp/.../OkHttpHttpSuppressionTest.java | Updates constructor usage with new max-size param. |
| exporters/sender/okhttp/.../OkHttpGrpcSuppressionTest.java | Updates constructor usage with new max-size param. |
| exporters/sender/okhttp/.../OkHttpGrpcSenderTest.java | Updates constructor usage with new max-size param. |
| exporters/sender/okhttp/.../OkHttpHttpSenderProvider.java | Passes max response body size into sender. |
| exporters/sender/okhttp/.../OkHttpHttpSender.java | Enforces bounded response reads + gzip handling. |
| exporters/sender/okhttp/.../OkHttpGrpcSenderProvider.java | Passes max response body size into sender. |
| exporters/sender/okhttp/.../OkHttpGrpcSender.java | Enforces bounded response reads + gzip handling for gRPC framing. |
| exporters/sender/okhttp/.../ImmutableHttpResponse.java | Introduces AutoValue HTTP response wrapper for OkHttp sender. |
| exporters/sender/okhttp/.../ImmutableGrpcResponse.java | Introduces AutoValue gRPC response wrapper for OkHttp sender. |
| exporters/sender/okhttp/build.gradle.kts | Adds AutoValue annotation processor. |
| exporters/sender/jdk/.../JdkHttpSenderTest.java | Updates constructor usage with new max-size param. |
| exporters/sender/jdk/.../JdkHttpSenderProvider.java | Passes max response body size into sender. |
| exporters/sender/jdk/.../JdkHttpSender.java | Enforces bounded response reads + gzip handling using JDK HttpClient. |
| exporters/sender/jdk/.../ImmutableHttpResponse.java | Introduces AutoValue HTTP response wrapper for JDK sender. |
| exporters/sender/jdk/build.gradle.kts | Adds AutoValue annotation processor. |
| exporters/sender/grpc-managed-channel/.../UpstreamGrpcSender.java | Minor import cleanup; sender is relevant for new response-bound feature. |
| exporters/sender/grpc-managed-channel/.../ImmutableGrpcResponse.java | Moves/adjusts internal ImmutableGrpcResponse type. |
| exporters/sender/grpc-managed-channel/build.gradle.kts | Adds AutoValue annotation processor. |
| exporters/otlp/testing-internal/.../TelemetryExporter.java | Adds ability for tests to generate response messages of a minimum size. |
| exporters/otlp/testing-internal/.../ManagedChannelTelemetryExporterBuilder.java | Sets max inbound message size and forwards new test helper method. |
| exporters/otlp/testing-internal/.../AbstractHttpTelemetryExporterTest.java | Adds HTTP response-bound and content-encoding tests. |
| exporters/otlp/testing-internal/.../AbstractGrpcTelemetryExporterTest.java | Adds gRPC response-bound and encoding tests. |
| exporters/otlp/profiles/.../OtlpGrpcProfileExporterTest.java | Updates test helper naming (addGrpcResponse). |
| exporters/otlp/all/.../OltpExporterBenchmark.java | Updates OkHttp sender construction for new max-size parameter. |
| exporters/common/src/test/.../GrpcExporterTest.java | Updates test to avoid depending on internal ImmutableGrpcResponse. |
| exporters/common/.../ImmutableHttpSenderConfig.java | Wires max response body size into HttpSenderConfig AutoValue config. |
| exporters/common/.../HttpExporterBuilder.java | Hardcodes 4 MiB bound for OTLP HTTP exporters for now. |
| exporters/common/.../ImmutableGrpcSenderConfig.java | Wires max response body size into GrpcSenderConfig AutoValue config. |
| exporters/common/.../GrpcExporterBuilder.java | Hardcodes 4 MiB bound for OTLP gRPC exporters for now. |
| docs/apidiffs/.../opentelemetry-sdk-extension-jaeger-remote-sampler.txt | Records new Jaeger builder API. |
| docs/apidiffs/.../opentelemetry-sdk-common.txt | Records new sender config APIs. |
Comments suppressed due to low confidence (1)
exporters/sender/grpc-managed-channel/src/main/java/io/opentelemetry/exporter/sender/grpc/managedchannel/internal/ImmutableGrpcResponse.java:23
@AutoValuerequires accessor methods for all properties. This class only declaresgetResponseMessage(), butGrpcResponsealso requiresgetStatusCode()andgetStatusDescription(). As written, AutoValue will not generate a type compatible with thecreate(statusCode, statusDescription, responseMessage)factory (compile error). Add abstract accessors for status code and description (and override them) so AutoValue can generate the correct implementation.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
...tp/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/ImmutableHttpResponse.java
Show resolved
Hide resolved
...tp/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/ImmutableGrpcResponse.java
Show resolved
Hide resolved
...r/jdk/src/main/java/io/opentelemetry/exporter/sender/jdk/internal/ImmutableHttpResponse.java
Show resolved
Hide resolved
.../okhttp/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/OkHttpGrpcSender.java
Show resolved
Hide resolved
...n/java/io/opentelemetry/exporter/sender/grpc/managedchannel/internal/UpstreamGrpcSender.java
Show resolved
Hide resolved
.../java/io/opentelemetry/exporter/otlp/testing/internal/AbstractHttpTelemetryExporterTest.java
Show resolved
Hide resolved
.../java/io/opentelemetry/exporter/otlp/testing/internal/AbstractGrpcTelemetryExporterTest.java
Show resolved
Hide resolved
|
Thanks @jack-berg. |
Add new max response body size parameter to sender config, defaulting to 4mb.
Per the spec, if a response exceeding the limit is received:
For OTLP exporters, the body size is not configurable, since we don't do anything with the response today. If adding this 4mb limit causes new exceptions for users, we can add a config option to allow it to be increased.
For JaegerRemoteSampler, a new programmatic config option is added because the responses are critical to the function of the sampler.
cc @brunobat you'll want to update the vertex sender to incorporate this new option.