Skip to content

Centralized way to configure custom instrumentation#1960

Merged
antonpirker merged 15 commits intomasterfrom
antonpirker/instrumentation-list
Mar 28, 2023
Merged

Centralized way to configure custom instrumentation#1960
antonpirker merged 15 commits intomasterfrom
antonpirker/instrumentation-list

Conversation

@antonpirker
Copy link
Copy Markdown
Contributor

@antonpirker antonpirker commented Mar 16, 2023
edited by HazAT
Loading

Have a list of functions that can be passed to "sentry_sdk.init()". When the SDK starts it goes through the list and instruments all the functions in the list.

functions_to_trace = [
    {"qualified_name": "tests.test_basics._hello_world_counter"},
    {"qualified_name": "time.sleep"},
    {"qualified_name": "collections.Counter.most_common"},
]

sentry_sdk.init(
    dsn="...",
    traces_sample_rate=1.0,
    functions_to_trace=functions_to_trace,
)

Fixes #1963
Docs: getsentry/sentry-docs#6520
Fixes getsentry/team-webplatform-meta#19

@antonpirker antonpirker marked this pull request as draft March 16, 2023 12:22
@antonpirker antonpirker marked this pull request as ready for review March 17, 2023 10:20
sl0thentr0py
sl0thentr0py reviewed Mar 20, 2023
View reviewed changes
sentry_sdk/client.py
# ex: "mymodule.submodule.MyClassName.member_function"

module_name, class_name = module_name.rsplit(".", 1)
module_obj = import_module(module_name)
Copy link
Copy Markdown
Member

@sl0thentr0py sl0thentr0py Mar 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this import_module is a lot of magic, because

  • you might accidentally run user code that was not supposed to run just because sentry needs to know what's in that namespace
  • is also a potential security issue / injection vector since you're letting users specify arbitrary modules and then actually performing IO on them. This is basically an eval call and we should be very careful of introducing such things in our codebase.

Copy link
Copy Markdown
Contributor Author

@antonpirker antonpirker Mar 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, true. If there is code executed on module load it could be have unintentional behavior.

But this optional and is only active when functions_to_trace is set.

What if we point out this concerns in the documentation, so people know about them when activating this feature?

Copy link
Copy Markdown
Contributor Author

@antonpirker antonpirker Mar 21, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mitsuhiko can I get your opinion on this? Should we avoid putting import_module in the SDK (although it needs to be enabled by default)?

Copy link
Copy Markdown
Contributor

@mitsuhiko mitsuhiko Mar 21, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’m okay with importing from strings. But I can’t say about the feature as such.

Copy link
Copy Markdown
Contributor Author

@antonpirker antonpirker Mar 21, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you saying you can not say anything about the feature, or are you saying that you are not okay with the feature @mitsuhiko ?

Copy link
Copy Markdown
Contributor Author

@antonpirker antonpirker Mar 21, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(On another note, @mdtro (Matthew T) said in slack: A note in the documentation is sufficient, imo. The list should be static or loaded from a secure source (no user or untrusted input).)

@antonpirker antonpirker self-assigned this Mar 21, 2023
@antonpirker
Copy link
Copy Markdown
Contributor Author

antonpirker commented Mar 23, 2023

Documentation for this feature is here: getsentry/sentry-docs#6520

@antonpirker antonpirker mentioned this pull request Mar 23, 2023
Merged
@antonpirker antonpirker enabled auto-merge (squash) March 28, 2023 06:20
@antonpirker antonpirker merged commit dc730ed into master Mar 28, 2023
@antonpirker antonpirker deleted the antonpirker/instrumentation-list branch March 28, 2023 06:33
@davidgrohmann
Copy link
Copy Markdown

davidgrohmann commented May 18, 2023

@antonpirker FYI the docs in getsentry/sentry-docs#6520 do not match your implementation in this PR
docs state that functions_to_trace is a list of strings, but you are expecting a list of dictionaries each with a "qualified_name" field

https://docs.sentry.io/platforms/python/performance/instrumentation/custom-instrumentation/?original_referrer=https%3A%2F%2Fwww.google.com%2F#define-span-creation-in-a-central-place

@rcmarron rcmarron mentioned this pull request May 24, 2023
Merged
@sentrivana
Copy link
Copy Markdown
Contributor

sentrivana commented May 25, 2023

Hey @davidgrohmann, thanks for pointing that out. I'll fix the docs.

@sentrivana sentrivana mentioned this pull request May 25, 2023
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HazAT HazAT HazAT approved these changes

@sl0thentr0py sl0thentr0py Awaiting requested review from sl0thentr0py

+1 more reviewer

@mitsuhiko mitsuhiko mitsuhiko left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@antonpirker antonpirker

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Central place to configure custom instrumentation QoL SDK API Improvments

6 participants

@antonpirker @davidgrohmann @sentrivana @mitsuhiko @HazAT @sl0thentr0py