Skip to content

opentelemetry-instrumentation-openai-v2: scrub cookie from tests #2993

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 12, 2024
Merged

opentelemetry-instrumentation-openai-v2: scrub cookie from tests #2993

merged 2 commits into from
Nov 12, 2024

Conversation

@codefromthecrypt
Copy link
Contributor

@codefromthecrypt codefromthecrypt commented Nov 11, 2024
edited
Loading

Description

This scrubs test data and rewords token replacements corresponding to canonical ENV variables.

Before, we had inconsistent test data where most sensitive properties were scrubbed, but not all. The main thing this does is scrub out the request cookie, so that folks don't accidentally leak it in new PRs. After that, it helps clarify the source of sensitive data by making the replacement tokens match naming conventions of OpenAI ENV variables.

Also, before we scrubbed "api-key", but that is only set when using AzureClient, which this package doesn't use, yet. When it does, we should probably scrub more (as the URLs include sensitive project-specific details). If we end up supporting AzureClient, I can help in the scrub config for that.

Noticed the cookie problem in #2984
See https://github.com/openai/openai-python/blob/646a579cdb305a9d3fba6c5f9a96011c5e2c2882/src/openai/_client.py#L98-L100

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

I deleted all test yaml and ran the test two ways to make sure it recreates correctly, with no cookies in the yaml

  • tox -e py312-test-instrumentation-openai-v2-0
  • tox -e py312-test-instrumentation-openai-v2-1

Does This PR Require a Core Repo Change?

  • Yes. - Link to PR:
  • No.

Checklist:

See contributing.md for styleguide, changelog guidelines, and more.

  • Followed the style guidelines of this project
  • Changelogs have been updated
  • Unit tests have been added
  • Documentation has been updated

@codefromthecrypt
opentelemetry-instrumentation-openai-v2: scrub cookie from tests
0c435ce 
This scrubs test data and rewords token replacements corresponding to
canonical ENV variables.o

Before, we had inconsistent test data where most sensitive properties
were set, but not all. Also, we scrubbed "api-key", but that is only set
when using `AzureClient`, which this package doesn't use, yet. When it
does, we should probably scrub more.

The main thing this does is scrub out the request cookie, so that folks
don't accidentally leak it in new PRs. After that, it helps clarify the
source of sensitive data by making the replacement tokens match naming
conventions of OpenAI ENV variables.

See https://github.com/openai/openai-python/blob/646a579cdb305a9d3fba6c5f9a96011c5e2c2882/src/openai/_client.py#L98-L100

Signed-off-by: Adrian Cole <[email protected]>
@codefromthecrypt codefromthecrypt requested a review from a team as a code owner November 11, 2024 23:54
codefromthecrypt
codefromthecrypt commented Nov 11, 2024
View reviewed changes
Copy link
Contributor Author

@codefromthecrypt codefromthecrypt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

notes

@codefromthecrypt codefromthecrypt mentioned this pull request Nov 11, 2024
Merged
8 tasks
@alizenhom
Copy link
Contributor

lgtm @codefromthecrypt

@codefromthecrypt
Copy link
Contributor Author

Thanks @alizenhom can you put the skip changelog label on for me? I don't have karma for that

@karthikscale3 karthikscale3 added the Skip Changelog PRs that do not require a CHANGELOG.md entry label Nov 12, 2024
xrmx
xrmx approved these changes Nov 12, 2024
View reviewed changes
Copy link
Contributor

@xrmx xrmx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch!

@lzchen lzchen merged commit 89a0b28 into open-telemetry:main Nov 12, 2024
566 checks passed
xrmx pushed a commit to xrmx/opentelemetry-python-contrib that referenced this pull request Jan 24, 2025
@codefromthecrypt @xrmx
opentelemetry-instrumentation-openai-v2: scrub cookie from tests (ope…
f0bd9d1 
…n-telemetry#2993)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xrmx xrmx xrmx approved these changes

@karthikscale3 karthikscale3 karthikscale3 approved these changes

@gyliu513 gyliu513 Awaiting requested review from gyliu513

@lmolkova lmolkova Awaiting requested review from lmolkova

@lzchen lzchen Awaiting requested review from lzchen

@nirga nirga Awaiting requested review from nirga

+1 more reviewer

@alizenhom alizenhom alizenhom approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@codefromthecrypt codefromthecrypt

@lmolkova lmolkova

@nirga nirga

@gyliu513 gyliu513

@lzchen lzchen

@karthikscale3 karthikscale3

Labels

Skip Changelog PRs that do not require a CHANGELOG.md entry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@codefromthecrypt @alizenhom @xrmx @karthikscale3 @lmolkova @nirga @gyliu513 @lzchen