mongo 2.23.0 → 2.23.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e69a3d0fe1586e73885c27a97616bb2422847a13a6b86e1c7f95348261d7de58
-  data.tar.gz: ff6fc65770491d22c49221140e248d37edbb58c3715808843718cb2b9fc8e331
+  metadata.gz: b68606a8f00dce7ebf543f9f5e266a485e4afcca05710f1d6d8782d53418372c
+  data.tar.gz: 6f5aa6fb136f59286f33f61885f163ccd3cb371c626d8a77c41f1edbb11b0351
 SHA512:
-  metadata.gz: fc176435fcf633b0b3acd905bcbca387054f70210c3d140223b30eadbed7667e56ee3ae868ad003d47b89992de09da19fc0bcfc1009f186b8e4bbda1caead6a3
-  data.tar.gz: c5ca31db40bde02be00178be089fe7c7f47504374fd606b84696ddf3ae94d14bc7f2efb00a6c7093a224451022a0098e7528268b364a731e9d95db72f3f23ddf
+  metadata.gz: f7c4aacca1e8ca699ccc0db50096603bfc30967e54feb3312981cc6792bbb68722b190ea04e2ec727af3b4d304856fd9ad4f641290ecd085a13d6d9b04e53ec6
+  data.tar.gz: b31a21ca1f01ce8693a9b28b85e5a14dd38d869a0b0ffdd150273a6d5416b201e2e8c5c2c0183e6ffb39690ecb18fcc77aaf4349075f8dc389da8419de8043ed

data/lib/mongo/tracing/open_telemetry/command_tracer.rb

@@ -21,6 +21,15 @@ module Mongo
       #
       # @api private
       class CommandTracer
+        include Mongo::Monitoring::Event::Secure
+
+        # Commands for which a span MUST NOT be created. The OpenTelemetry spec
+        # requires drivers to skip command spans for sensitive commands listed in
+        # the Command Logging and Monitoring spec. We additionally skip hello /
+        # legacy hello in all forms — these are handshake/heartbeat traffic and
+        # would only add noise to traces.
+        HELLO_COMMANDS = %w[hello ismaster isMaster].freeze
+
         # Initializes a new CommandTracer.
         #
         # @param otel_tracer [ OpenTelemetry::Trace::Tracer ] the OpenTelemetry tracer.
@@ -57,6 +66,8 @@ module Mongo
         # @return [ Object ] the result of the command.
         # rubocop:disable Lint/RescueException
         def trace_command(message, _operation_context, connection)
+          return yield if skip_tracing?(message)
+
           # Commands should always be nested under their operation span, not directly under
           # the transaction span. Don't pass with_parent to use automatic parent resolution
           # from the currently active span (the operation span).
@@ -76,6 +87,22 @@ module Mongo
 
         private
 
+        # Determines whether the command must not be traced. Sensitive auth
+        # commands carry credentials in their payloads (SCRAM proofs, cleartext
+        # passwords, etc.) and the OpenTelemetry spec requires drivers to skip
+        # command spans for them. Hello / legacy hello are also skipped to keep
+        # handshake traffic out of traces.
+        #
+        # @param message [ Mongo::Protocol::Message ] the command message.
+        #
+        # @return [ Boolean ] true when no command span should be created.
+        def skip_tracing?(message)
+          name = command_name(message)
+          return true if HELLO_COMMANDS.include?(name)
+
+          sensitive?(command_name: name, document: message.documents.first)
+        end
+
         # Creates a span for a command.
         #
         # @param message [ Mongo::Protocol::Message ] the command message.

data/lib/mongo/version.rb

@@ -5,5 +5,5 @@ module Mongo
   #
   # Note that this file is automatically updated via `rake candidate:create`.
   # Manual changes to this file will be overwritten by that rake task.
-  VERSION = '2.23.0'
+  VERSION = '2.23.1'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mongo
 version: !ruby/object:Gem::Version
-  version: 2.23.0
+  version: 2.23.1
 platform: ruby
 authors:
 - The MongoDB Ruby Team
@@ -559,7 +559,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.5
+rubygems_version: 4.0.12
 specification_version: 4
 summary: Ruby driver for MongoDB
 test_files: []