nat.plugins.opentelemetry.otlp_span_redaction_adapter_exporter#
Attributes#
Classes#
An OpenTelemetry OTLP span exporter with built-in redaction and privacy tagging. |
Module Contents#
- logger#
- class OTLPSpanHeaderRedactionAdapterExporter(
- *,
- context_state: nat.builder.context.ContextState | None = None,
- batch_size: int = 100,
- flush_interval: float = 5.0,
- max_queue_size: int = 1000,
- drop_on_overflow: bool = False,
- shutdown_timeout: float = 10.0,
- resource_attributes: dict[str, str] | None = None,
- redaction_attributes: list[str] | None = None,
- redaction_headers: list[str] | None = None,
- redaction_callback: collections.abc.Callable[Ellipsis, Any] | None = None,
- redaction_enabled: bool = False,
- force_redaction: bool = False,
- redaction_value: str = '[REDACTED]',
- redaction_tag: str | None = None,
- tags: collections.abc.Mapping[str, enum.Enum | str] | None = None,
- endpoint: str,
- headers: dict[str, str] | None = None,
- **otlp_kwargs,
Bases:
nat.plugins.opentelemetry.otlp_span_adapter_exporter.OTLPSpanAdapterExporterAn OpenTelemetry OTLP span exporter with built-in redaction and privacy tagging.
This class extends OTLPSpanAdapterExporter to provide automatic span redaction and privacy tagging capabilities. It automatically adds header-based redaction and span tagging processors to the processing pipeline.
Key Features: - Header-based span redaction with configurable callback logic - Privacy level tagging for compliance and governance - Complete span processing pipeline (IntermediateStep → Span → Redaction → Tagging → OtelSpan → Batching → Export) - Batching support for efficient transmission - OTLP HTTP protocol for maximum compatibility - Configurable authentication via headers - Resource attribute management - Error handling and retry logic
The redaction processor allows conditional redaction based on authentication headers, while the tagging processor adds privacy-level metadata to spans for downstream processing and compliance tracking.
This exporter is commonly used with services like: - OpenTelemetry Collector - DataDog (OTLP endpoint) - Jaeger (OTLP endpoint) - Grafana Tempo - Custom OTLP-compatible backends
Example:
def should_redact(auth_key: str) -> bool: return auth_key in ["sensitive_user", "test_user"] exporter = OTLPSpanRedactionAdapterExporter( endpoint="https://api.service.com/v1/traces", headers={"Authorization": "Bearer your-token"}, redaction_attributes=["user.email", "request.body"], redaction_headers=["x-user-id"], redaction_callback=should_redact, redaction_value="REDACTED", tags={"privacy.level": PrivacyLevel.HIGH, "service.type": "sensitive"}, batch_size=50, flush_interval=10.0 )
Initialize the OTLP span exporter with redaction and tagging capabilities.
- Args:
context_state: The context state for the exporter. batch_size: Number of spans to batch before exporting, default is 100. flush_interval: Time in seconds between automatic batch flushes, default is 5.0. max_queue_size: Maximum number of spans to queue, default is 1000. drop_on_overflow: Whether to drop spans when queue is full, default is False. shutdown_timeout: Maximum time to wait for export completion during shutdown, default is 10.0. resource_attributes: Additional resource attributes for spans. redaction_attributes: List of span attribute keys to redact when conditions are met. redaction_headers: List of header keys to check for authentication/user identification. redaction_callback: Function that returns true to redact spans based on header value, false otherwise. redaction_enabled: Whether the redaction processor is enabled, default is False. force_redaction: If True, always redact regardless of header checks, default is False. redaction_value: Value to replace redacted attributes with, default is “[REDACTED]”. tags: Mapping of tag keys to their values (enums or strings) to add to spans. redaction_tag: Tag to add to spans when redaction occurs. endpoint: The endpoint for the OTLP service. headers: The headers for the OTLP service. otlp_kwargs: Additional keyword arguments for the OTLP service.