Skip to content

chore: Update opentelemetry to 0.32.1#3086

Open
kensimon wants to merge 2 commits into
NVIDIA:mainfrom
kensimon:opentelemetry-0-32-1
Open

chore: Update opentelemetry to 0.32.1#3086
kensimon wants to merge 2 commits into
NVIDIA:mainfrom
kensimon:opentelemetry-0-32-1

Conversation

@kensimon

@kensimon kensimon commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Should fix https://github.com/NVIDIA/infra-controller/security/dependabot/81

Related issues

https://github.com/NVIDIA/infra-controller/security/dependabot/81

Type of Change

  • Add - New feature or capability
  • Change - Changes in existing functionality
  • Fix - Bug fixes
  • Remove - Removed features or deprecated functionality
  • Internal - Internal changes (refactoring, tests, docs, etc.)

Breaking Changes

  • This PR contains breaking changes

Testing

  • Unit tests added/updated
  • Integration tests added/updated
  • Manual testing performed
  • No testing required (docs, internal refactor, etc.)

Additional Notes

@kensimon kensimon requested a review from a team as a code owner July 2, 2026 16:06
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 3afd5a47-5802-4fee-a9e5-3258467b0b79

📥 Commits

Reviewing files that changed from the base of the PR and between 768c1bc and 04f9924.

📒 Files selected for processing (1)
  • crates/api-core/src/logging/api_logs.rs

Summary by CodeRabbit

  • Bug Fixes
    • Improved request tracing metadata by recording gRPC/HTTP/RPC span attributes with the expected semantic field names (including clearer status reporting).
  • Chores
    • Upgraded OpenTelemetry dependencies across the workspace for compatibility and consistency.
    • Updated tracing support to newer versions.
    • Refined OTLP trace exporter configuration for more direct endpoint setup.

Walkthrough

This PR bumps OpenTelemetry-related crate versions, updates tracing setup to the newer SDK/exporter API, and changes span attribute recording in logging to use explicit string keys.

Changes

OpenTelemetry dependency and API adjustments

Layer / File(s) Summary
OpenTelemetry dependency version bumps
Cargo.toml
OpenTelemetry crates move to 0.32.x, tracing-opentelemetry moves to 0.33.0, and tracing-appender is relocated within the manifest.
Tracing setup imports and exporter config
crates/api-core/src/logging/setup.rs
Sampling types now come from opentelemetry_sdk::trace, and the OTLP exporter sets its endpoint with .with_endpoint(endpoint).
Span attribute key updates
crates/api-core/src/logging/api_logs.rs
The comment is expanded to describe semantic convention drift, and RPC/HTTP span attributes are recorded with string literal keys instead of semantic-convention constants.

Estimated code review effort: 2 (Simple) | ~12 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately reflects the main change: an OpenTelemetry dependency upgrade.
Description check ✅ Passed The description is directly related to the dependency update and the referenced Dependabot advisory.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/api-core/src/logging/api_logs.rs`:
- Around line 192-194: The TODO in api_logs.rs is misleading because grpc_method
only contains the final path segment while grpc_service carries the service
name; update the comment near the deprecated RPC_METHOD handling to reflect that
both fields are needed for attribution. Make sure the wording in the logging
logic around grpc_method and grpc_service does not suggest removing
service-level data, and keep the distinction clear wherever the log fields are
assembled.
- Around line 267-270: The new OpenTelemetry response status code is being
recorded on request_span, but it will be ignored unless the field is declared on
the span first. Update the span declaration in api_logs::request_span to include
RPC_RESPONSE_STATUS_CODE alongside rpc.grpc.status_code, then keep the existing
request_span.record call so the value is actually exported.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c16357aa-ef30-48ff-944a-268a141f2b53

📥 Commits

Reviewing files that changed from the base of the PR and between 0d5452b and 768c1bc.

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (3)
  • Cargo.toml
  • crates/api-core/src/logging/api_logs.rs
  • crates/api-core/src/logging/setup.rs

Comment thread crates/api-core/src/logging/api_logs.rs Outdated
Comment thread crates/api-core/src/logging/api_logs.rs Outdated
Opentelemetry has opted to change some of the recommended field names,
let's not deal with that right now and instead just keep using the
fields we always used.
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

🔍 Container Scan Summary

Service Total Critical High Medium Low Other
boot-artifacts-aarch64 3 0 0 3 0 0
boot-artifacts-x86_64 3 0 0 3 0 0
forge-admin-cli-x86_64 272 5 27 89 7 144
machine-validation-runner 769 25 209 278 36 221
machine_validation 769 25 209 278 36 221
machine_validation-aarch64 769 25 209 278 36 221
nvmetal-carbide 769 25 209 278 36 221
TOTAL 3354 105 863 1207 151 1028

Per-CVE detail lives in the per-service grype-* artifacts (JSON + SARIF). Severity counts only — no CVE IDs published here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants