stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
bc4318ef971247e18c9c05f8b7838880f6584dc3
git.stella-ops.org/docs2/observability-telemetry-controls.md
master bc4318ef97 Add tests for SBOM generation determinism across multiple formats 
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism.
- Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions.
- Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests.
- Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
2025-12-23 18:56:12 +02:00

2.4 KiB
Raw Blame History

Telemetry controls and propagation

Bootstrap wiring

  • AddStellaOpsTelemetry wires metrics and tracing with deterministic defaults.
  • Disable exporters when sealed or when egress is not allowed.

Minimal host wiring (example)

builder.Services.AddStellaOpsTelemetry(
    builder.Configuration,
    serviceName: "StellaOps.SampleService",
    serviceVersion: builder.Configuration["VERSION"],
    configureOptions: options =>
    {
        options.Collector.Enabled = builder.Configuration.GetValue<bool>("Telemetry:Collector:Enabled", true);
        options.Collector.Endpoint = builder.Configuration["Telemetry:Collector:Endpoint"];
        options.Collector.Protocol = TelemetryCollectorProtocol.Grpc;
    },
    configureMetrics: m => m.AddAspNetCoreInstrumentation(),
    configureTracing: t => t.AddHttpClientInstrumentation());

Propagation rules

  • HTTP headers: traceparent, tracestate, x-stella-tenant, x-stella-actor, x-stella-imposed-rule.
  • gRPC metadata: stella-tenant, stella-actor, stella-imposed-rule.
  • Tenant is required for all requests except sealed diagnostics jobs.

Metrics helper expectations

  • Golden signals: http.server.duration, http.client.duration, messaging.operation.duration, job.execution.duration, runtime.gc.pause, db.call.duration.
  • Mandatory tags: tenant, service, endpoint or operation, result (ok|error|cancelled|throttled), sealed.
  • Cardinality guard trims tag values to 64 chars and caps distinct values per key.

Scrubbing configuration

  • Telemetry:Scrub:Enabled (default true)
  • Telemetry:Scrub:Sealed (forces scrubbing when sealed)
  • Telemetry:Scrub:HashSalt (optional)
  • Telemetry:Scrub:MaxValueLength (default 256)

Sealed mode behavior

  • Disable external exporters; use memory or file OTLP.
  • Tag sealed=true and scrubbed=true on all records.
  • Sampling capped by Telemetry:Sealed:MaxSamplingPercent.
  • File exporter rotates deterministically and enforces 0600 permissions.

Sealed mode config keys

  • Telemetry:Sealed:Enabled
  • Telemetry:Sealed:Exporter (memory|file)
  • Telemetry:Sealed:FilePath
  • Telemetry:Sealed:MaxBytes
  • Telemetry:Sealed:MaxSamplingPercent

Incident mode (CLI)

  • Flag: --incident-mode
  • Config: Telemetry:Incident:Enabled and Telemetry:Incident:TTL
  • State file: ~/.stellaops/incident-mode.json (0600 permissions)
  • Emits telemetry.incident.activated and telemetry.incident.expired audit events.

Determinism

  • UTC timestamps and stable ordering for OTLP exports.
  • No external enrichment in sealed mode.