Skip to content

Commit 065601c

Browse files
jnschaefferjnschaeffer
authoredJun 30, 2023
Add OpenTelemetry instrumentation to permissions-api client (#131)
The permissions-api client does not currently have OpenTelemetry support. This commit updates the permissions package to instrument the Permissions object, as well as add otelhttp support to enable context propagation from consuming services to permissions-api. Signed-off-by: John Schaeffer <jschaeffer@equinix.com>
1 parent c2f41d7 commit 065601c

File tree

3 files changed

+26
-1
lines changed

3 files changed

+26
-1
lines changed
 

‎go.mod

+2
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ require (
1515
github.com/stretchr/testify v1.8.4
1616
go.infratographer.com/x v0.3.2
1717
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0
18+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.42.0
1819
go.opentelemetry.io/otel v1.16.0
1920
go.opentelemetry.io/otel/trace v1.16.0
2021
go.uber.org/zap v1.24.0
@@ -32,6 +33,7 @@ require (
3233
github.com/cespare/xxhash/v2 v2.2.0 // indirect
3334
github.com/davecgh/go-spew v1.1.1 // indirect
3435
github.com/envoyproxy/protoc-gen-validate v0.10.1 // indirect
36+
github.com/felixge/httpsnoop v1.0.3 // indirect
3537
github.com/fsnotify/fsnotify v1.6.0 // indirect
3638
github.com/garsue/watermillzap v1.2.0 // indirect
3739
github.com/go-logr/logr v1.2.4 // indirect

‎go.sum

+4
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,8 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.
9595
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
9696
github.com/envoyproxy/protoc-gen-validate v0.10.1 h1:c0g45+xCJhdgFGw7a5QAfdS4byAbud7miNWJ1WwEVf8=
9797
github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
98+
github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
99+
github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
98100
github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
99101
github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
100102
github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
@@ -335,6 +337,8 @@ go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho v0
335337
go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho v0.42.0/go.mod h1:5Ll2ndRzg9UNUrj1n+v4ZCcrD/SYy7BnVrlCQXECowA=
336338
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 h1:ZOLJc06r4CB42laIXg/7udr0pbZyuAihN10A/XuiQRY=
337339
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0/go.mod h1:5z+/ZWJQKXa9YT34fQNx5K8Hd1EoIhvtUygUQPqEOgQ=
340+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.42.0 h1:pginetY7+onl4qN1vl0xW/V/v6OBZ0vVdH+esuJgvmM=
341+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.42.0/go.mod h1:XiYsayHc36K3EByOO6nbAXnAWbrUxdjUROCEeeROOH8=
338342
go.opentelemetry.io/contrib/propagators/b3 v1.17.0 h1:ImOVvHnku8jijXqkwCSyYKRDt2YrnGXD4BbhcpfbfJo=
339343
go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s=
340344
go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4=

‎pkg/permissions/permissions.go

+20-1
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,10 @@ import (
1313
"github.com/pkg/errors"
1414
"go.infratographer.com/x/echojwtx"
1515
"go.infratographer.com/x/gidx"
16+
"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
17+
"go.opentelemetry.io/otel"
18+
"go.opentelemetry.io/otel/attribute"
19+
"go.opentelemetry.io/otel/codes"
1620
"go.uber.org/zap"
1721
)
1822

@@ -37,8 +41,11 @@ var (
3741
}
3842

3943
defaultClient = &http.Client{
40-
Timeout: defaultClientTimeout,
44+
Timeout: defaultClientTimeout,
45+
Transport: otelhttp.NewTransport(http.DefaultTransport),
4146
}
47+
48+
tracer = otel.GetTracerProvider().Tracer("go.infratographer.com/permissions-api/pkg/permissions")
4249
)
4350

4451
// Checker defines the checker function definition
@@ -92,6 +99,15 @@ func (p *Permissions) Middleware() echo.MiddlewareFunc {
9299

93100
func (p *Permissions) checker(c echo.Context, actor, token string) Checker {
94101
return func(ctx context.Context, resource gidx.PrefixedID, action string) error {
102+
ctx, span := tracer.Start(ctx, "permissions.checkAccess")
103+
defer span.End()
104+
105+
span.SetAttributes(
106+
attribute.String("permissions.actor", actor),
107+
attribute.String("permissions.action", action),
108+
attribute.String("permissions.resource", resource.String()),
109+
)
110+
95111
logger := p.logger.With("actor", actor, "resource", resource.String(), "action", action)
96112

97113
values := url.Values{}
@@ -103,6 +119,7 @@ func (p *Permissions) checker(c echo.Context, actor, token string) Checker {
103119

104120
req, err := http.NewRequestWithContext(ctx, http.MethodGet, url.String(), nil)
105121
if err != nil {
122+
span.SetStatus(codes.Error, errors.WithStack(err).Error())
106123
logger.Errorw("failed to create checker request", "error", err)
107124

108125
return errors.WithStack(err)
@@ -128,8 +145,10 @@ func (p *Permissions) checker(c echo.Context, actor, token string) Checker {
128145
switch {
129146
case errors.Is(err, ErrPermissionDenied):
130147
logger.Warnw("unauthorized access to resource")
148+
span.AddEvent("permission denied")
131149
case errors.Is(err, ErrBadResponse):
132150
logger.Errorw("bad response from server", "error", err, "response.status_code", resp.StatusCode, "response.body", string(body))
151+
span.SetStatus(codes.Error, errors.WithStack(err).Error())
133152
}
134153

135154
return err

0 commit comments

Comments
 (0)
Please sign in to comment.