From 5a0ef46280e599bea412305cdfee8be06df88d15 Mon Sep 17 00:00:00 2001 From: Gabriel MABILLE Date: Mon, 28 Oct 2024 13:35:30 +0100 Subject: [PATCH] Add tracing to the gRPC Authentication flow (#94466) commit ad4df4b3f63bdf3e16423ac8c3fdb1a7fae5582e Author: gamab Date: Thu Oct 24 10:24:04 2024 +0200 nit commit eb8b9cf2f3e27cae258b3ae310f1584da5ba36b5 Author: gamab Date: Thu Oct 24 10:23:25 2024 +0200 miss commit aab1aed204a5dedcc6dd187b2f636995bbe2c5c6 Merge: 5aafdec9233 7fe710b141e Author: gamab Date: Thu Oct 24 10:22:05 2024 +0200 Merge remote-tracking branch 'origin/main' into gamab/resourcestore/tracing commit 5aafdec9233d6824cba977b069d71eabc3d21a8d Author: gamab Date: Wed Oct 16 18:03:56 2024 +0200 Did not fix the issue commit 20522a7f64222fad27268ac640d4b4fb9259c748 Author: gamab Date: Wed Oct 16 17:42:35 2024 +0200 Test commit b45199a341b6a57e93927c9eb7de8d7758ed7619 Merge: c0fbbdb95d4 e9e2b11ba20 Author: gamab Date: Wed Oct 16 17:31:59 2024 +0200 Merge remote-tracking branch 'origin/drclau/unistor/replace-authenticators-3' into gamab/resourcestore/tracing commit e9e2b11ba201db85a2790896730cfc60a571d747 Author: Claudiu Dragalina-Paraipan Date: Wed Oct 16 18:28:31 2024 +0300 PR feedback: simplified fallback implementation Co-Authored-By: Gabriel MABILLE commit b5209dba643343538924d1603958c24b8887a3db Author: Claudiu Dragalina-Paraipan Date: Wed Oct 16 18:03:06 2024 +0300 Update pkg/services/authn/grpcutils/grpc_authenticator.go Co-authored-by: Gabriel MABILLE commit c0fbbdb95d4605f349b902ca8698e7b560433867 Author: gamab Date: Wed Oct 16 10:32:52 2024 +0200 Add traces to fallback commit 75aa8dcbd49288f1dca53cdf6e9a7b41688dff38 Merge: d92fafcaf0d 562d499e850 Author: gamab Date: Wed Oct 16 10:29:41 2024 +0200 Merge remote-tracking branch 'origin/drclau/unistor/replace-authenticators-3' into gamab/resourcestore/tracing commit 562d499e8509a6e7501aa4887b200ba0359b99a7 Author: Claudiu Dragalina-Paraipan Date: Wed Oct 16 11:05:01 2024 +0300 switched to features.IsEnabledGlobally() commit addc6aaca4a657bc5b15ff1ee36afbbdd0b17818 Author: Claudiu Dragalina-Paraipan Date: Wed Oct 16 10:21:31 2024 +0300 imports cleanup commit 7c6d80f6aa8afb21920a3a8a0b7552a6d0658f84 Merge: 64a5e55d616 9dc2ccdbfdd Author: Claudiu Dragalina-Paraipan Date: Wed Oct 16 10:18:54 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit 64a5e55d61691f194d9c3796ac47940b3aec39c2 Author: Claudiu Dragalina-Paraipan Date: Tue Oct 15 11:01:54 2024 +0300 cleanup commit 4fe2c0345762d84b2706c4db23ec66a8fbdc4f2b Author: Claudiu Dragalina-Paraipan Date: Tue Oct 15 10:31:06 2024 +0300 always enable FlagAppPlatformGrpcClientAuth for k8s int tests commit c7e36759cd6c73c93ec9d990d54081c140d9c49f Author: Claudiu Dragalina-Paraipan Date: Tue Oct 15 10:30:43 2024 +0300 use sync.Once as it's more idiomatic commit f5c2c7998192221103dbab0f26456b1ef7caf2fe Author: Claudiu Dragalina-Paraipan Date: Mon Oct 14 20:43:48 2024 +0300 remove client side namespace extractor commit 742295c89a21c8062c45049988f61f457d9c5a55 Author: Claudiu Dragalina-Paraipan Date: Mon Oct 14 20:04:11 2024 +0300 avoid double registration of metrics (fallbackCounter) commit a45998c8d315166522353b67c1f14dfa80c06e75 Author: Claudiu Dragalina-Paraipan Date: Mon Oct 14 19:03:41 2024 +0300 use FlagAppPlatformGrpcClientAuth to enable new behavior, instead of legacy commit ffdc301718c1187f52139275f9ba641031b8a698 Author: Claudiu Dragalina-Paraipan Date: Mon Oct 14 18:37:22 2024 +0300 remove the NamespaceAuthorizer The NamespaceAuthorizer would fail in legacy mode. It will be added back in the future. commit 4a03ed7d7d60a7527d071e06127c4192dfce08e0 Author: Claudiu Dragalina-Paraipan Date: Mon Oct 14 15:59:08 2024 +0300 allow using the legacy resource client via commit a2c30f5328dc2f96b8cb1a5103ea97535837b006 Merge: ead390f6084 2f3c539d9b5 Author: Claudiu Dragalina-Paraipan Date: Mon Oct 14 14:08:32 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit ead390f60840ad281f9634558367ff707e86c84d Author: Claudiu Dragalina-Paraipan Date: Fri Oct 11 09:38:49 2024 +0300 added server side gRPC authn fallback-to-legacy mechanism - brought back the old gRPC authenticator - added `grpc_server_authentication.legacy_fallback` config option - introduced `AuthenticatorWithFallback` - added telemetry to track fallbacks commit d92fafcaf0db9c8d97a5d071759fc21ede7d8848 Author: gamab Date: Wed Oct 9 14:58:25 2024 +0200 Fix test commit 54f05ff0fecf3d696a0e98621db6991282503917 Author: gamab Date: Wed Oct 9 14:42:18 2024 +0200 Forgot the tracer :grin: commit 3948048880c7a0eb2360a35b0cc9f3686f2edfef Author: gamab Date: Wed Oct 9 14:02:41 2024 +0200 Add traces to NamespaceAuthorizer commit cc695bb77c37a097174556303721fbc48b9464a0 Author: gamab Date: Wed Oct 9 13:56:48 2024 +0200 Add traces to authentication flow commit 8686c46be52dc15b8ff8bf04cbaa7108d14fb1d9 Merge: 08c3d237dc2 4a3ce661930 Author: gamab Date: Wed Oct 9 13:56:26 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit 08c3d237dc238bdb1da57ac200049946966a0cd1 Merge: 33fd104cfda 84d580179d9 Author: gamab Date: Wed Oct 9 12:41:57 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit 33fd104cfda5e74f1ef086ed30c57530df5bd82f Merge: 68af25fbc38 38f57d270a9 Author: gamab Date: Wed Oct 9 12:13:25 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit 68af25fbc3835cb6ffe35bfdbc2e4387bed92744 Author: Gabriel MABILLE Date: Mon Oct 7 16:31:09 2024 +0200 Update pkg/services/authz/config.go commit 4fba5c9b32815ff672126d3bc10ee9acf996d761 Author: gamab Date: Fri Oct 4 15:17:41 2024 +0200 PR Feedback commit 86867a14cae1a58890040bdfc60b2e042d8d0658 Author: Gabriel MABILLE Date: Fri Oct 4 15:13:06 2024 +0200 Update pkg/services/authn/grpcutils/config.go Co-authored-by: Dan Cech commit c591631135c296614d24ac668eadce948183867a Merge: c80c46ca6a9 e37b43117b2 Author: gamab Date: Fri Oct 4 13:07:48 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit c80c46ca6a9637c99b592a8b17acd3ead02892e7 Merge: 3acada9d470 4224d059341 Author: gamab Date: Thu Oct 3 14:58:51 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit 3acada9d47036023d5baf01884bef3c581b86775 Author: Claudiu Dragalina-Paraipan Date: Fri Sep 27 17:39:59 2024 +0300 introducing `mode` config for gRPC auth server & client side commit 914ca237e226a8edfd7c509bfbaedf7e2e48c28b Author: Claudiu Dragalina-Paraipan Date: Thu Sep 26 20:47:57 2024 +0300 Fixed integration tests commit 71c33dcbe3620e174afc9f7bd7ff1bad51dedf79 Merge: 52f248eebb3 920d79680dc Author: Claudiu Dragalina-Paraipan Date: Thu Sep 26 19:25:33 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit 52f248eebb3e7ef294d17b7399db8381cf89d4f3 Author: Claudiu Dragalina-Paraipan Date: Tue Sep 24 18:44:38 2024 +0300 updated namespace extractor usage commit a6c977ba4d9376fb8b0ce09d4243a9298e221189 Merge: fb7bbf743b2 8da1d78c92f Author: Claudiu Dragalina-Paraipan Date: Tue Sep 24 17:35:03 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit fb7bbf743b2953987c3b0ffe07c0731126bd8d86 Author: Claudiu Dragalina-Paraipan Date: Tue Sep 24 17:34:36 2024 +0300 unistor client side updates commit a28440c40bda3ab37ee217c4815452be6efd3db6 Merge: 79d9969aa8b a8b07b0c81d Author: Claudiu Dragalina-Paraipan Date: Tue Sep 24 10:45:09 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit 79d9969aa8b3d19f3f601e7cb369fd3fd4cd5a4e Author: gamab Date: Mon Sep 9 16:14:02 2024 +0200 Rename NewResourceClient funcs commit 36b3752490d7e4f9b4ce727b61c12eb6310e6cb1 Merge: 8ce354bb06d b89f3f81154 Author: gamab Date: Mon Sep 9 16:00:54 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit 8ce354bb06df4a3c7b9272da824b9cb3397ed68e Author: gamab Date: Mon Sep 9 10:40:06 2024 +0200 Align commit bdf79f3b2fd6788f27bf8c81b0742d4c94b8f2b5 Merge: 8f4df8973d8 8eb7e55f8f3 Author: gamab Date: Mon Sep 9 10:38:45 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit 8f4df8973d8e99c369ebd5816dde5929e15305fd Merge: 2441cd8d53f 9338e40dc3c Author: gamab Date: Thu Sep 5 11:26:39 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit 2441cd8d53f3d5f01198a59a158c97355da45e5d Merge: 2904074a2f7 2bbce8a7f79 Author: Claudiu Dragalina-Paraipan Date: Tue Sep 3 17:31:36 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit 2904074a2f7ebf18c067e92f7205d5a8fa204f2c Author: Claudiu Dragalina-Paraipan Date: Tue Sep 3 16:35:25 2024 +0300 refactoring Co-Authored-By: Gabriel MABILLE commit 125cb3c83427277d8a208dc329f22374f0865487 Author: Claudiu Dragalina-Paraipan Date: Tue Sep 3 16:34:18 2024 +0300 refactoring (aesthetics) Co-Authored-By: Gabriel MABILLE commit 499a31df530276f7f5bdf10d3547b6d6f077af0b Author: Claudiu Dragalina-Paraipan Date: Tue Sep 3 15:59:09 2024 +0300 update usage of ReadGprcServerConfig() commit f5d383644d5e4a7808db73819ca976e2976698eb Author: Claudiu Dragalina-Paraipan Date: Tue Sep 3 15:44:09 2024 +0300 make update-workspace commit 755485751e56677f26964a1075a405327985e780 Author: gamab Date: Tue Sep 3 14:43:22 2024 +0200 Fix trace commit d09e14c26acd7f2801a00b3e08b92a066eb5afba Author: Claudiu Dragalina-Paraipan Date: Tue Sep 3 15:42:50 2024 +0300 removed WithIDTokenExtractorOption, and other PR feedback commit 21220c2cca42c940d2ac246fab8126abef7b1662 Author: gamab Date: Tue Sep 3 14:36:59 2024 +0200 Else statement commit 6cf1efdcc485fd199971cbb8ecc8ed16fd372059 Author: gamab Date: Tue Sep 3 14:35:02 2024 +0200 Mod update commit 4b73a938832e29fa1dda4bdc9da75cb8e4c8c4ed Author: gamab Date: Tue Sep 3 14:32:20 2024 +0200 Add Auth func overrides commit 6032ab3ae19931edb8b340df231f4fc652a6cd9c Author: gamab Date: Tue Sep 3 14:26:18 2024 +0200 Use NamespaceAuthorizer commit 601beb5327ceee302c04cb75eb3d4b9ffb995097 Author: gamab Date: Tue Sep 3 14:20:47 2024 +0200 Update authlib commit a1b6408127599a6f3be0ab729c8fc0bc40f71beb Merge: 0d70225c1ad 1128c417d82 Author: gamab Date: Tue Sep 3 14:18:49 2024 +0200 Merge remote-tracking branch 'origin/main' into drclau/unistor/replace-authenticators-3 commit 0d70225c1ad24244bb23f9e08a0b2dadf386698e Author: Claudiu Dragalina-Paraipan Date: Tue Sep 3 15:15:54 2024 +0300 Update pkg/services/authn/grpcutils/grpc_authenticator.go Co-authored-by: Gabriel MABILLE commit 62f165f6f98c9798c5f8cd0e876454b4aa3c24f6 Author: Claudiu Dragalina-Paraipan Date: Tue Sep 3 10:55:45 2024 +0300 refactoring NamespaceAccessChecker usage and use CloudNamespaceFormatter in Cloud Co-Authored-By: Gabriel MABILLE commit bb5ee88d4faf904edc1dcdbb57a290b81966897c Author: Claudiu Dragalina-Paraipan Date: Tue Sep 3 10:39:11 2024 +0300 added stackIdExtractor for cloud mode Co-Authored-By: Gabriel MABILLE commit 84866a8a516c194a06ede376148bd07c2f998003 Author: Claudiu Dragalina-Paraipan Date: Tue Sep 3 10:38:19 2024 +0300 authz client cfg changes - removed ModeCloud, relying on ModeGrpc and stackID instead to discover if we're running in Cloud - reusing settings from "grpc_client_authentication", instead of duplicating in "authorization" section Co-Authored-By: Gabriel MABILLE commit 14a1021605543c6d77977765d33853c9815b7735 Author: Claudiu Dragalina-Paraipan Date: Mon Sep 2 21:44:35 2024 +0300 make update-workspace commit 84f8c9be94ac477e90895b354dc480777027854d Author: Claudiu Dragalina-Paraipan Date: Mon Sep 2 21:36:10 2024 +0300 cleanup: refactoring leftover commit 7fe8d623042b7c49a177fd2f84c091d719ef1fec Author: Claudiu Dragalina-Paraipan Date: Mon Sep 2 19:30:51 2024 +0300 update authlib version (small fix) commit 7c2353ae25d7be37482f344c3fb2275be6b79e38 Author: Claudiu Dragalina-Paraipan Date: Mon Sep 2 19:17:11 2024 +0300 cleanup: remove unused `GrpcServerConfig.Mode` commit 52b7cf85501330cc201be6c0e900c29ed2babcc0 Author: Claudiu Dragalina-Paraipan Date: Mon Sep 2 19:06:59 2024 +0300 make update-workspace commit 14ddfbd8fb1e742bd783307eb46a9a12e9d08bc8 Author: Claudiu Dragalina-Paraipan Date: Mon Sep 2 19:02:40 2024 +0300 finalize authlib grpc interceptors usage commit 884c4a8c2449258f4cc1b39116c9d519e2f7f05d Merge: 0fd1988bed3 a1190b165b5 Author: Claudiu Dragalina-Paraipan Date: Mon Sep 2 19:00:07 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit 0fd1988bed31af32aad456e78f52221adb112c72 Merge: b766bfb24fe e0950a1283e Author: Claudiu Dragalina-Paraipan Date: Fri Aug 30 10:45:51 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit b766bfb24feb2ade7ef269526d3a984ba9de9e47 Merge: 6993f108a21 68751ed3107 Author: Claudiu Dragalina-Paraipan Date: Wed Aug 28 15:46:04 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit 6993f108a214febc7c48c4e383107ee841e5741c Merge: 5f073b04d0c f1ba609b348 Author: Claudiu Dragalina-Paraipan Date: Tue Aug 27 12:51:07 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit 5f073b04d0c3c2b70aecd6a5f90608b850c6cf0a Merge: 0620891d450 ac5ebe6e4d1 Author: Claudiu Dragalina-Paraipan Date: Mon Aug 19 21:09:44 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit 0620891d4508b7b3ebea066e26bd4616842d8e86 Merge: 6a272e8e2a2 15f2b08f00f Author: Claudiu Dragalina-Paraipan Date: Mon Aug 12 14:14:44 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit 6a272e8e2a24200b0b93339c2ab7d0143918e0d0 Author: Claudiu Dragalina-Paraipan Date: Thu Aug 8 18:53:43 2024 +0300 allow insecure conns in dev mode + refactoring commit 31c7b030badc0f78ec053e601a6889340040168f Author: Claudiu Dragalina-Paraipan Date: Thu Aug 8 10:31:13 2024 +0300 allow insecure connections (for testing purposes); remove audience checks audience checks will still need to be done for Access tokens, but not for ID tokens commit 0fdd2ff802ce83edeeeb0df3976ec15f1a673c98 Merge: 763961210cd f384759ad10 Author: Claudiu Dragalina-Paraipan Date: Wed Aug 7 14:42:39 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit 763961210cd803e52e46dbb6e921bd396810e8dc Author: Claudiu Dragalina-Paraipan Date: Fri Aug 2 18:54:29 2024 +0300 wip commit c46b42a59528f3690331175eceb61ffa16b19ca7 Merge: 92aba937a96 0145b0fe704 Author: Claudiu Dragalina-Paraipan Date: Fri Aug 2 14:44:06 2024 +0300 Merge branch 'main' into drclau/unistor/replace-authenticators-3 commit 92aba937a963b8d2122fc7612c2003e7527b115e Author: Claudiu Dragalina-Paraipan Date: Thu Aug 1 18:32:19 2024 +0300 authn: client side updates Co-Authored-By: Gabriel MABILLE --- pkg/services/authn/grpcutils/grpc_authenticator.go | 14 +++++++++++--- pkg/storage/unified/client.go | 8 ++++---- pkg/storage/unified/resource/client.go | 7 +++++-- pkg/storage/unified/sql/service.go | 2 +- pkg/storage/unified/sql/test/integration_test.go | 3 ++- 5 files changed, 23 insertions(+), 11 deletions(-) diff --git a/pkg/services/authn/grpcutils/grpc_authenticator.go b/pkg/services/authn/grpcutils/grpc_authenticator.go index ff3451cdf11..dc9f3701eed 100644 --- a/pkg/services/authn/grpcutils/grpc_authenticator.go +++ b/pkg/services/authn/grpcutils/grpc_authenticator.go @@ -9,7 +9,9 @@ import ( authnlib "github.com/grafana/authlib/authn" "github.com/prometheus/client_golang/prometheus" + "go.opentelemetry.io/otel/attribute" + "github.com/grafana/grafana/pkg/infra/tracing" "github.com/grafana/grafana/pkg/services/grpcserver/interceptors" "github.com/grafana/grafana/pkg/setting" ) @@ -25,7 +27,7 @@ func NewInProcGrpcAuthenticator() *authnlib.GrpcAuthenticator { ) } -func NewGrpcAuthenticator(cfg *setting.Cfg) (*authnlib.GrpcAuthenticator, error) { +func NewGrpcAuthenticator(cfg *setting.Cfg, tracer tracing.Tracer) (*authnlib.GrpcAuthenticator, error) { authCfg, err := ReadGrpcServerConfig(cfg) if err != nil { return nil, err @@ -49,6 +51,7 @@ func NewGrpcAuthenticator(cfg *setting.Cfg) (*authnlib.GrpcAuthenticator, error) grpcOpts := []authnlib.GrpcAuthenticatorOption{ authnlib.WithIDTokenAuthOption(true), authnlib.WithKeyRetrieverOption(keyRetriever), + authnlib.WithTracerAuthOption(tracer), } if authCfg.Mode == ModeOnPrem { grpcOpts = append(grpcOpts, @@ -67,15 +70,16 @@ type AuthenticatorWithFallback struct { authenticator *authnlib.GrpcAuthenticator fallback interceptors.Authenticator metrics *metrics + tracer tracing.Tracer } -func NewGrpcAuthenticatorWithFallback(cfg *setting.Cfg, reg prometheus.Registerer, fallback interceptors.Authenticator) (interceptors.Authenticator, error) { +func NewGrpcAuthenticatorWithFallback(cfg *setting.Cfg, reg prometheus.Registerer, tracer tracing.Tracer, fallback interceptors.Authenticator) (interceptors.Authenticator, error) { authCfg, err := ReadGrpcServerConfig(cfg) if err != nil { return nil, err } - authenticator, err := NewGrpcAuthenticator(cfg) + authenticator, err := NewGrpcAuthenticator(cfg, tracer) if err != nil { return nil, err } @@ -88,16 +92,20 @@ func NewGrpcAuthenticatorWithFallback(cfg *setting.Cfg, reg prometheus.Registere authenticator: authenticator, fallback: fallback, metrics: newMetrics(reg), + tracer: tracer, }, nil } func (f *AuthenticatorWithFallback) Authenticate(ctx context.Context) (context.Context, error) { + ctx, span := f.tracer.Start(ctx, "grpcutils.AuthenticatorWithFallback.Authenticate") + span.SetAttributes(attribute.Bool("fallback_used", false)) // Try to authenticate with the new authenticator first newCtx, err := f.authenticator.Authenticate(ctx) if err != nil { // In case of error, fallback to the legacy authenticator newCtx, err = f.fallback.Authenticate(ctx) f.metrics.fallbackCounter.WithLabelValues(fmt.Sprintf("%t", err == nil)).Inc() + span.SetAttributes(attribute.Bool("fallback_used", true)) } return newCtx, err } diff --git a/pkg/storage/unified/client.go b/pkg/storage/unified/client.go index 4d1b225c038..c1cf0a2513b 100644 --- a/pkg/storage/unified/client.go +++ b/pkg/storage/unified/client.go @@ -87,7 +87,7 @@ func ProvideUnifiedStorageClient( } // Create a client instance - client, err := newResourceClient(conn, cfg, features) + client, err := newResourceClient(conn, cfg, features, tracer) if err != nil { return nil, err } @@ -116,15 +116,15 @@ func clientCfgMapping(clientCfg *grpcutils.GrpcClientConfig) authnlib.GrpcClient } } -func newResourceClient(conn *grpc.ClientConn, cfg *setting.Cfg, features featuremgmt.FeatureToggles) (resource.ResourceClient, error) { +func newResourceClient(conn *grpc.ClientConn, cfg *setting.Cfg, features featuremgmt.FeatureToggles, tracer tracing.Tracer) (resource.ResourceClient, error) { if !features.IsEnabledGlobally(featuremgmt.FlagAppPlatformGrpcClientAuth) { return resource.NewLegacyResourceClient(conn), nil } if cfg.StackID == "" { - return resource.NewGRPCResourceClient(conn) + return resource.NewGRPCResourceClient(tracer, conn) } grpcClientCfg := grpcutils.ReadGrpcClientConfig(cfg) - return resource.NewCloudResourceClient(conn, clientCfgMapping(grpcClientCfg), cfg.Env == setting.Dev) + return resource.NewCloudResourceClient(tracer, conn, clientCfgMapping(grpcClientCfg), cfg.Env == setting.Dev) } diff --git a/pkg/storage/unified/resource/client.go b/pkg/storage/unified/resource/client.go index 46c3c5c3605..c06cd065463 100644 --- a/pkg/storage/unified/resource/client.go +++ b/pkg/storage/unified/resource/client.go @@ -17,6 +17,7 @@ import ( "google.golang.org/grpc" "github.com/grafana/grafana/pkg/apimachinery/identity" + "github.com/grafana/grafana/pkg/infra/tracing" "github.com/grafana/grafana/pkg/services/auth" "github.com/grafana/grafana/pkg/services/authn/grpcutils" grpcUtils "github.com/grafana/grafana/pkg/storage/unified/resource/grpc" @@ -83,12 +84,13 @@ func NewLocalResourceClient(server ResourceServer) ResourceClient { } } -func NewGRPCResourceClient(conn *grpc.ClientConn) (ResourceClient, error) { +func NewGRPCResourceClient(tracer tracing.Tracer, conn *grpc.ClientConn) (ResourceClient, error) { // scenario: remote on-prem clientInt, err := authnlib.NewGrpcClientInterceptor( &authnlib.GrpcClientConfig{}, authnlib.WithDisableAccessTokenOption(), authnlib.WithIDTokenExtractorOption(idTokenExtractor), + authnlib.WithTracerOption(tracer), ) if err != nil { return nil, err @@ -102,10 +104,11 @@ func NewGRPCResourceClient(conn *grpc.ClientConn) (ResourceClient, error) { }, nil } -func NewCloudResourceClient(conn *grpc.ClientConn, cfg authnlib.GrpcClientConfig, allowInsecure bool) (ResourceClient, error) { +func NewCloudResourceClient(tracer tracing.Tracer, conn *grpc.ClientConn, cfg authnlib.GrpcClientConfig, allowInsecure bool) (ResourceClient, error) { // scenario: remote cloud opts := []authnlib.GrpcClientInterceptorOption{ authnlib.WithIDTokenExtractorOption(idTokenExtractor), + authnlib.WithTracerOption(tracer), } if allowInsecure { diff --git a/pkg/storage/unified/sql/service.go b/pkg/storage/unified/sql/service.go index d531a56a15a..83105efb371 100644 --- a/pkg/storage/unified/sql/service.go +++ b/pkg/storage/unified/sql/service.go @@ -70,7 +70,7 @@ func ProvideUnifiedStorageGrpcService( // FIXME: This is a temporary solution while we are migrating to the new authn interceptor // grpcutils.NewGrpcAuthenticator should be used instead. - authn, err := grpcutils.NewGrpcAuthenticatorWithFallback(cfg, prometheus.DefaultRegisterer, &grpc.Authenticator{}) + authn, err := grpcutils.NewGrpcAuthenticatorWithFallback(cfg, prometheus.DefaultRegisterer, tracing, &grpc.Authenticator{}) if err != nil { return nil, err } diff --git a/pkg/storage/unified/sql/test/integration_test.go b/pkg/storage/unified/sql/test/integration_test.go index 30414aed449..d3e10b6cb75 100644 --- a/pkg/storage/unified/sql/test/integration_test.go +++ b/pkg/storage/unified/sql/test/integration_test.go @@ -15,6 +15,7 @@ import ( "github.com/grafana/grafana/pkg/apimachinery/identity" infraDB "github.com/grafana/grafana/pkg/infra/db" + "github.com/grafana/grafana/pkg/infra/tracing" "github.com/grafana/grafana/pkg/services/featuremgmt" "github.com/grafana/grafana/pkg/setting" "github.com/grafana/grafana/pkg/storage/unified/resource" @@ -375,7 +376,7 @@ func TestClientServer(t *testing.T) { t.Run("Create a client", func(t *testing.T) { conn, err := grpc.NewClient(svc.GetAddress(), grpc.WithTransportCredentials(insecure.NewCredentials())) require.NoError(t, err) - client, err = resource.NewGRPCResourceClient(conn) + client, err = resource.NewGRPCResourceClient(tracing.NewNoopTracerService(), conn) require.NoError(t, err) })