IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

AuthZ client: Add tracing (#96983)

Browse Source 
* AuthZ client: Add tracing

* InProc as well
This commit is contained in:
Gabriel MABILLE
2024-11-25 14:17:52 +01:00
committed by GitHub
parent 7f7cc2153f
commit 6d77c0e187
1 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
pkg/services/authz/client.go
View File

@@ -53,17 +53,17 @@ func ProvideAuthZClient(
switch authCfg.mode {
case ModeInProc:
client, err = newInProcLegacyClient(server)
client, err = newInProcLegacyClient(server, tracer)
if err != nil {
return nil, err
}
case ModeGRPC:
client, err = newGrpcLegacyClient(authCfg)
client, err = newGrpcLegacyClient(authCfg, tracer)
if err != nil {
return nil, err
}
case ModeCloud:
client, err = newCloudLegacyClient(authCfg)
client, err = newCloudLegacyClient(authCfg, tracer)
if err != nil {
return nil, err
}
@@ -87,12 +87,12 @@ func ProvideStandaloneAuthZClient(
}
if authCfg.mode == ModeGRPC {
return newGrpcLegacyClient(authCfg)
return newGrpcLegacyClient(authCfg, tracer)
}
return newCloudLegacyClient(authCfg)
return newCloudLegacyClient(authCfg, tracer)
}
func newInProcLegacyClient(server *legacyServer) (authzlib.AccessChecker, error) {
func newInProcLegacyClient(server *legacyServer, tracer tracing.Tracer) (authzlib.AccessChecker, error) {
noAuth := func(ctx context.Context) (context.Context, error) {
return ctx, nil
}
@@ -111,13 +111,18 @@ func newInProcLegacyClient(server *legacyServer) (authzlib.AccessChecker, error)
&authzlib.ClientConfig{},
authzlib.WithGrpcConnectionClientOption(channel),
authzlib.WithDisableAccessTokenClientOption(),
authzlib.WithTracerClientOption(tracer),
)
}
func newGrpcLegacyClient(authCfg *Cfg) (authzlib.AccessChecker, error) {
func newGrpcLegacyClient(authCfg *Cfg, tracer tracing.Tracer) (authzlib.AccessChecker, error) {
// This client interceptor is a noop, as we don't send an access token
clientConfig := authnlib.GrpcClientConfig{}
clientInterceptor, err := authnlib.NewGrpcClientInterceptor(&clientConfig, authnlib.WithDisableAccessTokenOption())
clientInterceptor, err := authnlib.NewGrpcClientInterceptor(
&clientConfig,
authnlib.WithDisableAccessTokenOption(),
authnlib.WithTracerOption(tracer),
)
if err != nil {
return nil, err
}
@@ -127,6 +132,7 @@ func newGrpcLegacyClient(authCfg *Cfg) (authzlib.AccessChecker, error) {
authzlib.WithGrpcDialOptionsClientOption(
getDialOpts(clientInterceptor, authCfg.allowInsecure)...,
),
authzlib.WithTracerClientOption(tracer),
// TODO: remove this once access tokens are supported on-prem
authzlib.WithDisableAccessTokenClientOption(),
)
@@ -137,7 +143,7 @@ func newGrpcLegacyClient(authCfg *Cfg) (authzlib.AccessChecker, error) {
return client, nil
}
func newCloudLegacyClient(authCfg *Cfg) (authzlib.AccessChecker, error) {
func newCloudLegacyClient(authCfg *Cfg, tracer tracing.Tracer) (authzlib.AccessChecker, error) {
grpcClientConfig := authnlib.GrpcClientConfig{
TokenClientConfig: &authnlib.TokenExchangeConfig{
Token: authCfg.token,
@@ -149,7 +155,7 @@ func newCloudLegacyClient(authCfg *Cfg) (authzlib.AccessChecker, error) {
},
}
clientInterceptor, err := authnlib.NewGrpcClientInterceptor(&grpcClientConfig)
clientInterceptor, err := authnlib.NewGrpcClientInterceptor(&grpcClientConfig, authnlib.WithTracerOption(tracer))
if err != nil {
return nil, err
}
@@ -159,6 +165,7 @@ func newCloudLegacyClient(authCfg *Cfg) (authzlib.AccessChecker, error) {
authzlib.WithGrpcDialOptionsClientOption(
getDialOpts(clientInterceptor, authCfg.allowInsecure)...,
),
authzlib.WithTracerClientOption(tracer),
)
if err != nil {
return nil, err