fix proxy service http middleware

2025-06-26 14:38:09 +02:00 · 2025-01-10 00:13:57 +00:00 · 2025-01-10 00:13:57 +00:00 · 1a4ff1c8a4
commit 1a4ff1c8a4
parent 61e56b6e42
7 changed files with 8 additions and 14 deletions
--- a/authenticate/handlers.go
+++ b/authenticate/handlers.go
@ -14,6 +14,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/gorilla/mux"
 	"github.com/rs/cors"
+	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"

 	"github.com/pomerium/csrf"
 	"github.com/pomerium/pomerium/internal/authenticateflow"
@ -59,6 +60,7 @@ func (a *Authenticate) Mount(r *mux.Router) {
 		}
 		return csrf.Protect(state.cookieSecret, csrfOptions...)(h)
 	})
+	r.Use(trace.NewHTTPMiddleware(otelhttp.WithTracerProvider(a.tracerProvider)))

 	// redirect / to /.pomerium/
 	r.Path("/").Handler(http.RedirectHandler("/.pomerium/", http.StatusFound))
--- a/internal/controlplane/http.go
+++ b/internal/controlplane/http.go
@ -10,14 +10,12 @@ import (
 	"github.com/CAFxX/httpcompression"
 	"github.com/gorilla/mux"
 	"github.com/rs/zerolog"
-	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"

 	"github.com/pomerium/pomerium/config"
 	"github.com/pomerium/pomerium/internal/handlers"
 	"github.com/pomerium/pomerium/internal/log"
 	"github.com/pomerium/pomerium/internal/middleware"
 	"github.com/pomerium/pomerium/internal/telemetry"
-	"github.com/pomerium/pomerium/internal/telemetry/trace"
 	"github.com/pomerium/pomerium/internal/urlutil"
 	hpke_handlers "github.com/pomerium/pomerium/pkg/hpke/handlers"
 	"github.com/pomerium/pomerium/pkg/telemetry/requestid"
@ -52,7 +50,6 @@ func (srv *Server) addHTTPMiddleware(ctx context.Context, root *mux.Router, _ *c
 	root.Use(telemetry.HTTPStatsHandler(func() string {
 		return srv.currentConfig.Load().Options.InstallationID
 	}, srv.name))
-	root.Use(trace.NewHTTPMiddleware(otelhttp.WithTracerProvider(srv.tracerProvider)))
 }

 func (srv *Server) mountCommonEndpoints(root *mux.Router, cfg *config.Config) error {
--- a/internal/middleware/middleware.go
+++ b/internal/middleware/middleware.go
@ -6,7 +6,6 @@ import (
 	"net/http"

 	"github.com/pomerium/pomerium/internal/httputil"
-	"github.com/pomerium/pomerium/internal/telemetry/trace"
 	"github.com/pomerium/pomerium/internal/urlutil"
 )

@ -14,12 +13,10 @@ import (
 func SetHeaders(headers map[string]string) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			ctx, span := trace.Continue(r.Context(), "middleware.SetHeaders")
-			defer span.End()
 			for key, val := range headers {
 				w.Header().Set(key, val)
 			}
-			next.ServeHTTP(w, r.WithContext(ctx))
+			next.ServeHTTP(w, r)
 		})
 	}
 }
@ -29,12 +26,10 @@ func SetHeaders(headers map[string]string) func(next http.Handler) http.Handler
 func ValidateSignature(sharedKey []byte) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
-			ctx, span := trace.Continue(r.Context(), "middleware.ValidateSignature")
-			defer span.End()
 			if err := ValidateRequestURL(r, sharedKey); err != nil {
 				return httputil.NewError(http.StatusBadRequest, err)
 			}
-			next.ServeHTTP(w, r.WithContext(ctx))
+			next.ServeHTTP(w, r)
 			return nil
 		})
 	}
--- a/internal/testenv/selftests/tracing_test.go
+++ b/internal/testenv/selftests/tracing_test.go
@ -54,6 +54,7 @@ var allServices = []string{
 	"Authenticate",
 	"Control Plane",
 	"Data Broker",
+	"Proxy",
 	"Upstream",
 	"IDP",
 	"HTTP Client",
--- a/pkg/envoy/get-envoy/main.go
+++ b/pkg/envoy/get-envoy/main.go
@ -15,7 +15,7 @@ import (
 )

 var (
-	envoyVersion = "1.32.2"
+	envoyVersion = "1.32.3"
 	targets      = []string{
 		"darwin-amd64",
 		"darwin-arm64",
--- a/proxy/handlers.go
+++ b/proxy/handlers.go
@ -9,13 +9,11 @@ import (

 	"github.com/go-jose/go-jose/v3/jwt"
 	"github.com/gorilla/mux"
-	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"

 	"github.com/pomerium/pomerium/config"
 	"github.com/pomerium/pomerium/internal/handlers"
 	"github.com/pomerium/pomerium/internal/httputil"
 	"github.com/pomerium/pomerium/internal/middleware"
-	"github.com/pomerium/pomerium/internal/telemetry/trace"
 	"github.com/pomerium/pomerium/internal/urlutil"
 )

@ -23,7 +21,6 @@ import (
 func (p *Proxy) registerDashboardHandlers(r *mux.Router, opts *config.Options) *mux.Router {
 	h := httputil.DashboardSubrouter(r)
 	h.Use(middleware.SetHeaders(httputil.HeadersContentSecurityPolicy))
-	h.Use(trace.NewHTTPMiddleware(otelhttp.WithTracerProvider(p.tracerProvider)))

 	// special pomerium endpoints for users to view their session
 	h.Path("/").Handler(httputil.HandlerFunc(p.userInfo)).Methods(http.MethodGet)
--- a/proxy/proxy.go
+++ b/proxy/proxy.go
@ -10,6 +10,7 @@ import (
 	"net/http"

 	"github.com/gorilla/mux"
+	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
 	oteltrace "go.opentelemetry.io/otel/trace"

 	"github.com/pomerium/pomerium/config"
@ -120,6 +121,7 @@ func (p *Proxy) setHandlers(ctx context.Context, opts *config.Options) error {
 	r.StrictSlash(true)
 	// dashboard handlers are registered to all routes
 	r = p.registerDashboardHandlers(r, opts)
+	r.Use(trace.NewHTTPMiddleware(otelhttp.WithTracerProvider(p.tracerProvider)))

 	p.currentRouter.Store(r)
 	return nil