3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-24 21:48:23 +02:00
Code Issues Projects Releases Packages Wiki Activity

new tracing system

Browse source
This commit is contained in:
Joe Kralicky 2025-01-09 19:25:49 +00:00
parent b87d940d11
commit a6f43f3c3c
No known key found for this signature in database
GPG key ID: 75C4875F34A9FB79
127 changed files with 7509 additions and 1454 deletions
Download patch file Download diff file Expand all files Collapse all files

21
internal/authenticateflow/stateless.go
View file

@ -10,6 +10,7 @@ import (
"github.com/go-jose/go-jose/v3"
"golang.org/x/oauth2"
googlegrpc "google.golang.org/grpc"
"google.golang.org/protobuf/encoding/protojson"
"github.com/pomerium/pomerium/authenticate/events"
@ -20,6 +21,7 @@ import (
"github.com/pomerium/pomerium/internal/httputil"
"github.com/pomerium/pomerium/internal/log"
"github.com/pomerium/pomerium/internal/sessions"
"github.com/pomerium/pomerium/internal/telemetry/trace"
"github.com/pomerium/pomerium/internal/urlutil"
"github.com/pomerium/pomerium/pkg/cryptutil"
"github.com/pomerium/pomerium/pkg/grpc"
@ -29,6 +31,9 @@ import (
"github.com/pomerium/pomerium/pkg/grpc/user"
"github.com/pomerium/pomerium/pkg/hpke"
"github.com/pomerium/pomerium/pkg/identity"
"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc"
"go.opentelemetry.io/otel"
oteltrace "go.opentelemetry.io/otel/trace"
)
// Stateless implements the stateless authentication flow. In this flow, the
@ -56,18 +61,21 @@ type Stateless struct {
dataBrokerClient databroker.DataBrokerServiceClient
getIdentityProvider func(options *config.Options, idpID string) (identity.Authenticator, error)
getIdentityProvider func(ctx context.Context, tracerProvider oteltrace.TracerProvider, options *config.Options, idpID string) (identity.Authenticator, error)
profileTrimFn func(*identitypb.Profile)
authEventFn events.AuthEventFn
tracerProvider oteltrace.TracerProvider
}
// NewStateless initializes the authentication flow for the given
// configuration, session store, and additional options.
func NewStateless(
ctx context.Context,
tracerProvider oteltrace.TracerProvider,
cfg *config.Config,
sessionStore sessions.SessionStore,
getIdentityProvider func(options *config.Options, idpID string) (identity.Authenticator, error),
getIdentityProvider func(ctx context.Context, tracerProvider oteltrace.TracerProvider, options *config.Options, idpID string) (identity.Authenticator, error),
profileTrimFn func(*identitypb.Profile),
authEventFn events.AuthEventFn,
) (*Stateless, error) {
@ -77,6 +85,7 @@ func NewStateless(
getIdentityProvider: getIdentityProvider,
profileTrimFn: profileTrimFn,
authEventFn: authEventFn,
tracerProvider: tracerProvider,
}
var err error
@ -137,7 +146,10 @@ func NewStateless(
InstallationID: cfg.Options.InstallationID,
ServiceName: cfg.Options.Services,
SignedJWTKey: sharedKey,
})
}, googlegrpc.WithStatsHandler(trace.NewClientStatsHandler(
otelgrpc.NewClientHandler(otelgrpc.WithTracerProvider(tracerProvider)),
outboundDatabrokerTraceClientOpts...,
)))
if err != nil {
return nil, err
}
@ -154,7 +166,7 @@ func (s *Stateless) VerifySession(ctx context.Context, r *http.Request, _ *sessi
return fmt.Errorf("identity profile load error: %w", err)
}
authenticator, err := s.getIdentityProvider(s.options, profile.GetProviderId())
authenticator, err := s.getIdentityProvider(ctx, s.tracerProvider, s.options, profile.GetProviderId())
if err != nil {
return fmt.Errorf("couldn't get identity provider: %w", err)
}
@ -355,6 +367,7 @@ func (s *Stateless) AuthenticateSignInURL(
for k, v := range queryParams {
q[k] = v
}
otel.GetTextMapPropagator().Inject(ctx, trace.PomeriumURLQueryCarrier(q))
authenticateURLWithParams.RawQuery = q.Encode()
return urlutil.SignInURL(