From 666d326cc573dd3a414b47d8b2a4b0fcf2f4684a Mon Sep 17 00:00:00 2001 From: Aleksey Savaitan Date: Wed, 4 Sep 2024 14:42:22 +0300 Subject: [PATCH 1/7] [#13] support tls over grpc for otlp_grpc exporter type Signed-off-by: Aleksey Savaitan --- testdata/tracing/invalid_empty_root_ca.pem | 0 testdata/tracing/invalid_root_ca.pem | 1 + ...valid_google_globalsign_r4_rsa_root_ca.pem | 12 ++ .../valid_google_gts_r4_ecdsa_root_ca.pem | 13 ++ tracing/config.go | 11 +- tracing/config_test.go | 35 ++++++ tracing/setup.go | 15 ++- tracing/setup_test.go | 118 ++++++++++++++++++ 8 files changed, 203 insertions(+), 2 deletions(-) create mode 100644 testdata/tracing/invalid_empty_root_ca.pem create mode 100644 testdata/tracing/invalid_root_ca.pem create mode 100644 testdata/tracing/valid_google_globalsign_r4_rsa_root_ca.pem create mode 100644 testdata/tracing/valid_google_gts_r4_ecdsa_root_ca.pem create mode 100644 tracing/setup_test.go diff --git a/testdata/tracing/invalid_empty_root_ca.pem b/testdata/tracing/invalid_empty_root_ca.pem new file mode 100644 index 0000000..e69de29 diff --git a/testdata/tracing/invalid_root_ca.pem b/testdata/tracing/invalid_root_ca.pem new file mode 100644 index 0000000..2aa3af9 --- /dev/null +++ b/testdata/tracing/invalid_root_ca.pem @@ -0,0 +1 @@ +invalid content \ No newline at end of file diff --git a/testdata/tracing/valid_google_globalsign_r4_rsa_root_ca.pem b/testdata/tracing/valid_google_globalsign_r4_rsa_root_ca.pem new file mode 100644 index 0000000..7670528 --- /dev/null +++ b/testdata/tracing/valid_google_globalsign_r4_rsa_root_ca.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYD +VQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2Jh +bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgw +MTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0g +UjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wWTAT +BgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5BwkWymOx +uYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNV +HQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/ ++wpu+74zyTyjhNUwCgYIKoZIzj0EAwIDRwAwRAIgIk90crlgr/HmnKAWBVBfw147 +bmF0774BxL4YSFlhgjICICadVGNA3jdgUM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm +-----END CERTIFICATE----- diff --git a/testdata/tracing/valid_google_gts_r4_ecdsa_root_ca.pem b/testdata/tracing/valid_google_gts_r4_ecdsa_root_ca.pem new file mode 100644 index 0000000..fdb2d1b --- /dev/null +++ b/testdata/tracing/valid_google_gts_r4_ecdsa_root_ca.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYD +VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG +A1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw +WjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz +IExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzuhXyi +QHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvR +HYqjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D +9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/Cr8deVl5c1RxYIigL9zC2L7F8AjEA8GE8 +p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh4rsUecrNIdSUtUlD +-----END CERTIFICATE----- diff --git a/tracing/config.go b/tracing/config.go index 8bb5db5..ca4f2c4 100644 --- a/tracing/config.go +++ b/tracing/config.go @@ -1,6 +1,9 @@ package tracing -import "fmt" +import ( + "crypto/x509" + "fmt" +) // Exporter is type of tracing target. type Exporter string @@ -18,6 +21,8 @@ type Config struct { Exporter Exporter // Endpoint is collector endpoint for OTLP exporters. Endpoint string + // ServerCaCertPool is cert pool of the remote server CA certificate. Use for TLS setup. + ServerCaCertPool *x509.CertPool // Service is service name that will be used in tracing. // Mandatory. @@ -64,6 +69,10 @@ func (c *Config) hasChange(other *Config) bool { return !c.serviceInfoEqual(other) } + if other.Exporter == OTLPgRPCExporter && !c.ServerCaCertPool.Equal(other.ServerCaCertPool) { + return true + } + return c.Exporter != other.Exporter || c.Endpoint != other.Endpoint || !c.serviceInfoEqual(other) diff --git a/tracing/config_test.go b/tracing/config_test.go index 2cbd8e0..24ed999 100644 --- a/tracing/config_test.go +++ b/tracing/config_test.go @@ -1,7 +1,11 @@ package tracing import ( + "crypto/x509" + "os" "testing" + + "github.com/stretchr/testify/require" ) func TestConfig_validate(t *testing.T) { @@ -232,6 +236,28 @@ func TestConfig_hasChange(t *testing.T) { Version: "v1.0.0", }, }, + { + name: "use tls root ca certificate for grpc", + want: true, + config: Config{ + Enabled: true, + Exporter: OTLPgRPCExporter, + Endpoint: "localhost:4717", + Service: "test", + InstanceID: "s01", + Version: "v1.0.0", + ServerCaCertPool: readCertPoolByPath(t, "../testdata/tracing/valid_google_globalsign_r4_rsa_root_ca.pem"), + }, + other: Config{ + Enabled: true, + Exporter: OTLPgRPCExporter, + Endpoint: "localhost:4717", + Service: "test", + InstanceID: "s01", + Version: "v1.0.0", + ServerCaCertPool: readCertPoolByPath(t, "../testdata/tracing/valid_google_gts_r4_ecdsa_root_ca.pem"), + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -241,3 +267,12 @@ func TestConfig_hasChange(t *testing.T) { }) } } + +func readCertPoolByPath(t *testing.T, path string) *x509.CertPool { + ca, err := os.ReadFile(path) + require.NoError(t, err) + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM(ca) + require.True(t, ok) + return roots +} diff --git a/tracing/setup.go b/tracing/setup.go index 2fca75b..381722e 100644 --- a/tracing/setup.go +++ b/tracing/setup.go @@ -2,6 +2,8 @@ package tracing import ( "context" + "crypto/x509" + "errors" "fmt" "sync" "sync/atomic" @@ -15,8 +17,12 @@ import ( semconv "go.opentelemetry.io/otel/semconv/v1.17.0" "go.opentelemetry.io/otel/trace" "go.opentelemetry.io/otel/trace/noop" + "google.golang.org/grpc/credentials" ) +// ErrEmptyServerRootCaPool indicates that cert pool is empty and does not have any certificates inside. +var ErrEmptyServerRootCaPool = errors.New("empty server root ca cert pool") + var ( // tracingLock protects provider, done, config and tracer from concurrent update. // These fields change when the config is updated or the application is shutdown. @@ -135,7 +141,14 @@ func getExporter(ctx context.Context, cfg *Config) (sdktrace.SpanExporter, error case NoOpExporter: return tracetest.NewNoopExporter(), nil case OTLPgRPCExporter: - return otlptracegrpc.New(ctx, otlptracegrpc.WithEndpoint(cfg.Endpoint), otlptracegrpc.WithInsecure()) + securityOption := otlptracegrpc.WithInsecure() + if cfg.ServerCaCertPool != nil { + if cfg.ServerCaCertPool.Equal(x509.NewCertPool()) { + return nil, fmt.Errorf("failed to setup tracing: %w", ErrEmptyServerRootCaPool) + } + securityOption = otlptracegrpc.WithTLSCredentials(credentials.NewClientTLSFromCert(cfg.ServerCaCertPool, "")) + } + return otlptracegrpc.New(ctx, otlptracegrpc.WithEndpoint(cfg.Endpoint), securityOption) } } diff --git a/tracing/setup_test.go b/tracing/setup_test.go new file mode 100644 index 0000000..e081faf --- /dev/null +++ b/tracing/setup_test.go @@ -0,0 +1,118 @@ +package tracing_test + +import ( + "context" + "crypto/x509" + "os" + "testing" + + "git.frostfs.info/TrueCloudLab/frostfs-observability/tracing" + "github.com/stretchr/testify/require" +) + +func TestSetup(t *testing.T) { + tests := []struct { + name string + config tracing.Config + want bool + expErr error + }{ + { + name: "setup stdout exporter", + config: tracing.Config{ + Enabled: true, + Exporter: tracing.StdoutExporter, + Service: "service-name", + }, + want: true, + expErr: nil, + }, + { + name: "setup noop exporter", + config: tracing.Config{ + Enabled: true, + Exporter: tracing.NoOpExporter, + Service: "service-name", + }, + + want: true, + expErr: nil, + }, + { + name: "setup otlp_grpc insecure exporter", + config: tracing.Config{ + Enabled: true, + Exporter: tracing.OTLPgRPCExporter, + Service: "service-name", + Endpoint: "test-endpoint.com:4317", + }, + want: true, + expErr: nil, + }, + { + name: "setup otlp_grpc secure exporter with valid rsa root ca certificate", + config: tracing.Config{ + Enabled: true, + Exporter: tracing.OTLPgRPCExporter, + Service: "service-name", + Endpoint: "test-endpoint.com:4317", + ServerCaCertPool: readCertPoolByPath(t, "../testdata/tracing/valid_google_globalsign_r4_rsa_root_ca.pem"), + }, + want: true, + expErr: nil, + }, + { + name: "setup otlp_grpc secure exporter with valid ecdsa root ca certificate", + config: tracing.Config{ + Enabled: true, + Exporter: tracing.OTLPgRPCExporter, + Service: "service-name", + Endpoint: "test-endpoint.com:4317", + ServerCaCertPool: readCertPoolByPath(t, "../testdata/tracing/valid_google_gts_r4_ecdsa_root_ca.pem"), + }, + want: true, + expErr: nil, + }, + { + name: "setup otlp_grpc secure exporter with invalid root ca certificate", + config: tracing.Config{ + Enabled: true, + Exporter: tracing.OTLPgRPCExporter, + Service: "service-name", + Endpoint: "test-endpoint.com:4317", + ServerCaCertPool: readCertPoolByPath(t, "../testdata/tracing/invalid_root_ca.pem"), + }, + want: false, + expErr: tracing.ErrEmptyServerRootCaPool, + }, + { + name: "setup otlp_grpc secure exporter with empty root ca certificate", + config: tracing.Config{ + Enabled: true, + Exporter: tracing.OTLPgRPCExporter, + Service: "service-name", + Endpoint: "test-endpoint.com:4317", + ServerCaCertPool: readCertPoolByPath(t, "../testdata/tracing/invalid_empty_root_ca.pem"), + }, + want: false, + expErr: tracing.ErrEmptyServerRootCaPool, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := tracing.Setup(context.Background(), tt.config) + require.ErrorIs(t, err, tt.expErr) + if got != tt.want { + t.Errorf("Setup config = %v, want %v", got, tt.want) + } + }) + } +} + +func readCertPoolByPath(t *testing.T, path string) *x509.CertPool { + ca, err := os.ReadFile(path) + require.NoError(t, err) + roots := x509.NewCertPool() + _ = roots.AppendCertsFromPEM(ca) + return roots +} From 486af9e0d859cb72c5c35b542b461fb638faf938 Mon Sep 17 00:00:00 2001 From: Vitaliy Potyarkin Date: Fri, 8 Nov 2024 15:06:58 +0300 Subject: [PATCH 2/7] [#11] Add license and README (close #11) Signed-off-by: Vitaliy Potyarkin --- LICENSE | 201 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 22 ++++++ 2 files changed, 223 insertions(+) create mode 100644 LICENSE create mode 100644 README.md diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..8dada3e --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..5783618 --- /dev/null +++ b/README.md @@ -0,0 +1,22 @@ +# Helper Go libraries for working with metrics, traces and logging + +See package documentation +at [pkg.go.dev](https://pkg.go.dev/git.frostfs.info/TrueCloudLab/frostfs-observability) + +## License and copyright + +Copyright 2023-2024 FrostFS contributors + +``` + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +``` From f17779933e8888cc08cfdf6d3260d2744ba0c8c2 Mon Sep 17 00:00:00 2001 From: Dmitrii Stepanov Date: Tue, 12 Nov 2024 11:15:29 +0300 Subject: [PATCH 3/7] [#17] config: Add resource attributes Signed-off-by: Dmitrii Stepanov --- tracing/config.go | 7 ++++++- tracing/setup.go | 3 +++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/tracing/config.go b/tracing/config.go index ca4f2c4..fbfdb52 100644 --- a/tracing/config.go +++ b/tracing/config.go @@ -3,6 +3,7 @@ package tracing import ( "crypto/x509" "fmt" + "maps" ) // Exporter is type of tracing target. @@ -33,6 +34,9 @@ type Config struct { // Version is version of service instance. // Optional. Version string + // Attributes is KV list of attributes. + // Optional. + Attributes map[string]string } func (c *Config) validate() error { @@ -81,5 +85,6 @@ func (c *Config) hasChange(other *Config) bool { func (c *Config) serviceInfoEqual(other *Config) bool { return c.Service == other.Service && c.InstanceID == other.InstanceID && - c.Version == other.Version + c.Version == other.Version && + maps.Equal(c.Attributes, other.Attributes) } diff --git a/tracing/setup.go b/tracing/setup.go index 381722e..6e68044 100644 --- a/tracing/setup.go +++ b/tracing/setup.go @@ -162,6 +162,9 @@ func newResource(cfg *Config) *resource.Resource { if len(cfg.InstanceID) > 0 { attrs = append(attrs, semconv.ServiceInstanceID(cfg.InstanceID)) } + for k, v := range cfg.Attributes { + attrs = append(attrs, attribute.String(k, v)) + } return resource.NewWithAttributes( semconv.SchemaURL, attrs..., From 37bd75821121277cc0b95a42fcb97097a19724eb Mon Sep 17 00:00:00 2001 From: Roman Loginov Date: Wed, 20 Nov 2024 11:35:34 +0300 Subject: [PATCH 4/7] [#15] tracing: Add events for grpc stream calls Signed-off-by: Roman Loginov --- tracing/grpc/client.go | 21 ++++++++++++++++++++- tracing/grpc/interceptors.go | 4 ++-- tracing/grpc/server.go | 25 ++++++++++++++++++++++--- 3 files changed, 44 insertions(+), 6 deletions(-) diff --git a/tracing/grpc/client.go b/tracing/grpc/client.go index ce750be..e653f48 100644 --- a/tracing/grpc/client.go +++ b/tracing/grpc/client.go @@ -2,7 +2,10 @@ package grpc import ( "context" + "fmt" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/trace" "google.golang.org/grpc" "google.golang.org/grpc/metadata" ) @@ -10,14 +13,16 @@ import ( type clientStream struct { originalStream grpc.ClientStream desc *grpc.StreamDesc + span trace.Span finished chan<- error done <-chan struct{} } -func newgRPCClientStream(originalStream grpc.ClientStream, desc *grpc.StreamDesc, finished chan<- error, done <-chan struct{}) grpc.ClientStream { +func newgRPCClientStream(originalStream grpc.ClientStream, desc *grpc.StreamDesc, span trace.Span, finished chan<- error, done <-chan struct{}) grpc.ClientStream { return &clientStream{ originalStream: originalStream, desc: desc, + span: span, finished: finished, done: done, } @@ -39,6 +44,7 @@ func (cs *clientStream) Trailer() metadata.MD { } func (cs *clientStream) CloseSend() error { + cs.span.AddEvent("client.stream.close.send.start") err := cs.originalStream.CloseSend() if err != nil { select { @@ -46,6 +52,7 @@ func (cs *clientStream) CloseSend() error { case cs.finished <- err: } } + cs.span.AddEvent("client.stream.close.send.finish") return err } @@ -54,6 +61,9 @@ func (cs *clientStream) Context() context.Context { } func (cs *clientStream) SendMsg(m any) error { + cs.span.AddEvent("client.stream.send.msg.start", trace.WithAttributes( + attribute.String("message.type", fmt.Sprintf("%T", m))), + ) err := cs.originalStream.SendMsg(m) if err != nil { select { @@ -61,10 +71,16 @@ func (cs *clientStream) SendMsg(m any) error { case cs.finished <- err: } } + cs.span.AddEvent("client.stream.send.msg.finish", trace.WithAttributes( + attribute.String("message.type", fmt.Sprintf("%T", m))), + ) return err } func (cs *clientStream) RecvMsg(m any) error { + cs.span.AddEvent("client.stream.receive.msg.start", trace.WithAttributes( + attribute.String("message.type", fmt.Sprintf("%T", m))), + ) err := cs.originalStream.RecvMsg(m) if err != nil || !cs.desc.ServerStreams { select { @@ -72,5 +88,8 @@ func (cs *clientStream) RecvMsg(m any) error { case cs.finished <- err: } } + cs.span.AddEvent("client.stream.receive.msg.finish", trace.WithAttributes( + attribute.String("message.type", fmt.Sprintf("%T", m))), + ) return err } diff --git a/tracing/grpc/interceptors.go b/tracing/grpc/interceptors.go index a9bef07..21eeaf5 100644 --- a/tracing/grpc/interceptors.go +++ b/tracing/grpc/interceptors.go @@ -50,7 +50,7 @@ func NewStreamClientInterceptor() grpc.StreamClientInterceptor { finished := make(chan error) done := make(chan struct{}) - strWrp := newgRPCClientStream(str, desc, finished, done) + strWrp := newgRPCClientStream(str, desc, span, finished, done) go func() { defer close(done) @@ -107,7 +107,7 @@ func NewStreamServerInterceptor() grpc.StreamServerInterceptor { trace.WithSpanKind(trace.SpanKindServer)) defer span.End() - err := handler(srv, newgRPCServerStream(ctx, ss)) + err := handler(srv, newgRPCServerStream(ctx, ss, span)) setGRPCSpanStatus(span, err) return err diff --git a/tracing/grpc/server.go b/tracing/grpc/server.go index 766fdd8..b50145e 100644 --- a/tracing/grpc/server.go +++ b/tracing/grpc/server.go @@ -2,7 +2,10 @@ package grpc import ( "context" + "fmt" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/trace" "google.golang.org/grpc" "google.golang.org/grpc/metadata" ) @@ -10,12 +13,14 @@ import ( type serverStream struct { originalStream grpc.ServerStream ctx context.Context // nolint:containedctx + span trace.Span } -func newgRPCServerStream(ctx context.Context, originalStream grpc.ServerStream) grpc.ServerStream { +func newgRPCServerStream(ctx context.Context, originalStream grpc.ServerStream, span trace.Span) grpc.ServerStream { return &serverStream{ originalStream: originalStream, ctx: ctx, + span: span, } } @@ -36,9 +41,23 @@ func (ss *serverStream) Context() context.Context { } func (ss *serverStream) SendMsg(m any) error { - return ss.originalStream.SendMsg(m) + ss.span.AddEvent("server.stream.send.msg.start", trace.WithAttributes( + attribute.String("message.type", fmt.Sprintf("%T", m))), + ) + err := ss.originalStream.SendMsg(m) + ss.span.AddEvent("server.stream.send.msg.finish", trace.WithAttributes( + attribute.String("message.type", fmt.Sprintf("%T", m))), + ) + return err } func (ss *serverStream) RecvMsg(m any) error { - return ss.originalStream.RecvMsg(m) + ss.span.AddEvent("server.stream.receive.msg.start", trace.WithAttributes( + attribute.String("message.type", fmt.Sprintf("%T", m))), + ) + err := ss.originalStream.RecvMsg(m) + ss.span.AddEvent("server.stream.receive.msg.finish", trace.WithAttributes( + attribute.String("message.type", fmt.Sprintf("%T", m))), + ) + return err } From ec6f8803379530ee40c9d6c57187f6d77e7b24e3 Mon Sep 17 00:00:00 2001 From: Vitaliy Potyarkin Date: Tue, 10 Dec 2024 18:04:22 +0300 Subject: [PATCH 5/7] [#19] Add CODEOWNERS Signed-off-by: Vitaliy Potyarkin --- CODEOWNERS | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 CODEOWNERS diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..d19c96a --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,3 @@ +.* @TrueCloudLab/storage-core-committers @TrueCloudLab/storage-core-developers +.forgejo/.* @potyarkin +Makefile @potyarkin From d34e1329c824a12838f1fddcc15545b11888414a Mon Sep 17 00:00:00 2001 From: Dmitrii Stepanov Date: Wed, 12 Feb 2025 14:17:18 +0300 Subject: [PATCH 6/7] [#20] metrics: Add grpc msg send metrics Streaming RPC has two main metrics: send message and receive message. But the first one was missed. Signed-off-by: Dmitrii Stepanov --- metrics/grpc/client.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/metrics/grpc/client.go b/metrics/grpc/client.go index bbc7691..fc5a74a 100644 --- a/metrics/grpc/client.go +++ b/metrics/grpc/client.go @@ -15,6 +15,9 @@ var clientMetrics = grpcprom.NewClientMetrics( grpcprom.WithClientStreamRecvHistogram( grpcprom.WithHistogramBuckets(prometheus.DefBuckets), ), + grpcprom.WithClientStreamSendHistogram( + grpcprom.WithHistogramBuckets(prometheus.DefBuckets), + ), ) func init() { @@ -57,6 +60,12 @@ func init() { Help: "Histogram of response latency (seconds) of the gRPC single message receive.", VariableLabels: []string{"grpc_type", "grpc_service", "grpc_method"}, }, + { + Name: "grpc_client_msg_send_handling_seconds", + Type: dto.MetricType_HISTOGRAM.String(), + Help: "Histogram of response latency (seconds) of the gRPC single message send.", + VariableLabels: []string{"grpc_type", "grpc_service", "grpc_method"}, + }, } metrics.MustRegister(clientMetrics, descs...) } From 93b681a20248c4f6847e8928c2213c4a0adce553 Mon Sep 17 00:00:00 2001 From: Dmitrii Stepanov Date: Fri, 21 Mar 2025 09:31:48 +0300 Subject: [PATCH 7/7] [#21] tracing: Fix typo Signed-off-by: Dmitrii Stepanov --- tracing/examples/grpc/main.go | 2 +- tracing/grpc/interceptors.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tracing/examples/grpc/main.go b/tracing/examples/grpc/main.go index cd6be0a..d1e82e3 100644 --- a/tracing/examples/grpc/main.go +++ b/tracing/examples/grpc/main.go @@ -82,7 +82,7 @@ func main() { cc, err := grpc.NewClient(":7000", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithChainUnaryInterceptor( - tracing_grpc.NewUnaryClientInteceptor(), + tracing_grpc.NewUnaryClientInterceptor(), verifyClientTraceID, ), grpc.WithChainStreamInterceptor( diff --git a/tracing/grpc/interceptors.go b/tracing/grpc/interceptors.go index 21eeaf5..cb84162 100644 --- a/tracing/grpc/interceptors.go +++ b/tracing/grpc/interceptors.go @@ -15,8 +15,8 @@ import ( "google.golang.org/grpc/status" ) -// NewUnaryClientInteceptor creates new gRPC unary interceptor to save gRPC client traces. -func NewUnaryClientInteceptor() grpc.UnaryClientInterceptor { +// NewUnaryClientInterceptor creates new gRPC unary interceptor to save gRPC client traces. +func NewUnaryClientInterceptor() grpc.UnaryClientInterceptor { return func(ctx context.Context, method string, req, reply any, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error { ctx, span := startClientSpan(ctx, cc, method) defer span.End()