feat: tracing for authz remote (#1056)

ory · Feb 8, 2023 · 7e7d45e · 7e7d45e
1 parent f40b3f1
commit 7e7d45e
Show file tree

Hide file tree

Showing 7 changed files with 35 additions and 13 deletions.
diff --git a/driver/configuration/provider_koanf_public_test.go b/driver/configuration/provider_koanf_public_test.go
@@ -25,6 +25,7 @@ import (
 	"github.com/ory/oathkeeper/pipeline/authz"
 	"github.com/ory/oathkeeper/pipeline/mutate"
 	"github.com/ory/oathkeeper/x"
+	"github.com/ory/x/otelx"
 )
 
 func setup(t *testing.T) *configuration.KoanfProvider {
@@ -333,7 +334,8 @@ func TestKoanfProvider(t *testing.T) {
 		})
 
 		t.Run("authorizer=remote_json", func(t *testing.T) {
-			a := authz.NewAuthorizerRemoteJSON(p)
+			l := logrusx.New("", "")
+			a := authz.NewAuthorizerRemoteJSON(p, otelx.NewNoop(l, p.TracingConfig()))
 			assert.True(t, p.AuthorizerIsEnabled(a.GetID()))
 			require.NoError(t, a.Validate(nil))
 

diff --git a/driver/registry_memory.go b/driver/registry_memory.go
@@ -383,8 +383,8 @@ func (r *RegistryMemory) prepareAuthz() {
 			authz.NewAuthorizerAllow(r.c),
 			authz.NewAuthorizerDeny(r.c),
 			authz.NewAuthorizerKetoEngineACPORY(r.c),
-			authz.NewAuthorizerRemote(r.c),
-			authz.NewAuthorizerRemoteJSON(r.c),
+			authz.NewAuthorizerRemote(r.c, r),
+			authz.NewAuthorizerRemoteJSON(r.c, r),
 		}
 
 		r.authorizers = map[string]authz.Authorizer{}

diff --git a/driver/registry_memory_test.go b/driver/registry_memory_test.go
@@ -4,13 +4,20 @@
 package driver
 
 import (
+	"context"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/ory/oathkeeper/driver/configuration"
+	"github.com/ory/x/logrusx"
 )
 
 func TestRegistryMemoryAvailablePipelineAuthorizers(t *testing.T) {
-	r := NewRegistryMemory()
+	c, err := configuration.NewKoanfProvider(context.Background(), nil, logrusx.New("", ""))
+	require.NoError(t, err)
+	r := NewRegistry(c)
 	got := r.AvailablePipelineAuthorizers()
 	assert.ElementsMatch(t, got, []string{"allow", "deny", "keto_engine_acp_ory", "remote", "remote_json"})
 }
@@ -29,7 +36,9 @@ func TestRegistryMemoryPipelineAuthorizer(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.id, func(t *testing.T) {
-			r := NewRegistryMemory()
+			c, err := configuration.NewKoanfProvider(context.Background(), nil, logrusx.New("", ""))
+			require.NoError(t, err)
+			r := NewRegistry(c)
 			a, err := r.PipelineAuthorizer(tt.id)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("PipelineAuthorizer() error = %v, wantErr %v", err, tt.wantErr)

diff --git a/pipeline/authz/remote.go b/pipeline/authz/remote.go
@@ -16,6 +16,8 @@ import (
 
 	"github.com/ory/x/httpx"
 
+	"go.opentelemetry.io/otel/trace"
+
 	"github.com/ory/oathkeeper/driver/configuration"
 	"github.com/ory/oathkeeper/helper"
 	"github.com/ory/oathkeeper/pipeline"
@@ -45,7 +47,7 @@ type AuthorizerRemote struct {
 }
 
 // NewAuthorizerRemote creates a new AuthorizerRemote.
-func NewAuthorizerRemote(c configuration.Provider) *AuthorizerRemote {
+func NewAuthorizerRemote(c configuration.Provider, d interface{ Tracer() trace.Tracer }) *AuthorizerRemote {
 	return &AuthorizerRemote{
 		c:      c,
 		client: httpx.NewResilientClient().StandardClient(),
@@ -108,6 +110,7 @@ func (a *AuthorizerRemote) Authorize(r *http.Request, session *authn.Authenticat
 	}
 
 	res, err := a.client.Do(req.WithContext(r.Context()))
+
 	if err != nil {
 		return errors.WithStack(err)
 	}

diff --git a/pipeline/authz/remote_json.go b/pipeline/authz/remote_json.go
@@ -16,6 +16,8 @@ import (
 
 	"github.com/ory/x/httpx"
 
+	"go.opentelemetry.io/otel/trace"
+
 	"github.com/ory/oathkeeper/driver/configuration"
 	"github.com/ory/oathkeeper/helper"
 	"github.com/ory/oathkeeper/pipeline"
@@ -50,10 +52,10 @@ type AuthorizerRemoteJSON struct {
 }
 
 // NewAuthorizerRemoteJSON creates a new AuthorizerRemoteJSON.
-func NewAuthorizerRemoteJSON(c configuration.Provider) *AuthorizerRemoteJSON {
+func NewAuthorizerRemoteJSON(c configuration.Provider, d interface{ Tracer() trace.Tracer }) *AuthorizerRemoteJSON {
 	return &AuthorizerRemoteJSON{
 		c:      c,
-		client: httpx.NewResilientClient().StandardClient(),
+		client: httpx.NewResilientClient(httpx.ResilientClientWithTracer(d.Tracer())).StandardClient(),
 		t:      x.NewTemplate("remote_json"),
 	}
 }
@@ -101,6 +103,7 @@ func (a *AuthorizerRemoteJSON) Authorize(r *http.Request, session *authn.Authent
 	}
 
 	res, err := a.client.Do(req.WithContext(r.Context()))
+
 	if err != nil {
 		return errors.WithStack(err)
 	}

diff --git a/pipeline/authz/remote_json_test.go b/pipeline/authz/remote_json_test.go
@@ -23,6 +23,7 @@ import (
 	"github.com/ory/oathkeeper/pipeline/authn"
 	. "github.com/ory/oathkeeper/pipeline/authz"
 	"github.com/ory/oathkeeper/rule"
+	"github.com/ory/x/otelx"
 )
 
 func TestAuthorizerRemoteJSONAuthorize(t *testing.T) {
@@ -176,7 +177,7 @@ func TestAuthorizerRemoteJSONAuthorize(t *testing.T) {
 			if err != nil {
 				l.WithError(err).Fatal("Failed to initialize configuration")
 			}
-			a := NewAuthorizerRemoteJSON(p)
+			a := NewAuthorizerRemoteJSON(p, otelx.NewNoop(l, p.TracingConfig()))
 			ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
 			defer cancel()
 			r, err := http.NewRequestWithContext(ctx, "", "", nil)
@@ -260,7 +261,8 @@ func TestAuthorizerRemoteJSONValidate(t *testing.T) {
 				configx.SkipValidation(),
 			)
 			require.NoError(t, err)
-			a := NewAuthorizerRemoteJSON(p)
+			l := logrusx.New("", "")
+			a := NewAuthorizerRemoteJSON(p, otelx.NewNoop(l, p.TracingConfig()))
 			p.SetForTest(t, configuration.AuthorizerRemoteJSONIsEnabled, tt.enabled)
 			if err := a.Validate(tt.config); (err != nil) != tt.wantErr {
 				t.Errorf("Validate() error = %v, wantErr %v", err, tt.wantErr)
@@ -312,7 +314,8 @@ func TestAuthorizerRemoteJSONConfig(t *testing.T) {
 				context.Background(), nil, logrusx.New("", ""),
 			)
 			require.NoError(t, err)
-			a := NewAuthorizerRemoteJSON(p)
+			l := logrusx.New("", "")
+			a := NewAuthorizerRemoteJSON(p, otelx.NewNoop(l, p.TracingConfig()))
 			actual, err := a.Config(tt.raw)
 			assert.NoError(t, err)
 			assert.Equal(t, tt.expected, actual)

diff --git a/pipeline/authz/remote_test.go b/pipeline/authz/remote_test.go
@@ -23,6 +23,7 @@ import (
 	"github.com/ory/oathkeeper/pipeline/authn"
 	. "github.com/ory/oathkeeper/pipeline/authz"
 	"github.com/ory/oathkeeper/rule"
+	"github.com/ory/x/otelx"
 )
 
 func TestAuthorizerRemoteAuthorize(t *testing.T) {
@@ -177,7 +178,7 @@ func TestAuthorizerRemoteAuthorize(t *testing.T) {
 			if err != nil {
 				l.WithError(err).Fatal("Failed to initialize configuration")
 			}
-			a := NewAuthorizerRemote(p)
+			a := NewAuthorizerRemote(p, otelx.NewNoop(l, p.TracingConfig()))
 			r := &http.Request{
 				Header: map[string][]string{
 					"Content-Type": {"text/plain"},
@@ -255,7 +256,8 @@ func TestAuthorizerRemoteValidate(t *testing.T) {
 				context.Background(), nil, logrusx.New("", ""),
 				configx.SkipValidation())
 			require.NoError(t, err)
-			a := NewAuthorizerRemote(p)
+			l := logrusx.New("", "")
+			a := NewAuthorizerRemote(p, otelx.NewNoop(l, p.TracingConfig()))
 			p.SetForTest(t, configuration.AuthorizerRemoteIsEnabled, tt.enabled)
 			if err := a.Validate(tt.config); (err != nil) != tt.wantErr {
 				t.Errorf("Validate() error = %v, wantErr %v", err, tt.wantErr)