feat: move to open telemetry (#1047)

.github/workflows/ci.yml

@@ -37,7 +37,7 @@ jobs:
  key: ${{ needs.sdk-generate.outputs.sdk-cache-key }}
  - uses: actions/setup-go@v2
  with:
- go-version: 1.18
+ go-version: 1.19
  - run: go list -json > go.list
  - name: Run nancy
  uses: sonatype-nexus-community/nancy-github-action@v1.0.2
@@ -70,7 +70,7 @@ jobs:
  - uses: ory/ci/checkout@master
  - uses: actions/setup-go@v2
  with:
- go-version: "1.18"
+ go-version: "1.19"
  - uses: actions/cache@v2
  with:
  path: ~/go/bin/oathkeeper

.github/workflows/licenses.yml

@@ -14,7 +14,7 @@ jobs:
  - uses: actions/checkout@v2
  - uses: actions/setup-go@v2
  with:
- go-version: "1.18"
+ go-version: "1.19"
  - uses: actions/setup-node@v2
  with:
  node-version: "18"

cmd/server/server.go

@@ -19,13 +19,15 @@ import (
  "github.com/rs/cors"
  "github.com/spf13/cobra"
  "github.com/urfave/negroni"
+ "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
 
  "github.com/ory/analytics-go/v4"
  "github.com/ory/graceful"
  "github.com/ory/x/corsx"
  "github.com/ory/x/healthx"
  "github.com/ory/x/logrusx"
  "github.com/ory/x/metricsx"
+ "github.com/ory/x/otelx"
  "github.com/ory/x/reqlog"
  "github.com/ory/x/tlsx"
 
@@ -39,10 +41,10 @@ import (
 func runProxy(d driver.Driver, n *negroni.Negroni, logger *logrusx.Logger, prom *metrics.PrometheusRepository) func() {
  return func() {
  proxy := d.Registry().Proxy()
-
- handler := &httputil.ReverseProxy{
+ transport := otelhttp.NewTransport(proxy, otelhttp.WithSpanNameFormatter(func(operation string, r *http.Request) string { return "upstream" }))
+ proxyHandler := &httputil.ReverseProxy{
  Director: proxy.Director,
- Transport: proxy,
+ Transport: transport,
  ErrorHandler: func(w http.ResponseWriter, _ *http.Request, err error) {
  logger.WithError(err).Errorf("http: proxy error: %v", err)
  w.WriteHeader(http.StatusBadGateway)
@@ -57,14 +59,14 @@ func runProxy(d driver.Driver, n *negroni.Negroni, logger *logrusx.Logger, prom
  return d.Configuration().CORS("proxy")
  }))
 
- n.UseHandler(handler)
+ n.UseHandler(proxyHandler)
 
  certs := cert(d.Configuration(), "proxy", logger)
 
  addr := d.Configuration().ProxyServeAddress()
  server := graceful.WithDefaults(&http.Server{
  Addr: addr,
- Handler: n,
+ Handler: otelx.NewHandler(n, "proxy"),
  TLSConfig: &tls.Config{Certificates: certs},
  ReadTimeout: d.Configuration().ProxyReadTimeout(),
  WriteTimeout: d.Configuration().ProxyWriteTimeout(),
@@ -109,7 +111,7 @@ func runAPI(d driver.Driver, n *negroni.Negroni, logger *logrusx.Logger, prom *m
  addr := d.Configuration().APIServeAddress()
  server := graceful.WithDefaults(&http.Server{
  Addr: addr,
- Handler: n,
+ Handler: otelx.TraceHandler(n),
  TLSConfig: &tls.Config{Certificates: certs},
  ReadTimeout: d.Configuration().APIReadTimeout(),
  WriteTimeout: d.Configuration().APIWriteTimeout(),
@@ -235,11 +237,6 @@ func RunServe(version, build, date string) func(cmd *cobra.Command, args []strin
  adminmw.Use(telemetry)
  publicmw.Use(telemetry)
 
- if tracer := d.Registry().Tracer(); tracer.IsLoaded() {
- adminmw.Use(tracer)
- publicmw.Use(tracer)
- }
-
  prometheusRepo := metrics.NewConfigurablePrometheusRepository(d, logger)
  var wg sync.WaitGroup
  tasks := []func(){

driver/configuration/provider.go

@@ -13,7 +13,7 @@ import (
 
  "github.com/ory/fosite"
  "github.com/ory/x/configx"
- "github.com/ory/x/tracing"
+ "github.com/ory/x/otelx"
 )
 
 const (
@@ -74,9 +74,7 @@ type Provider interface {
  JSONWebKeyURLs() []string
 
  TracingServiceName() string
- TracingProvider() string
- TracingJaegerConfig() *tracing.JaegerConfig
- TracingZipkinConfig() *tracing.ZipkinConfig
+ TracingConfig() *otelx.Config
 
  TLSConfig(daemon string) *TLSConfig
 

driver/configuration/provider_koanf.go

@@ -25,8 +25,8 @@ import (
  "github.com/ory/gojsonschema"
  "github.com/ory/x/configx"
  "github.com/ory/x/logrusx"
+ "github.com/ory/x/otelx"
  "github.com/ory/x/stringsx"
- "github.com/ory/x/tracing"
  "github.com/ory/x/urlx"
  "github.com/ory/x/watcherx"
 
@@ -401,34 +401,14 @@ func (v *KoanfProvider) TracingServiceName() string {
  return v.source.StringF("tracing.service_name", "ORY Oathkeeper")
 }
 
-func (v *KoanfProvider) TracingProvider() string {
- return v.source.String("tracing.provider")
+func (v *KoanfProvider) TracingConfig() *otelx.Config {
+ return v.source.TracingConfig(v.TracingServiceName())
 }
 
 func (v *KoanfProvider) PrometheusHideRequestPaths() bool {
  return v.source.BoolF(PrometheusServeHideRequestPaths, false)
 }
 
-func (v *KoanfProvider) TracingJaegerConfig() *tracing.JaegerConfig {
- return &tracing.JaegerConfig{
- LocalAgentAddress: v.source.String(
- "tracing.providers.jaeger.local_agent_address",
- ),
-
- Sampling: &tracing.JaegerSampling{
- Type: v.source.StringF("tracing.providers.jaeger.sampling.type", "const"),
- Value: v.source.Float64F("tracing.providers.jaeger.sampling.value", 1),
- ServerURL: v.source.String("tracing.providers.jaeger.sampling.server_url"),
- },
- Propagation: v.source.String("tracing.providers.jaeger.propagation"),
- }
-}
-func (v *KoanfProvider) TracingZipkinConfig() *tracing.ZipkinConfig {
- return &tracing.ZipkinConfig{
- ServerURL: v.source.String("tracing.providers.zipkin.server_url"),
- }
-}
-
 type TLSConfig struct {
  Key TLSData `mapstructure:"key"`
  Cert TLSData `mapstructure:"cert"`

driver/configuration/provider_koanf_public_test.go

@@ -21,14 +21,13 @@ import (
  _ "github.com/ory/jsonschema/v3/httploader"
 
  "github.com/ory/oathkeeper/driver/configuration"
- . "github.com/ory/oathkeeper/driver/configuration"
  "github.com/ory/oathkeeper/pipeline/authn"
  "github.com/ory/oathkeeper/pipeline/authz"
  "github.com/ory/oathkeeper/pipeline/mutate"
  "github.com/ory/oathkeeper/x"
 )
 
-func setup(t *testing.T) *KoanfProvider {
+func setup(t *testing.T) *configuration.KoanfProvider {
  p, err := configuration.NewKoanfProvider(
  context.Background(),
  nil,
@@ -247,7 +246,7 @@ func TestKoanfProvider(t *testing.T) {
  })
 
  t.Run("authenticator=cookie_session", func(t *testing.T) {
- a := authn.NewAuthenticatorCookieSession(p)
+ a := authn.NewAuthenticatorCookieSession(p, nil)
  assert.True(t, p.AuthenticatorIsEnabled(a.GetID()))
  require.NoError(t, a.Validate(nil))
 

driver/driver_default.go

@@ -26,7 +26,6 @@ func NewDefaultDriver(l *logrusx.Logger, version, build, date string, flags *pfl
  l.WithError(err).Fatal("Failed to initialize configuration")
  }
  r := NewRegistry(c).WithLogger(l).WithBuildInfo(version, build, date)
-
  return &DefaultDriver{r: r, c: c}
 }
 

driver/registry.go

@@ -4,10 +4,11 @@
 package driver
 
 import (
+ "go.opentelemetry.io/otel/trace"
+
  "github.com/ory/x/logrusx"
 
  "github.com/ory/x/healthx"
- "github.com/ory/x/tracing"
 
  "github.com/ory/oathkeeper/driver/health"
  "github.com/ory/oathkeeper/pipeline/errors"
@@ -41,7 +42,7 @@ type Registry interface {
  CredentialHandler() *api.CredentialsHandler
 
  Proxy() *proxy.Proxy
- Tracer() *tracing.Tracer
+ Tracer() trace.Tracer
 
  authn.Registry
  authz.Registry

driver/registry_memory.go

@@ -7,14 +7,16 @@ import (
  "context"
  "sync"
 
+ "go.opentelemetry.io/otel/trace"
+
  "github.com/ory/oathkeeper/driver/health"
  "github.com/ory/oathkeeper/pipeline"
  pe "github.com/ory/oathkeeper/pipeline/errors"
  "github.com/ory/oathkeeper/proxy"
  "github.com/ory/oathkeeper/x"
 
  "github.com/ory/x/logrusx"
- "github.com/ory/x/tracing"
+ "github.com/ory/x/otelx"
 
  "github.com/pkg/errors"
 
@@ -26,7 +28,6 @@ import (
  "github.com/ory/oathkeeper/driver/configuration"
  "github.com/ory/oathkeeper/pipeline/authn"
  "github.com/ory/oathkeeper/pipeline/authz"
- ep "github.com/ory/oathkeeper/pipeline/errors"
  "github.com/ory/oathkeeper/pipeline/mutate"
  "github.com/ory/oathkeeper/rule"
  rulereadiness "github.com/ory/oathkeeper/rule/readiness"
@@ -43,7 +44,7 @@ type RegistryMemory struct {
  logger *logrusx.Logger
  writer herodot.Writer
  c configuration.Provider
- trc *tracing.Tracer
+ trc *otelx.Tracer
 
  ch *api.CredentialsHandler
 
@@ -63,7 +64,7 @@ type RegistryMemory struct {
  authenticators map[string]authn.Authenticator
  authorizers map[string]authz.Authorizer
  mutators map[string]mutate.Mutator
- errors map[string]ep.Handler
+ errors map[string]pe.Handler
 
  healthEventManager *health.DefaultHealthEventManager
 
@@ -78,6 +79,7 @@ func (r *RegistryMemory) Init() {
  }()
  r.HealthEventManager().Watch(context.Background())
  _ = r.RuleRepository()
+ _ = r.Tracer() // make sure tracer is initialized
 }
 
 func (r *RegistryMemory) RuleFetcher() rule.Fetcher {
@@ -262,13 +264,13 @@ func (r *RegistryMemory) prepareErrors() {
  defer r.Unlock()
 
  if r.errors == nil {
- interim := []ep.Handler{
- ep.NewErrorJSON(r.c, r),
- ep.NewErrorRedirect(r.c, r),
- ep.NewErrorWWWAuthenticate(r.c, r),
+ interim := []pe.Handler{
+ pe.NewErrorJSON(r.c, r),
+ pe.NewErrorRedirect(r.c, r),
+ pe.NewErrorWWWAuthenticate(r.c, r),
  }
 
- r.errors = map[string]ep.Handler{}
+ r.errors = map[string]pe.Handler{}
  for _, a := range interim {
  r.errors[a.GetID()] = a
  }
@@ -365,11 +367,12 @@ func (r *RegistryMemory) WithBrokenPipelineMutator() *RegistryMemory {
 func (r *RegistryMemory) prepareAuthn() {
  r.Lock()
  defer r.Unlock()
+ _ = r.Tracer() // make sure tracer is initialized
  if r.authenticators == nil {
  interim := []authn.Authenticator{
  authn.NewAuthenticatorAnonymous(r.c),
- authn.NewAuthenticatorCookieSession(r.c),
- authn.NewAuthenticatorBearerToken(r.c),
+ authn.NewAuthenticatorCookieSession(r.c, r.trc.Provider()),
+ authn.NewAuthenticatorBearerToken(r.c, r.trc.Provider()),
  authn.NewAuthenticatorJWT(r.c, r),
  authn.NewAuthenticatorNoOp(r.c),
  authn.NewAuthenticatorOAuth2ClientCredentials(r.c, r.Logger()),
@@ -422,22 +425,13 @@ func (r *RegistryMemory) prepareMutators() {
  }
 }
 
-func (r *RegistryMemory) Tracer() *tracing.Tracer {
+func (r *RegistryMemory) Tracer() trace.Tracer {
  if r.trc == nil {
  var err error
- r.trc, err = tracing.New(r.Logger(),
- &tracing.Config{
- ServiceName: r.c.TracingServiceName(),
- Provider: r.c.TracingProvider(),
- Providers: &tracing.ProvidersConfig{
- Jaeger: r.c.TracingJaegerConfig(),
- Zipkin: r.c.TracingZipkinConfig(),
- },
- })
+ r.trc, err = otelx.New(r.c.TracingServiceName(), r.Logger(), r.c.TracingConfig())
  if err != nil {
  r.Logger().WithError(err).Fatalf("Unable to initialize Tracer.")
  }
  }
-
- return r.trc
+ return r.trc.Tracer()
 }