trace proxie middlewares (#6313)

* trace proxie middlewares

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

* Update ocis-pkg/service/grpc/client.go

Co-authored-by: Christian Richter <1058116+dragonchaser@users.noreply.github.com>

* default tls is off

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

---------

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Co-authored-by: Christian Richter <1058116+dragonchaser@users.noreply.github.com>

changelog/unreleased/trace-proxy-middlewares.md

@@ -0,0 +1,5 @@
+Bugfix: trace proxy middlewares
+
+We moved trace initialization to an early middleware to also trace requests made by other proxy middlewares.
+
+https://github.com/owncloud/ocis/pull/6313

go.mod

@@ -37,7 +37,7 @@ require (
 	github.com/go-micro/plugins/v4/server/http v1.2.1
 	github.com/go-micro/plugins/v4/wrapper/breaker/gobreaker v1.2.0
 	github.com/go-micro/plugins/v4/wrapper/monitoring/prometheus v1.2.0
-	github.com/go-micro/plugins/v4/wrapper/trace/opencensus v1.1.0
+	github.com/go-micro/plugins/v4/wrapper/trace/opentelemetry v1.2.0
 	github.com/go-ozzo/ozzo-validation/v4 v4.3.0
 	github.com/gofrs/uuid v4.4.0+incompatible
 	github.com/golang-jwt/jwt/v4 v4.5.0
@@ -80,12 +80,12 @@ require (
 	github.com/xhit/go-simple-mail/v2 v2.13.0
 	go-micro.dev/v4 v4.9.0
 	go.etcd.io/bbolt v1.3.7
-	go.opencensus.io v0.24.0
-	go.opentelemetry.io/otel v1.14.0
-	go.opentelemetry.io/otel/exporters/jaeger v1.14.0
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0
-	go.opentelemetry.io/otel/sdk v1.14.0
-	go.opentelemetry.io/otel/trace v1.14.0
+	go.opentelemetry.io/contrib/zpages v0.41.1
+	go.opentelemetry.io/otel v1.15.1
+	go.opentelemetry.io/otel/exporters/jaeger v1.15.1
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.15.1
+	go.opentelemetry.io/otel/sdk v1.15.1
+	go.opentelemetry.io/otel/trace v1.15.1
 	golang.org/x/crypto v0.9.0
 	golang.org/x/exp v0.0.0-20221026004748-78e5e7837ae6
 	golang.org/x/image v0.6.0
@@ -146,7 +146,7 @@ require (
 	github.com/bmizerany/pat v0.0.0-20210406213842-e4b6760bdd6f // indirect
 	github.com/bombsimon/logrusr/v3 v3.1.0 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
-	github.com/cenkalti/backoff/v4 v4.2.0 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/ceph/go-ceph v0.18.0 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/cevaris/ordered_map v0.0.0-20190319150403-3adeae072e73 // indirect
@@ -306,9 +306,10 @@ require (
 	go.etcd.io/etcd/api/v3 v3.5.7 // indirect
 	go.etcd.io/etcd/client/pkg/v3 v3.5.7 // indirect
 	go.etcd.io/etcd/client/v3 v3.5.7 // indirect
+	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.36.4 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.14.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.15.1 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.15.1 // indirect
 	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
 	go.uber.org/multierr v1.8.0 // indirect

go.sum

@@ -568,8 +568,8 @@ github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEe
 github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/cenkalti/backoff/v4 v4.1.0/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
-github.com/cenkalti/backoff/v4 v4.2.0 h1:HN5dHm3WBOgndBH6E8V0q2jIYIR3s9yglV8k/+MN3u4=
-github.com/cenkalti/backoff/v4 v4.2.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
+github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -803,8 +803,8 @@ github.com/go-micro/plugins/v4/wrapper/breaker/gobreaker v1.2.0 h1:EQj4l7fuOSz8u
 github.com/go-micro/plugins/v4/wrapper/breaker/gobreaker v1.2.0/go.mod h1:JR9Ox/iJIrcXm8nCWdAEBsyG7Q7lyMLzsTZPfXrqvwo=
 github.com/go-micro/plugins/v4/wrapper/monitoring/prometheus v1.2.0 h1:UWBUYtMXCxQ9bIGOYcbLOjtPv8ovvCRjWWM6tHhB4S8=
 github.com/go-micro/plugins/v4/wrapper/monitoring/prometheus v1.2.0/go.mod h1:8BYxs/wEE4ZJayHZQffw4A8s9rcPumyoNms0hYoNocM=
-github.com/go-micro/plugins/v4/wrapper/trace/opencensus v1.1.0 h1:ITm1vEP8BPEccWFAu6/tMFHrxHfwYzE4GdkCy6PlF6A=
-github.com/go-micro/plugins/v4/wrapper/trace/opencensus v1.1.0/go.mod h1:4izlDcwSo9tu8v2TcaBgpO3EmNqUkB4oMFSwxvSt438=
+github.com/go-micro/plugins/v4/wrapper/trace/opentelemetry v1.2.0 h1:e2hgtWMNqJ3DmbMt9ZxzmH/BkVAw9Xg23l6CHrXQfKw=
+github.com/go-micro/plugins/v4/wrapper/trace/opentelemetry v1.2.0/go.mod h1:BBqL7ckGNb7rFfk3vU2Yj/CILVsz/WF19CkAyveQl8A=
 github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY=
 github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
@@ -1675,20 +1675,22 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.36.4 h1:PRXhsszxTt5bbPriTjmaweWUsAnJYeWBhUMLRetUgBU=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.36.4/go.mod h1:05eWWy6ZWzmpeImD3UowLTB3VjDMU1yxQ+ENuVWDM3c=
-go.opentelemetry.io/otel v1.14.0 h1:/79Huy8wbf5DnIPhemGB+zEPVwnN6fuQybr/SRXa6hM=
-go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU=
-go.opentelemetry.io/otel/exporters/jaeger v1.14.0 h1:CjbUNd4iN2hHmWekmOqZ+zSCU+dzZppG8XsV+A3oc8Q=
-go.opentelemetry.io/otel/exporters/jaeger v1.14.0/go.mod h1:4Ay9kk5vELRrbg5z4cpP9EtmQRFap2Wb0woPG4lujZA=
-go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.14.0 h1:/fXHZHGvro6MVqV34fJzDhi7sHGpX3Ej/Qjmfn003ho=
-go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.14.0/go.mod h1:UFG7EBMRdXyFstOwH028U0sVf+AvukSGhF0g8+dmNG8=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0 h1:TKf2uAs2ueguzLaxOCBXNpHxfO/aC7PAdDsSH0IbeRQ=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0/go.mod h1:HrbCVv40OOLTABmOn1ZWty6CHXkU8DK/Urc43tHug70=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0 h1:ap+y8RXX3Mu9apKVtOkM6WSFESLM8K3wNQyOU8sWHcc=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0/go.mod h1:5w41DY6S9gZrbjuq6Y+753e96WfPha5IcsOSZTtullM=
-go.opentelemetry.io/otel/sdk v1.14.0 h1:PDCppFRDq8A1jL9v6KMI6dYesaq+DFcDZvjsoGvxGzY=
-go.opentelemetry.io/otel/sdk v1.14.0/go.mod h1:bwIC5TjrNG6QDCHNWvW4HLHtUQ4I+VQDsnjhvyZCALM=
-go.opentelemetry.io/otel/trace v1.14.0 h1:wp2Mmvj41tDsyAJXiWDWpfNsOiIyd38fy85pyKcFq/M=
-go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8=
+go.opentelemetry.io/contrib/zpages v0.41.1 h1:FReY8OWFNtYm4mWleTRxTUyD3r02uGcwS6ZeElahs00=
+go.opentelemetry.io/contrib/zpages v0.41.1/go.mod h1:C3iy146ccMyv1+gEaxVDDHuoT7yXAKKmbg+twudDpeg=
+go.opentelemetry.io/otel v1.15.1 h1:3Iwq3lfRByPaws0f6bU3naAqOR1n5IeDWd9390kWHa8=
+go.opentelemetry.io/otel v1.15.1/go.mod h1:mHHGEHVDLal6YrKMmk9LqC4a3sF5g+fHfrttQIB1NTc=
+go.opentelemetry.io/otel/exporters/jaeger v1.15.1 h1:x3SLvwli0OyAJapNcOIzf1xXBRBA+HD3elrMQmFfmXo=
+go.opentelemetry.io/otel/exporters/jaeger v1.15.1/go.mod h1:0Ck9b5oLL/bFZvfAEEqtrb1U0jZXjm5fWXMCOCG3vvM=
+go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.15.1 h1:XYDQtNzdb2T4uM1pku2m76eSMDJgqhJ+6KzkqgQBALc=
+go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.15.1/go.mod h1:uOTV75+LOzV+ODmL8ahRLWkFA3eQcSC2aAsbxIu4duk=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.15.1 h1:tyoeaUh8REKay72DVYsSEBYV18+fGONe+YYPaOxgLoE=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.15.1/go.mod h1:HUSnrjQQ19KX9ECjpQxufsF+3ioD3zISPMlauTPZu2g=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.15.1 h1:pIfoG5IAZFzp9EUlJzdSkpUwpaUAAnD+Ru1nBLTACIQ=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.15.1/go.mod h1:poNKBqF5+nR/6ke2oGTDjHfksrsHDOHXAl2g4+9ONsY=
+go.opentelemetry.io/otel/sdk v1.15.1 h1:5FKR+skgpzvhPQHIEfcwMYjCBr14LWzs3uSqKiQzETI=
+go.opentelemetry.io/otel/sdk v1.15.1/go.mod h1:8rVtxQfrbmbHKfqzpQkT5EzZMcbMBwTzNAggbEAM0KA=
+go.opentelemetry.io/otel/trace v1.15.1 h1:uXLo6iHJEzDfrNC0L0mNjItIp06SyaBQxu5t3xMlngY=
+go.opentelemetry.io/otel/trace v1.15.1/go.mod h1:IWdQG/5N1x7f6YUlmdLeJvH9yxtuJAfc4VW5Agv9r/8=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw=
 go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=

ocis-pkg/service/debug/service.go

@@ -10,7 +10,7 @@ import (
 	"github.com/owncloud/ocis/v2/ocis-pkg/middleware"
 	graphMiddleware "github.com/owncloud/ocis/v2/services/graph/pkg/middleware"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
-	"go.opencensus.io/zpages"
+	"go.opentelemetry.io/contrib/zpages"
 )
 
 // NewService initializes a new debug service.
@@ -42,7 +42,8 @@ func NewService(opts ...Option) *http.Server {
 	}
 
 	if dopts.Zpages {
-		zpages.Handle(mux, "/debug")
+		h := zpages.NewTracezHandler(zpages.NewSpanProcessor())
+		mux.Handle("/debug", h)
 	}
 
 	return &http.Server{

ocis-pkg/service/grpc/client.go

@@ -9,9 +9,11 @@ import (
 
 	mgrpcc "github.com/go-micro/plugins/v4/client/grpc"
 	mbreaker "github.com/go-micro/plugins/v4/wrapper/breaker/gobreaker"
+	mtracer "github.com/go-micro/plugins/v4/wrapper/trace/opentelemetry"
 	"github.com/owncloud/ocis/v2/ocis-pkg/registry"
 	"github.com/owncloud/ocis/v2/ocis-pkg/shared"
 	"go-micro.dev/v4/client"
+	"go.opentelemetry.io/otel/trace"
 )
 
 var (
@@ -23,6 +25,7 @@ var (
 type ClientOptions struct {
 	tlsMode string
 	caCert  string
+	tp      trace.TracerProvider
 }
 
 // Option is used to pass client options
@@ -42,20 +45,29 @@ func WithTLSCACert(v string) ClientOption {
 	}
 }
 
+// WithTraceProvider allows to set the trace Provider for grpc clients
+func WithTraceProvider(tp trace.TracerProvider) ClientOption {
+	return func(o *ClientOptions) {
+		o.tp = tp
+	}
+}
+
 // Configure configures the default oOCIS grpc client (e.g. TLS settings)
 func Configure(opts ...ClientOption) error {
 	var options ClientOptions
 	for _, opt := range opts {
 		opt(&options)
 	}
-
 	var outerr error
 	once.Do(func() {
 		reg := registry.GetRegistry()
 		var tlsConfig *tls.Config
 		cOpts := []client.Option{
 			client.Registry(reg),
 			client.Wrap(mbreaker.NewClientWrapper()),
+			client.Wrap(mtracer.NewClientWrapper(
+				mtracer.WithTraceProvider(options.tp),
+			)),
 		}
 		switch options.tlsMode {
 		case "insecure":
@@ -74,12 +86,14 @@ func Configure(opts ...ClientOption) error {
 					return
 				}
 				if !certs.AppendCertsFromPEM(pemData) {
-					outerr = errors.New("Error initializing LDAP Backend. Adding CA cert failed")
+					outerr = errors.New("could not initialize default client, adding CA cert failed")
 					return
 				}
 				tlsConfig.RootCAs = certs
 			}
 			cOpts = append(cOpts, mgrpcc.AuthTLS(tlsConfig))
+			//case "off":
+			//default:
 		}
 
 		defaultClient = mgrpcc.NewClient(cOpts...)
@@ -99,3 +113,46 @@ func GetClientOptions(t *shared.GRPCClientTLS) []ClientOption {
 	}
 	return opts
 }
+
+func NewClient(opts ...ClientOption) (client.Client, error) {
+	var options ClientOptions
+	for _, opt := range opts {
+		opt(&options)
+	}
+
+	reg := registry.GetRegistry()
+	var tlsConfig *tls.Config
+	cOpts := []client.Option{
+		client.Registry(reg),
+		client.Wrap(mbreaker.NewClientWrapper()),
+		client.Wrap(mtracer.NewClientWrapper(
+			mtracer.WithTraceProvider(options.tp),
+		)),
+	}
+	switch options.tlsMode {
+	case "insecure":
+		tlsConfig = &tls.Config{
+			InsecureSkipVerify: true,
+		}
+		cOpts = append(cOpts, mgrpcc.AuthTLS(tlsConfig))
+	case "on":
+		tlsConfig = &tls.Config{}
+		// Note: If caCert is empty we use the system's default set of trusted CAs
+		if options.caCert != "" {
+			certs := x509.NewCertPool()
+			pemData, err := os.ReadFile(options.caCert)
+			if err != nil {
+				return nil, err
+			}
+			if !certs.AppendCertsFromPEM(pemData) {
+				return nil, errors.New("could not initialize client, adding CA cert failed")
+			}
+			tlsConfig.RootCAs = certs
+		}
+		cOpts = append(cOpts, mgrpcc.AuthTLS(tlsConfig))
+		//case "off":
+		//default:
+	}
+
+	return mgrpcc.NewClient(cOpts...), nil
+}

ocis-pkg/service/grpc/service.go

@@ -8,7 +8,7 @@ import (
 
 	mgrpcs "github.com/go-micro/plugins/v4/server/grpc"
 	"github.com/go-micro/plugins/v4/wrapper/monitoring/prometheus"
-	"github.com/go-micro/plugins/v4/wrapper/trace/opencensus"
+	mtracer "github.com/go-micro/plugins/v4/wrapper/trace/opentelemetry"
 	ociscrypto "github.com/owncloud/ocis/v2/ocis-pkg/crypto"
 	"github.com/owncloud/ocis/v2/ocis-pkg/registry"
 	"go-micro.dev/v4"
@@ -62,9 +62,9 @@ func NewService(opts ...Option) (Service, error) {
 		micro.RegisterTTL(time.Second * 30),
 		micro.RegisterInterval(time.Second * 10),
 		micro.WrapHandler(prometheus.NewHandlerWrapper()),
-		micro.WrapClient(opencensus.NewClientWrapper()),
-		micro.WrapHandler(opencensus.NewHandlerWrapper()),
-		micro.WrapSubscriber(opencensus.NewSubscriberWrapper()),
+		micro.WrapClient(mtracer.NewClientWrapper()),
+		micro.WrapHandler(mtracer.NewHandlerWrapper()),
+		micro.WrapSubscriber(mtracer.NewSubscriberWrapper()),
 	}
 
 	return Service{micro.NewService(mopts...)}, nil

services/graph/pkg/server/http/server.go

@@ -18,14 +18,14 @@ import (
 	"github.com/owncloud/ocis/v2/ocis-pkg/keycloak"
 	"github.com/owncloud/ocis/v2/ocis-pkg/middleware"
 	"github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
-	ogrpc "github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
 	"github.com/owncloud/ocis/v2/ocis-pkg/service/http"
 	"github.com/owncloud/ocis/v2/ocis-pkg/version"
 	ehsvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/eventhistory/v0"
 	searchsvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/search/v0"
 	settingssvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/settings/v0"
 	graphMiddleware "github.com/owncloud/ocis/v2/services/graph/pkg/middleware"
 	svc "github.com/owncloud/ocis/v2/services/graph/pkg/service/v0"
+	"github.com/owncloud/ocis/v2/services/graph/pkg/tracing"
 	"github.com/pkg/errors"
 	"go-micro.dev/v4"
 	"go-micro.dev/v4/events"
@@ -115,13 +115,17 @@ func Server(opts ...Option) (http.Service, error) {
 	var requireAdminMiddleware func(stdhttp.Handler) stdhttp.Handler
 	var roleService svc.RoleService
 	var gatewayClient gateway.GatewayAPIClient
+	grpcClient, err := grpc.NewClient(append(grpc.GetClientOptions(options.Config.GRPCClientTLS), grpc.WithTraceProvider(tracing.TraceProvider))...)
+	if err != nil {
+		return http.Service{}, err
+	}
 	if options.Config.HTTP.APIToken == "" {
 		middlewares = append(middlewares,
 			graphMiddleware.Auth(
 				account.Logger(options.Logger),
 				account.JWTSecret(options.Config.TokenManager.JWTSecret),
 			))
-		roleService = settingssvc.NewRoleService("com.owncloud.api.settings", grpc.DefaultClient())
+		roleService = settingssvc.NewRoleService("com.owncloud.api.settings", grpcClient)
 		gatewayClient, err = pool.GetGatewayServiceClient(options.Config.Reva.Address, options.Config.Reva.GetRevaOptions()...)
 		if err != nil {
 			return http.Service{}, errors.Wrap(err, "could not initialize gateway client")
@@ -145,7 +149,7 @@ func Server(opts ...Option) (http.Service, error) {
 		keyCloakClient = keycloak.New(kcc.BasePath, kcc.ClientID, kcc.ClientSecret, kcc.ClientRealm, kcc.InsecureSkipVerify)
 	}
 
-	hClient := ehsvc.NewEventHistoryService("com.owncloud.api.eventhistory", ogrpc.DefaultClient())
+	hClient := ehsvc.NewEventHistoryService("com.owncloud.api.eventhistory", grpcClient)
 
 	var handle svc.Service
 	handle, err = svc.NewService(
@@ -156,7 +160,7 @@ func Server(opts ...Option) (http.Service, error) {
 		svc.WithRoleService(roleService),
 		svc.WithRequireAdminMiddleware(requireAdminMiddleware),
 		svc.WithGatewayClient(gatewayClient),
-		svc.WithSearchService(searchsvc.NewSearchProviderService("com.owncloud.api.search", grpc.DefaultClient())),
+		svc.WithSearchService(searchsvc.NewSearchProviderService("com.owncloud.api.search", grpcClient)),
 		svc.KeycloakClient(keyCloakClient),
 		svc.EventHistoryClient(hClient),
 	)

services/graph/pkg/service/v0/drives.go

@@ -31,6 +31,7 @@ import (
 	v0 "github.com/owncloud/ocis/v2/protogen/gen/ocis/messages/settings/v0"
 	settingssvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/settings/v0"
 	"github.com/owncloud/ocis/v2/services/graph/pkg/service/v0/errorcode"
+	gtracing "github.com/owncloud/ocis/v2/services/graph/pkg/tracing"
 	settingsServiceExt "github.com/owncloud/ocis/v2/services/settings/pkg/store/defaults"
 	"github.com/pkg/errors"
 	merrors "go-micro.dev/v4/errors"
@@ -582,13 +583,17 @@ func (g Graph) formatDrives(ctx context.Context, baseURL *url.URL, storageSpaces
 func (g Graph) ListStorageSpacesWithFilters(ctx context.Context, filters []*storageprovider.ListStorageSpacesRequest_Filter, unrestricted bool) (*storageprovider.ListStorageSpacesResponse, error) {
 	client := g.GetGatewayClient()
 
-	permissions := make(map[string]struct{}, 1)
-	s := settingssvc.NewPermissionService("com.owncloud.api.settings", grpc.DefaultClient())
+	grpcClient, err := grpc.NewClient(append(grpc.GetClientOptions(g.config.GRPCClientTLS), grpc.WithTraceProvider(gtracing.TraceProvider))...)
+	if err != nil {
+		return nil, err
+	}
+	s := settingssvc.NewPermissionService("com.owncloud.api.settings", grpcClient)
 
-	_, err := s.GetPermissionByID(ctx, &settingssvc.GetPermissionByIDRequest{
+	_, err = s.GetPermissionByID(ctx, &settingssvc.GetPermissionByIDRequest{
 		PermissionId: settingsServiceExt.ListAllSpacesPermissionID,
 	})
 
+	permissions := make(map[string]struct{}, 1)
 	// No error means the user has the permission
 	if err == nil {
 		permissions[settingsServiceExt.ListAllSpacesPermissionName] = struct{}{}

services/graph/pkg/service/v0/password_test.go

@@ -18,6 +18,7 @@ import (
 	. "github.com/onsi/gomega"
 	libregraph "github.com/owncloud/libre-graph-api-go"
 	"github.com/owncloud/ocis/v2/ocis-pkg/log"
+	"github.com/owncloud/ocis/v2/ocis-pkg/shared"
 	"github.com/owncloud/ocis/v2/services/graph/mocks"
 	"github.com/owncloud/ocis/v2/services/graph/pkg/config"
 	"github.com/owncloud/ocis/v2/services/graph/pkg/config/defaults"
@@ -44,6 +45,7 @@ var _ = Describe("Users changing their own password", func() {
 		ctx = context.Background()
 		cfg = defaults.FullDefaultConfig()
 		cfg.TokenManager.JWTSecret = "loremipsum"
+		cfg.GRPCClientTLS = &shared.GRPCClientTLS{}
 
 		gatewayClient = &cs3mocks.GatewayAPIClient{}
 		ldapClient = mockedLDAPClient()

services/graph/pkg/service/v0/service.go

@@ -23,6 +23,7 @@ import (
 	"github.com/owncloud/ocis/v2/services/graph/pkg/identity"
 	"github.com/owncloud/ocis/v2/services/graph/pkg/identity/ldap"
 	graphm "github.com/owncloud/ocis/v2/services/graph/pkg/middleware"
+	gtracing "github.com/owncloud/ocis/v2/services/graph/pkg/tracing"
 	microstore "go-micro.dev/v4/store"
 )
 
@@ -155,7 +156,11 @@ func NewService(opts ...Option) (Graph, error) {
 	}
 
 	if options.PermissionService == nil {
-		svc.permissionsService = settingssvc.NewPermissionService("com.owncloud.api.settings", grpc.DefaultClient())
+		grpcClient, err := grpc.NewClient(append(grpc.GetClientOptions(options.Config.GRPCClientTLS), grpc.WithTraceProvider(gtracing.TraceProvider))...)
+		if err != nil {
+			return svc, err
+		}
+		svc.permissionsService = settingssvc.NewPermissionService("com.owncloud.api.settings", grpcClient)
 	} else {
 		svc.permissionsService = options.PermissionService
 	}