feat: add tracing interceptors to login and oidc (#764)

* add tracing interceptors to login and oidc * add some tracing spans * trace login calls * add some spans * add some spans (change password) * add some more tracing in oauth/oidc * revert org exists * Merge branch 'master' into http-tracing # Conflicts: # internal/api/oidc/auth_request.go # internal/api/oidc/client.go # internal/auth/repository/eventsourcing/eventstore/auth_request.go # internal/auth/repository/eventsourcing/eventstore/user.go # internal/authz/repository/eventsourcing/eventstore/token_verifier.go # internal/authz/repository/eventsourcing/view/token.go # internal/user/repository/eventsourcing/eventstore.go
2025-08-12 04:37:31 +00:00 · 2020-10-21 10:18:34 +02:00
parent 6e602e6b8d
commit b3f68c8f48
25 changed files with 228 additions and 75 deletions
--- a/internal/api/grpc/client/middleware/tracing.go
+++ b/internal/api/grpc/client/middleware/tracing.go
@@ -9,7 +9,7 @@ import (
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/stats"

-	"github.com/caos/zitadel/internal/api/http"
+	grpc_utils "github.com/caos/zitadel/internal/api/grpc"
 	"github.com/caos/zitadel/internal/tracing"
 )

@@ -29,7 +29,7 @@ func TracingStatsClient(ignoredMethods ...GRPCMethod) grpc.DialOption {
 }

 func DefaultTracingStatsClient() grpc.DialOption {
-	return TracingStatsClient(http.Healthz, http.Readiness, http.Validation)
+	return TracingStatsClient(grpc_utils.Healthz, grpc_utils.Readiness, grpc_utils.Validation)
 }

 type tracingClientHandler struct {
--- a/internal/api/grpc/errors/caos_errors.go
+++ b/internal/api/grpc/errors/caos_errors.go
@@ -30,6 +30,9 @@ func CaosToGRPCError(ctx context.Context, err error) error {
 }

 func ExtractCaosError(err error) (c codes.Code, msg, id string, ok bool) {
+	if err == nil {
+		return codes.OK, "", "", false
+	}
 	switch caosErr := err.(type) {
 	case *caos_errs.AlreadyExistsError:
 		return codes.AlreadyExists, caosErr.GetMessage(), caosErr.GetID(), true
--- a/internal/api/grpc/probes.go
+++ b/internal/api/grpc/probes.go
@@ -0,0 +1,11 @@
+package grpc
+
+const (
+	Healthz    = "/Healthz"
+	Readiness  = "/Ready"
+	Validation = "/Validate"
+)
+
+var (
+	Probes = []string{Healthz, Readiness, Validation}
+)
--- a/internal/api/grpc/server/middleware/auth_interceptor.go
+++ b/internal/api/grpc/server/middleware/auth_interceptor.go
@@ -10,6 +10,7 @@ import (
 	"github.com/caos/zitadel/internal/api/authz"
 	grpc_util "github.com/caos/zitadel/internal/api/grpc"
 	"github.com/caos/zitadel/internal/api/http"
+	"github.com/caos/zitadel/internal/tracing"
 )

 func AuthorizationInterceptor(verifier *authz.TokenVerifier, authConfig authz.Config) grpc.UnaryServerInterceptor {
@@ -18,9 +19,13 @@ func AuthorizationInterceptor(verifier *authz.TokenVerifier, authConfig authz.Co
 	}
 }

-func authorize(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler, verifier *authz.TokenVerifier, authConfig authz.Config) (interface{}, error) {
+func authorize(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler, verifier *authz.TokenVerifier, authConfig authz.Config) (_ interface{}, err error) {
+	ctx, span := tracing.NewServerInterceptorSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
 	authOpt, needsToken := verifier.CheckAuthMethod(info.FullMethod)
 	if !needsToken {
+		span.End()
 		return handler(ctx, req)
 	}

@@ -31,10 +36,10 @@ func authorize(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo,

 	orgID := grpc_util.GetHeader(ctx, http.ZitadelOrgID)

-	ctx, err := authz.CheckUserAuthorization(ctx, req, authToken, orgID, verifier, authConfig, authOpt, info.FullMethod)
+	ctx, err = authz.CheckUserAuthorization(ctx, req, authToken, orgID, verifier, authConfig, authOpt, info.FullMethod)
 	if err != nil {
 		return nil, err
 	}
-
+	span.End()
 	return handler(ctx, req)
 }
--- a/internal/api/grpc/server/middleware/tracing.go
+++ b/internal/api/grpc/server/middleware/tracing.go
@@ -9,7 +9,7 @@ import (
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/stats"

-	"github.com/caos/zitadel/internal/api/http"
+	grpc_utils "github.com/caos/zitadel/internal/api/grpc"
 	"github.com/caos/zitadel/internal/tracing"
 )

@@ -30,7 +30,7 @@ func TracingStatsServer(ignoredMethods ...GRPCMethod) grpc.ServerOption {
 }

 func DefaultTracingStatsServer() grpc.ServerOption {
-	return TracingStatsServer(http.Healthz, http.Readiness, http.Validation)
+	return TracingStatsServer(grpc_utils.Healthz, grpc_utils.Readiness, grpc_utils.Validation)
 }

 type tracingServerHandler struct {
--- a/internal/api/grpc/server/server.go
+++ b/internal/api/grpc/server/server.go
@@ -27,7 +27,7 @@ type Server interface {

 func CreateServer(verifier *authz.TokenVerifier, authConfig authz.Config, lang language.Tag) *grpc.Server {
 	return grpc.NewServer(
-		middleware.TracingStatsServer(http.Healthz, http.Readiness, http.Validation),
+		middleware.DefaultTracingStatsServer(),
 		grpc.UnaryInterceptor(
 			grpc_middleware.ChainUnaryServer(
 				middleware.ErrorHandler(),