search

amperity / vault-clj

Clojure client for Hashicorp's Vault secret management system.
Other
70 stars 17 forks source link

Client observability info threading #102

Closed greglook closed 1 year ago

greglook commented 1 year ago

Further changes in response to building out a new control-flow handler - this time focused on how the request metadata is supplied to the flow handler as well as how it's attached to responses.

The flow/call method already accepted an info argument, but there was no way for each implementation to feed data into that through the HTTP client. Now the http/call-api function accepts :info as part of the request parameters, which is threaded through the whole call chain. The client also does more work to ensure that gets included in response metadata or exception data, so that the API implementations don't need to worry about that.

I tested this by building out a really simple flow handler which logs/prints the captured metadata, then called some kv2 operations:

vault.repl=> (kv2/read-secret client "foo/bar/bax")
;; 20:22:43.872 [client-worker-2]        ERROR vault.client.flow               Request failed in 8.2 ms
;; Execution error (ExceptionInfo) at vault.secret.kv.v2/ex-not-found (v2.clj:182).
;; No kv-v2 secret found at secret:foo/bar/bax
{:vault.client/elapsed 8.241542,
 :vault.client/method :get,
 :vault.client/path "secret/data/foo/bar/bax",
 :vault.client/status 404,
 :vault.secret.kv.v2/mount "secret",
 :vault.secret.kv.v2/path "foo/bar/bax"}

vault.repl=> (do (kv2/read-secret client "foo/bar/baz") nil)
;; 20:22:56.982 [client-worker-3]        INFO  vault.client.flow               Request suceeded in 2.4 ms
nil
{:vault.client/elapsed 2.404,
 :vault.client/method :get,
 :vault.client/path "secret/data/foo/bar/baz",
 :vault.client/request-id "00ea31c9-fc9a-6ed2-28d5-85130524cfd7",
 :vault.client/status 200,
 :vault.secret.kv.v2/created-time #<java.time.Instant@4457761b 2023-09-13T18:41:20.463172Z>,
 :vault.secret.kv.v2/custom-metadata nil,
 :vault.secret.kv.v2/destroyed false,
 :vault.secret.kv.v2/mount "secret",
 :vault.secret.kv.v2/path "foo/bar/baz",
 :vault.secret.kv.v2/version 1}

This intentionally excludes the request query and response headers for brevity, though they are present in the metadata.

greglook commented 1 year ago

The full HTTP path is already present as :vault.client/path.

brandonvin commented 12 months ago

The full HTTP path is already present as :vault.client/path.

Ah thanks. I just needed to dig in the code a bit, but I see now the full path is added here, generically for all http requests:

https://github.com/amperity/vault-clj/blob/8f441a0472aefb2937ce1752ef9796d0d39f44e2/src/vault/client/http.clj#L126-L130