search

jaegertracing / jaeger

CNCF Jaeger, a Distributed Tracing Platform
https://www.jaegertracing.io/
Apache License 2.0
20.52k stars 2.44k forks source link

[Feature]: Implement bearer token auth interceptor #6035

Closed frzifus closed 2 weeks ago

frzifus commented 1 month ago

we should move upgradeContextWithBearerToken from plugin/storage/grpc/shared/grpc_client.go to be implemented as interceptor in pkg/bearertoken

Should be similar to the pkg/tenancy implementation.

Details: https://github.com/jaegertracing/jaeger/pull/6030#issuecomment-2387077052

yurishkuro commented 3 weeks ago

1) We should use client interceptors in plugin/storage/grpc/shared/grpc_client.go, currently it extracts token manually, even though it seems like the factory does attach interceptors

plugin/storage/grpc/factory.go
136:    opts = append(opts, grpc.WithUnaryInterceptor(bearertoken.NewUnaryClientInterceptor()))
137:    opts = append(opts, grpc.WithStreamInterceptor(bearertoken.NewStreamClientInterceptor()))

2) Another suspicious place:

plugin/metrics/prometheus/metricsstore/reader.go
25: "github.com/jaegertracing/jaeger/pkg/bearertoken"
345:    return bearertoken.RoundTripper{

3) Interceptor are installed in createGRPCServerLegacy but not in createGRPCServerOTEL in cmd/query/app/server.go

yurishkuro commented 3 weeks ago

@chahatsagarmain I re-opened as there are other places that could use interceptors