Thanks to visit codestin.com
Credit goes to github.com

Skip to content

chore: More complete tracing for RBAC functions #5690

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Jan 13, 2023
Merged

chore: More complete tracing for RBAC functions #5690

merged 14 commits into from
Jan 13, 2023

Conversation

Emyrk
Copy link
Member

@Emyrk Emyrk commented Jan 12, 2023
edited
Loading

  • Adds more complete tracing attributes and events for rbac authorize telemetry.
  • Adds prometheus metrics for authorize and prepare.
  • Intentionally not running on authorize calls on prepared authorizers. These calls are typically very quick (<1ms) and not worth implementing the cost of measuring. The Filter function has tracing for the batch if Filter becomes slow.

Extra

I also added more benchmarks to benchmark the Authorize function. I am seeing the average time being <1ms. Telemetry shows some slower authorize calls, hoping these attributes helps identify some patterns in what calls are slow.

Emyrk added 5 commits January 12, 2023 09:58
@Emyrk
chore: More complete tracing for RBAC functions
01606f4 
Remaining data points untracked:
- Number of queries after a prepare
- CompileToSQL time

Excluded:
- Any IDs, not needed
- Authorize result (true/false)
- Authorize reason (group or perms for true)
@Emyrk
Add tracing to track SQL compilation times
ef90512
@Emyrk
Add attributes to CompileSQLQuery trace span
aaf9241
@Emyrk
Update filter span
0a36a0a
@Emyrk
Linting
244c86d
@Emyrk Emyrk requested a review from johnstcn January 12, 2023 16:36
Emyrk added 2 commits January 12, 2023 10:39
@Emyrk
Add input.json as example rbac input for rego cli
e1e90b1 
The input.json is required to play with the rego cli and debug
the policy without golang. It is good to have an example to run
the commands in the readme.md
@Emyrk
Make fmt
5271d7b
@Emyrk Emyrk marked this pull request as ready for review January 12, 2023 16:41
coadler
coadler reviewed Jan 12, 2023
View reviewed changes
coderd/rbac/authz.go Outdated
Comment on lines 265 to 268
span.AddEvent("prepared",
trace.WithAttributes(attribute.Int("num_queries", len(prepared.preparedQueries))),
trace.WithAttributes(attribute.Bool("always_true", prepared.alwaysTrue)),
)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think instead of adding an event to attach these attributes it'd make more sense to just attach them to the parent span above, or just give (RegoAuthorizer).Prepare it's own span?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made it an event because I wanted the timing of the prepare call, so these are the return values. I agree it would be better on the parent.

If I use time.Now() and WithTimestamp though, I could start the span after the call happened and get all attributes. what do you think?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it might just be better to call tracing.StartSpan() inside prepare then? That way you have the timing for that function specifically and can add attributes to it

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The attributes are the return though. So even if I put it in, I cannot put those attributes at the start of the call.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tracing.StartSpan returns a span you can set the attributes on

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh TIL I can add attributes after a span was stared. I thought I read that you could not. I'll just add to parent span 👍

@Emyrk Emyrk mentioned this pull request Jan 13, 2023
Merged
@Emyrk Emyrk requested a review from coadler January 13, 2023 18:47
@Emyrk
Empty commit to trigger Github PR sync.
8eb3bcc 
Github syncing is having issues on this PR for some reason.
@Emyrk Emyrk merged commit eb48341 into main Jan 13, 2023
@Emyrk Emyrk deleted the stevenmasley/authorize_performance_data branch January 13, 2023 22:07
@github-actions github-actions bot locked and limited conversation to collaborators Jan 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@coadler coadler coadler approved these changes

@johnstcn johnstcn Awaiting requested review from johnstcn

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Emyrk @johnstcn @coadler