-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add wrappers for ssh.Client, ssh.Session, ssh.Channel, ssh.ServerConn, and ssh.NewCh that pass tracing context along with all ssh messages. In order to maintain backwards compatibility the ssh.Client wrapper tries to open a TracingChannel when constructed. Any servers that don't support tracing will reject the unknown channel. The client will only provide tracing context to servers which do NOT reject the TracingChannel request. In order to include pass tracing context along all ssh payloads are wrapped in an envelope that includes the original payload AND any trace context. Servers now try to unmarshal all payloads into an envelope when processing messages. If there is an envelope provided, a new span will be created and the original payload will be pass along to handlers. Part of #12241
- Loading branch information
1 parent
e2e5bd9
commit 5ebc56f
Showing
49 changed files
with
2,659 additions
and
623 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
| // Copyright 2022 Gravitational, Inc | ||
| // | ||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||
| // you may not use this file except in compliance with the License. | ||
| // You may obtain a copy of the License at | ||
| // | ||
| // http://www.apache.org/licenses/LICENSE-2.0 | ||
| // | ||
| // Unless required by applicable law or agreed to in writing, software | ||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| // See the License for the specific language governing permissions and | ||
| // limitations under the License. | ||
|
|
||
| package tracing | ||
|
|
||
| import ( | ||
| "go.opentelemetry.io/otel" | ||
| "go.opentelemetry.io/otel/propagation" | ||
| oteltrace "go.opentelemetry.io/otel/trace" | ||
| ) | ||
|
|
||
| // Option applies an option value for a Config. | ||
| type Option interface { | ||
| apply(*Config) | ||
| } | ||
|
|
||
| // Config stores tracing related properties to customize | ||
| // creating Tracers and extracting TraceContext | ||
| type Config struct { | ||
| TracerProvider oteltrace.TracerProvider | ||
| TextMapPropagator propagation.TextMapPropagator | ||
| } | ||
|
|
||
| // NewConfig returns a Config configured with all the passed Option. | ||
| func NewConfig(opts []Option) *Config { | ||
| c := &Config{ | ||
| TracerProvider: otel.GetTracerProvider(), | ||
| TextMapPropagator: otel.GetTextMapPropagator(), | ||
| } | ||
| for _, o := range opts { | ||
| o.apply(c) | ||
| } | ||
| return c | ||
| } | ||
|
|
||
| type tracerProviderOption struct{ tp oteltrace.TracerProvider } | ||
|
|
||
| func (o tracerProviderOption) apply(c *Config) { | ||
| if o.tp != nil { | ||
| c.TracerProvider = o.tp | ||
| } | ||
| } | ||
|
|
||
| // WithTracerProvider returns an Option to use the trace.TracerProvider when | ||
| // creating a trace.Tracer. | ||
| func WithTracerProvider(tp oteltrace.TracerProvider) Option { | ||
| return tracerProviderOption{tp: tp} | ||
| } | ||
|
|
||
| type propagatorOption struct{ p propagation.TextMapPropagator } | ||
|
|
||
| func (o propagatorOption) apply(c *Config) { | ||
| if o.p != nil { | ||
| c.TextMapPropagator = o.p | ||
| } | ||
| } | ||
|
|
||
| // WithTextMapPropagator returns an Option to use the propagation.TextMapPropagator when extracting | ||
| // and injecting trace context. | ||
| func WithTextMapPropagator(p propagation.TextMapPropagator) Option { | ||
| return propagatorOption{p: p} | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| // Copyright 2014 The Go Authors. All rights reserved. | ||
| // Use of this source code is governed by a BSD-style | ||
| // license that can be found in the LICENSE file. | ||
|
|
||
| package agent | ||
|
|
||
| import ( | ||
| "context" | ||
| "errors" | ||
|
|
||
| tracessh "github.com/gravitational/teleport/api/observability/tracing/ssh" | ||
| ) | ||
|
|
||
| // RequestAgentForwarding sets up agent forwarding for the session. | ||
| // ForwardToAgent or ForwardToRemote should be called to route | ||
| // the authentication requests. | ||
| // | ||
| // This is a forked version of golang.org/x/crypto/ssh/agent | ||
| // that wraps payloads sent across the underlying session in an | ||
| // Envelope, which allows us to provide tracing context to | ||
| // the server processing forwarding requests. | ||
| func RequestAgentForwarding(ctx context.Context, session *tracessh.Session) error { | ||
| ok, err := session.SendRequest(ctx, "[email protected]", true, nil) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| if !ok { | ||
| return errors.New("forwarding request denied") | ||
| } | ||
| return nil | ||
| } |
Oops, something went wrong.