chore: More complete tracing for RBAC functions (#5690)

* chore: More complete tracing for RBAC functions * Add input.json as example rbac input for rego cli The input.json is required to play with the rego cli and debug the policy without golang. It is good to have an example to run the commands in the readme.md * Add span events to capture authorize and prepared results * chore: Add prometheus metrics to rbac authorizer
2025-07-06 15:41:45 +00:00 · 2023-01-13 16:07:15 -06:00
parent e821b98918
commit eb48341696
12 changed files with 425 additions and 147 deletions
--- a/coderd/rbac/trace.go
+++ b/coderd/rbac/trace.go
@ -0,0 +1,20 @@
+package rbac
+
+import (
+	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/trace"
+)
+
+// rbacTraceAttributes are the attributes that are added to all spans created by
+// the rbac package. These attributes should help to debug slow spans.
+func rbacTraceAttributes(roles []string, groupCount int, scope Scope, action Action, objectType string, extra ...attribute.KeyValue) trace.SpanStartOption {
+	return trace.WithAttributes(
+		append(extra,
+			attribute.StringSlice("subject_roles", roles),
+			attribute.Int("num_subject_roles", len(roles)),
+			attribute.Int("num_groups", groupCount),
+			attribute.String("scope", string(scope)),
+			attribute.String("action", string(action)),
+			attribute.String("object_type", objectType),
+		)...)
+}