diff --git a/CHANGELOG.md b/CHANGELOG.md index 89db3be6f59..4fab710e967 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm - Add `WithAttributes` option to set instrumentation scope attributes on the created `log.Logger` in `go.opentelemetry.io/contrib/bridges/otellogrus`. (#6966) - Add `WithAttributes` option to set instrumentation scope attributes on the created `log.Logger` in `go.opentelemetry.io/contrib/bridges/otellogr`. (#6967) - Add the `WithGinMetricAttributes` option to allow setting dynamic, per-request metric attributes based on `*gin.Context` in `go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin`. (#6932) +- Use Gin's own `ClientIP` method to detect the client's IP, which supports custom proxy headers in `go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin`. (#6095) ### Changed diff --git a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/bench_test.go b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/bench_test.go index 869448c285c..c59aa559369 100644 --- a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/bench_test.go +++ b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/bench_test.go @@ -43,6 +43,6 @@ func BenchmarkHTTPServerRequest(b *testing.B) { b.ReportAllocs() b.ResetTimer() for i := 0; i < b.N; i++ { - benchHTTPServerRequestResults = serv.RequestTraceAttrs("", req) + benchHTTPServerRequestResults = serv.RequestTraceAttrs("", req, RequestTraceAttrsOpts{}) } } diff --git a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/env.go b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/env.go index 9b970d72557..66050f23d7f 100644 --- a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/env.go +++ b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/env.go @@ -61,9 +61,9 @@ type HTTPServer struct { // // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. -func (s HTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { +func (s HTTPServer) RequestTraceAttrs(server string, req *http.Request, opts RequestTraceAttrsOpts) []attribute.KeyValue { if s.duplicate { - return append(OldHTTPServer{}.RequestTraceAttrs(server, req), CurrentHTTPServer{}.RequestTraceAttrs(server, req)...) + return append(OldHTTPServer{}.RequestTraceAttrs(server, req), CurrentHTTPServer{}.RequestTraceAttrs(server, req, opts)...) } return OldHTTPServer{}.RequestTraceAttrs(server, req) } diff --git a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/env_test.go b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/env_test.go index 2a72965a45d..635f171805a 100644 --- a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/env_test.go +++ b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/env_test.go @@ -42,7 +42,7 @@ func TestHTTPServerDoesNotPanic(t *testing.T) { req, err := http.NewRequest("GET", "http://example.com", nil) require.NoError(t, err) - _ = tt.server.RequestTraceAttrs("stuff", req) + _ = tt.server.RequestTraceAttrs("stuff", req, RequestTraceAttrsOpts{}) _ = tt.server.ResponseTraceAttrs(ResponseTelemetry{StatusCode: 200}) tt.server.RecordMetrics(context.Background(), ServerMetricData{ ServerName: "stuff", @@ -250,7 +250,7 @@ func BenchmarkRecordMetrics(b *testing.B) { for _, bm := range benchmarks { b.Run(bm.name, func(b *testing.B) { req, _ := http.NewRequest("GET", "http://example.com", nil) - _ = bm.server.RequestTraceAttrs("stuff", req) + _ = bm.server.RequestTraceAttrs("stuff", req, RequestTraceAttrsOpts{}) _ = bm.server.ResponseTraceAttrs(ResponseTelemetry{StatusCode: 200}) ctx := context.Background() b.ReportAllocs() diff --git a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/httpconv.go b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/httpconv.go index 1289f29d356..dfb9e1d00c7 100644 --- a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/httpconv.go +++ b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/httpconv.go @@ -20,6 +20,11 @@ import ( semconvNew "go.opentelemetry.io/otel/semconv/v1.26.0" ) +type RequestTraceAttrsOpts struct { + // If set, this is used as value for the "http.client_ip" attribute. + HTTPClientIP string +} + type CurrentHTTPServer struct{} // RequestTraceAttrs returns trace attributes for an HTTP request received by a @@ -38,7 +43,7 @@ type CurrentHTTPServer struct{} // // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. -func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { +func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request, opts RequestTraceAttrsOpts) []attribute.KeyValue { count := 3 // ServerAddress, Method, Scheme var host string @@ -65,7 +70,8 @@ func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) [ scheme := n.scheme(req.TLS != nil) - if peer, peerPort := SplitHostPort(req.RemoteAddr); peer != "" { + peer, peerPort := SplitHostPort(req.RemoteAddr) + if peer != "" { // The Go HTTP server sets RemoteAddr to "IP:port", this will not be a // file-path that would be interpreted with a sock family. count++ @@ -79,7 +85,17 @@ func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) [ count++ } - clientIP := serverClientIP(req.Header.Get("X-Forwarded-For")) + // For client IP, use, in order: + // 1. The value passed in the options + // 2. The value in the X-Forwarded-For header + // 3. The peer address + clientIP := opts.HTTPClientIP + if clientIP == "" { + clientIP = serverClientIP(req.Header.Get("X-Forwarded-For")) + if clientIP == "" { + clientIP = peer + } + } if clientIP != "" { count++ } diff --git a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/httpconv_test.go b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/httpconv_test.go index 847634dc149..a398203ba58 100644 --- a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/httpconv_test.go +++ b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/httpconv_test.go @@ -263,7 +263,7 @@ func TestRequestTraceAttrs_HTTPRoute(t *testing.T) { req.Pattern = "/high/cardinality/path/{id}" var found bool - for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req) { + for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req, RequestTraceAttrsOpts{}) { if attr.Key != "http.route" { continue } @@ -272,3 +272,54 @@ func TestRequestTraceAttrs_HTTPRoute(t *testing.T) { } require.True(t, found) } + +func TestRequestTraceAttrs_ClientIP(t *testing.T) { + for _, tt := range []struct { + name string + requestModifierFn func(r *http.Request) + requestTraceOpts RequestTraceAttrsOpts + + wantClientIP string + }{ + { + name: "with a client IP from the network", + wantClientIP: "1.2.3.4", + }, + { + name: "with a client IP from x-forwarded-for header", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + wantClientIP: "5.6.7.8", + }, + { + name: "with a client IP in options", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + requestTraceOpts: RequestTraceAttrsOpts{ + HTTPClientIP: "9.8.7.6", + }, + wantClientIP: "9.8.7.6", + }, + } { + t.Run(tt.name, func(t *testing.T) { + req := httptest.NewRequest("GET", "/example", nil) + req.RemoteAddr = "1.2.3.4:5678" + + if tt.requestModifierFn != nil { + tt.requestModifierFn(req) + } + + var found bool + for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req, tt.requestTraceOpts) { + if attr.Key != "client.address" { + continue + } + found = true + assert.Equal(t, tt.wantClientIP, attr.Value.AsString()) + } + require.True(t, found) + }) + } +} diff --git a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/test/common_test.go b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/test/common_test.go index 752f4828d25..e4b13674cd4 100644 --- a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/test/common_test.go +++ b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/test/common_test.go @@ -67,5 +67,5 @@ func testTraceRequest(t *testing.T, serv semconv.HTTPServer, want func(testServe clientIP: clientIP, } - assert.ElementsMatch(t, want(srvReq), serv.RequestTraceAttrs("", req)) + assert.ElementsMatch(t, want(srvReq), serv.RequestTraceAttrs("", req, semconv.RequestTraceAttrsOpts{})) } diff --git a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/v1.20.0.go b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/v1.20.0.go index 88a84d59497..e48f203c63f 100644 --- a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/v1.20.0.go +++ b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconv/v1.20.0.go @@ -38,7 +38,7 @@ type OldHTTPServer struct{} // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. func (o OldHTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { - return semconvutil.HTTPServerRequest(server, req) + return semconvutil.HTTPServerRequest(server, req, semconvutil.HTTPServerRequestOptions{}) } func (o OldHTTPServer) NetworkTransportAttr(network string) attribute.KeyValue { diff --git a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconvutil/httpconv.go b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconvutil/httpconv.go index 9f2833b190a..d7d1bba686b 100644 --- a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconvutil/httpconv.go +++ b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconvutil/httpconv.go @@ -16,6 +16,11 @@ import ( semconv "go.opentelemetry.io/otel/semconv/v1.20.0" ) +type HTTPServerRequestOptions struct { + // If set, this is used as value for the "http.client_ip" attribute. + HTTPClientIP string +} + // HTTPClientResponse returns trace attributes for an HTTP response received by a // client from a server. It will return the following attributes if the related // values are defined in resp: "http.status.code", @@ -75,8 +80,8 @@ func HTTPClientStatus(code int) (codes.Code, string) { // "http.target", "net.host.name". The following attributes are returned if // they related values are defined in req: "net.host.port", "net.sock.peer.addr", // "net.sock.peer.port", "user_agent.original", "http.client_ip". -func HTTPServerRequest(server string, req *http.Request) []attribute.KeyValue { - return hc.ServerRequest(server, req) +func HTTPServerRequest(server string, req *http.Request, opts HTTPServerRequestOptions) []attribute.KeyValue { + return hc.ServerRequest(server, req, opts) } // HTTPServerRequestMetrics returns metric attributes for an HTTP request received by a @@ -305,7 +310,7 @@ func (c *httpConv) ClientRequestMetrics(req *http.Request) []attribute.KeyValue // related values are defined in req: "net.host.port", "net.sock.peer.addr", // "net.sock.peer.port", "user_agent.original", "http.client_ip", // "net.protocol.name", "net.protocol.version". -func (c *httpConv) ServerRequest(server string, req *http.Request) []attribute.KeyValue { +func (c *httpConv) ServerRequest(server string, req *http.Request, opts HTTPServerRequestOptions) []attribute.KeyValue { /* The following semantic conventions are returned if present: http.method string http.scheme string @@ -358,7 +363,17 @@ func (c *httpConv) ServerRequest(server string, req *http.Request) []attribute.K n++ } - clientIP := serverClientIP(req.Header.Get("X-Forwarded-For")) + // For client IP, use, in order: + // 1. The value passed in the options + // 2. The value in the X-Forwarded-For header + // 3. The peer address + clientIP := opts.HTTPClientIP + if clientIP == "" { + clientIP = serverClientIP(req.Header.Get("X-Forwarded-For")) + if clientIP == "" { + clientIP = peer + } + } if clientIP != "" { n++ } diff --git a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconvutil/httpconv_test.go b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconvutil/httpconv_test.go index 553c75569e5..9b618b558cd 100644 --- a/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconvutil/httpconv_test.go +++ b/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconvutil/httpconv_test.go @@ -12,6 +12,7 @@ import ( "net/url" "strconv" "testing" + "time" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -165,47 +166,91 @@ func TestHTTPClientRequestRequired(t *testing.T) { } func TestHTTPServerRequest(t *testing.T) { - got := make(chan *http.Request, 1) - handler := func(w http.ResponseWriter, r *http.Request) { - got <- r - w.WriteHeader(http.StatusOK) - } + for _, tt := range []struct { + name string + requestModifierFn func(r *http.Request) + httpServerRequestOpts HTTPServerRequestOptions - srv := httptest.NewServer(http.HandlerFunc(handler)) - defer srv.Close() + wantClientIP string + }{ + { + name: "with a client IP from the network", + wantClientIP: "1.2.3.4", + }, + { + name: "with a client IP from x-forwarded-for header", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + wantClientIP: "5.6.7.8", + }, + { + name: "with a client IP in options", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + httpServerRequestOpts: HTTPServerRequestOptions{ + HTTPClientIP: "9.8.7.6", + }, + wantClientIP: "9.8.7.6", + }, + } { + t.Run(tt.name, func(t *testing.T) { + reqCh := make(chan *http.Request, 1) + handler := func(w http.ResponseWriter, r *http.Request) { + r.RemoteAddr = "1.2.3.4:5678" + reqCh <- r + w.WriteHeader(http.StatusOK) + } - srvURL, err := url.Parse(srv.URL) - require.NoError(t, err) - srvPort, err := strconv.ParseInt(srvURL.Port(), 10, 32) - require.NoError(t, err) + srv := httptest.NewServer(http.HandlerFunc(handler)) + defer srv.Close() - resp, err := srv.Client().Get(srv.URL) - require.NoError(t, err) - require.NoError(t, resp.Body.Close()) + srvURL, err := url.Parse(srv.URL) + require.NoError(t, err) + srvPort, err := strconv.ParseInt(srvURL.Port(), 10, 32) + require.NoError(t, err) - req := <-got - peer, peerPort := splitHostPort(req.RemoteAddr) + req, err := http.NewRequest(http.MethodGet, srv.URL, nil) + require.NoError(t, err) - const user = "alice" - req.SetBasicAuth(user, "pswrd") + if tt.requestModifierFn != nil { + tt.requestModifierFn(req) + } - const clientIP = "127.0.0.5" - req.Header.Add("X-Forwarded-For", clientIP) + resp, err := srv.Client().Do(req) + require.NoError(t, err) + require.NoError(t, resp.Body.Close()) - assert.ElementsMatch(t, - []attribute.KeyValue{ - attribute.String("http.method", "GET"), - attribute.String("http.scheme", "http"), - attribute.String("net.host.name", srvURL.Hostname()), - attribute.Int("net.host.port", int(srvPort)), - attribute.String("net.sock.peer.addr", peer), - attribute.Int("net.sock.peer.port", peerPort), - attribute.String("user_agent.original", "Go-http-client/1.1"), - attribute.String("http.client_ip", clientIP), - attribute.String("net.protocol.version", "1.1"), - attribute.String("http.target", "/"), - }, - HTTPServerRequest("", req)) + var got *http.Request + select { + case got = <-reqCh: + // All good + case <-time.After(5 * time.Second): + t.Fatal("Did not receive a signal in 5s") + } + + peer, peerPort := splitHostPort(got.RemoteAddr) + + const user = "alice" + got.SetBasicAuth(user, "pswrd") + + assert.ElementsMatch(t, + []attribute.KeyValue{ + attribute.String("http.method", "GET"), + attribute.String("http.scheme", "http"), + attribute.String("net.host.name", srvURL.Hostname()), + attribute.Int("net.host.port", int(srvPort)), + attribute.String("net.sock.peer.addr", peer), + attribute.Int("net.sock.peer.port", peerPort), + attribute.String("user_agent.original", "Go-http-client/1.1"), + attribute.String("http.client_ip", tt.wantClientIP), + attribute.String("net.protocol.version", "1.1"), + attribute.String("http.target", "/"), + }, + HTTPServerRequest("", got, tt.httpServerRequestOpts)) + }) + } } func TestHTTPServerRequestMetrics(t *testing.T) { @@ -227,7 +272,13 @@ func TestHTTPServerRequestMetrics(t *testing.T) { require.NoError(t, err) require.NoError(t, resp.Body.Close()) - req := <-got + var req *http.Request + select { + case req = <-got: + // All good + case <-time.After(5 * time.Second): + t.Fatal("did not receive a signal in 5s") + } assert.ElementsMatch(t, []attribute.KeyValue{ @@ -250,14 +301,14 @@ func TestHTTPServerName(t *testing.T) { ) portStr := strconv.Itoa(port) server := host + ":" + portStr - assert.NotPanics(t, func() { got = HTTPServerRequest(server, req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest(server, req, HTTPServerRequestOptions{}) }) assert.Contains(t, got, attribute.String("net.host.name", host)) assert.Contains(t, got, attribute.Int("net.host.port", port)) req = &http.Request{Host: "alt.host.name:" + portStr} // The server parameter does not include a port, ServerRequest should use // the port in the request Host field. - assert.NotPanics(t, func() { got = HTTPServerRequest(host, req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest(host, req, HTTPServerRequestOptions{}) }) assert.Contains(t, got, attribute.String("net.host.name", host)) assert.Contains(t, got, attribute.Int("net.host.port", port)) } @@ -265,7 +316,7 @@ func TestHTTPServerName(t *testing.T) { func TestHTTPServerRequestFailsGracefully(t *testing.T) { req := new(http.Request) var got []attribute.KeyValue - assert.NotPanics(t, func() { got = HTTPServerRequest("", req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest("", req, HTTPServerRequestOptions{}) }) want := []attribute.KeyValue{ attribute.String("http.method", "GET"), attribute.String("http.scheme", "http"), diff --git a/instrumentation/github.com/emicklei/go-restful/otelrestful/restful.go b/instrumentation/github.com/emicklei/go-restful/otelrestful/restful.go index 2f5011b66c2..59fad1f507c 100644 --- a/instrumentation/github.com/emicklei/go-restful/otelrestful/restful.go +++ b/instrumentation/github.com/emicklei/go-restful/otelrestful/restful.go @@ -45,7 +45,7 @@ func OTelFilter(service string, opts ...Option) restful.FilterFunction { spanName := route opts := []oteltrace.SpanStartOption{ - oteltrace.WithAttributes(semconvutil.HTTPServerRequest(service, r)...), + oteltrace.WithAttributes(semconvutil.HTTPServerRequest(service, r, semconvutil.HTTPServerRequestOptions{})...), oteltrace.WithSpanKind(oteltrace.SpanKindServer), } if route != "" { diff --git a/instrumentation/github.com/gin-gonic/gin/otelgin/gin.go b/instrumentation/github.com/gin-gonic/gin/otelgin/gin.go index 68eb988c656..0f7cbabbbac 100644 --- a/instrumentation/github.com/gin-gonic/gin/otelgin/gin.go +++ b/instrumentation/github.com/gin-gonic/gin/otelgin/gin.go @@ -80,8 +80,14 @@ func Middleware(service string, opts ...Option) gin.HandlerFunc { c.Request = c.Request.WithContext(savedCtx) }() ctx := cfg.Propagators.Extract(savedCtx, propagation.HeaderCarrier(c.Request.Header)) + + requestTraceAttrOpts := semconv.RequestTraceAttrsOpts{ + // Gin's ClientIP method can detect the client's IP from various headers set by proxies, and it's configurable + HTTPClientIP: c.ClientIP(), + } + opts := []oteltrace.SpanStartOption{ - oteltrace.WithAttributes(hs.RequestTraceAttrs(service, c.Request)...), + oteltrace.WithAttributes(hs.RequestTraceAttrs(service, c.Request, requestTraceAttrOpts)...), oteltrace.WithAttributes(hs.Route(c.FullPath())), oteltrace.WithSpanKind(oteltrace.SpanKindServer), } diff --git a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/bench_test.go b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/bench_test.go index 869448c285c..c59aa559369 100644 --- a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/bench_test.go +++ b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/bench_test.go @@ -43,6 +43,6 @@ func BenchmarkHTTPServerRequest(b *testing.B) { b.ReportAllocs() b.ResetTimer() for i := 0; i < b.N; i++ { - benchHTTPServerRequestResults = serv.RequestTraceAttrs("", req) + benchHTTPServerRequestResults = serv.RequestTraceAttrs("", req, RequestTraceAttrsOpts{}) } } diff --git a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/env.go b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/env.go index d1ac91a291e..dc43813db29 100644 --- a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/env.go +++ b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/env.go @@ -61,9 +61,9 @@ type HTTPServer struct { // // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. -func (s HTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { +func (s HTTPServer) RequestTraceAttrs(server string, req *http.Request, opts RequestTraceAttrsOpts) []attribute.KeyValue { if s.duplicate { - return append(OldHTTPServer{}.RequestTraceAttrs(server, req), CurrentHTTPServer{}.RequestTraceAttrs(server, req)...) + return append(OldHTTPServer{}.RequestTraceAttrs(server, req), CurrentHTTPServer{}.RequestTraceAttrs(server, req, opts)...) } return OldHTTPServer{}.RequestTraceAttrs(server, req) } diff --git a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/env_test.go b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/env_test.go index 2a72965a45d..635f171805a 100644 --- a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/env_test.go +++ b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/env_test.go @@ -42,7 +42,7 @@ func TestHTTPServerDoesNotPanic(t *testing.T) { req, err := http.NewRequest("GET", "http://example.com", nil) require.NoError(t, err) - _ = tt.server.RequestTraceAttrs("stuff", req) + _ = tt.server.RequestTraceAttrs("stuff", req, RequestTraceAttrsOpts{}) _ = tt.server.ResponseTraceAttrs(ResponseTelemetry{StatusCode: 200}) tt.server.RecordMetrics(context.Background(), ServerMetricData{ ServerName: "stuff", @@ -250,7 +250,7 @@ func BenchmarkRecordMetrics(b *testing.B) { for _, bm := range benchmarks { b.Run(bm.name, func(b *testing.B) { req, _ := http.NewRequest("GET", "http://example.com", nil) - _ = bm.server.RequestTraceAttrs("stuff", req) + _ = bm.server.RequestTraceAttrs("stuff", req, RequestTraceAttrsOpts{}) _ = bm.server.ResponseTraceAttrs(ResponseTelemetry{StatusCode: 200}) ctx := context.Background() b.ReportAllocs() diff --git a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/httpconv.go b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/httpconv.go index e63367d79b8..b66106a6ef0 100644 --- a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/httpconv.go +++ b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/httpconv.go @@ -20,6 +20,11 @@ import ( semconvNew "go.opentelemetry.io/otel/semconv/v1.26.0" ) +type RequestTraceAttrsOpts struct { + // If set, this is used as value for the "http.client_ip" attribute. + HTTPClientIP string +} + type CurrentHTTPServer struct{} // RequestTraceAttrs returns trace attributes for an HTTP request received by a @@ -38,7 +43,7 @@ type CurrentHTTPServer struct{} // // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. -func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { +func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request, opts RequestTraceAttrsOpts) []attribute.KeyValue { count := 3 // ServerAddress, Method, Scheme var host string @@ -65,7 +70,8 @@ func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) [ scheme := n.scheme(req.TLS != nil) - if peer, peerPort := SplitHostPort(req.RemoteAddr); peer != "" { + peer, peerPort := SplitHostPort(req.RemoteAddr) + if peer != "" { // The Go HTTP server sets RemoteAddr to "IP:port", this will not be a // file-path that would be interpreted with a sock family. count++ @@ -79,7 +85,17 @@ func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) [ count++ } - clientIP := serverClientIP(req.Header.Get("X-Forwarded-For")) + // For client IP, use, in order: + // 1. The value passed in the options + // 2. The value in the X-Forwarded-For header + // 3. The peer address + clientIP := opts.HTTPClientIP + if clientIP == "" { + clientIP = serverClientIP(req.Header.Get("X-Forwarded-For")) + if clientIP == "" { + clientIP = peer + } + } if clientIP != "" { count++ } diff --git a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/httpconv_test.go b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/httpconv_test.go index 847634dc149..a398203ba58 100644 --- a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/httpconv_test.go +++ b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/httpconv_test.go @@ -263,7 +263,7 @@ func TestRequestTraceAttrs_HTTPRoute(t *testing.T) { req.Pattern = "/high/cardinality/path/{id}" var found bool - for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req) { + for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req, RequestTraceAttrsOpts{}) { if attr.Key != "http.route" { continue } @@ -272,3 +272,54 @@ func TestRequestTraceAttrs_HTTPRoute(t *testing.T) { } require.True(t, found) } + +func TestRequestTraceAttrs_ClientIP(t *testing.T) { + for _, tt := range []struct { + name string + requestModifierFn func(r *http.Request) + requestTraceOpts RequestTraceAttrsOpts + + wantClientIP string + }{ + { + name: "with a client IP from the network", + wantClientIP: "1.2.3.4", + }, + { + name: "with a client IP from x-forwarded-for header", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + wantClientIP: "5.6.7.8", + }, + { + name: "with a client IP in options", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + requestTraceOpts: RequestTraceAttrsOpts{ + HTTPClientIP: "9.8.7.6", + }, + wantClientIP: "9.8.7.6", + }, + } { + t.Run(tt.name, func(t *testing.T) { + req := httptest.NewRequest("GET", "/example", nil) + req.RemoteAddr = "1.2.3.4:5678" + + if tt.requestModifierFn != nil { + tt.requestModifierFn(req) + } + + var found bool + for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req, tt.requestTraceOpts) { + if attr.Key != "client.address" { + continue + } + found = true + assert.Equal(t, tt.wantClientIP, attr.Value.AsString()) + } + require.True(t, found) + }) + } +} diff --git a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/test/common_test.go b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/test/common_test.go index 89647901e60..41ef5f940e9 100644 --- a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/test/common_test.go +++ b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/test/common_test.go @@ -67,5 +67,5 @@ func testTraceRequest(t *testing.T, serv semconv.HTTPServer, want func(testServe clientIP: clientIP, } - assert.ElementsMatch(t, want(srvReq), serv.RequestTraceAttrs("", req)) + assert.ElementsMatch(t, want(srvReq), serv.RequestTraceAttrs("", req, semconv.RequestTraceAttrsOpts{})) } diff --git a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/v1.20.0.go b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/v1.20.0.go index 9a1165dd7a7..3c22e38a988 100644 --- a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/v1.20.0.go +++ b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconv/v1.20.0.go @@ -38,7 +38,7 @@ type OldHTTPServer struct{} // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. func (o OldHTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { - return semconvutil.HTTPServerRequest(server, req) + return semconvutil.HTTPServerRequest(server, req, semconvutil.HTTPServerRequestOptions{}) } func (o OldHTTPServer) NetworkTransportAttr(network string) attribute.KeyValue { diff --git a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconvutil/httpconv.go b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconvutil/httpconv.go index 8cfe7e3dc0b..ec922413677 100644 --- a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconvutil/httpconv.go +++ b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconvutil/httpconv.go @@ -16,6 +16,11 @@ import ( semconv "go.opentelemetry.io/otel/semconv/v1.20.0" ) +type HTTPServerRequestOptions struct { + // If set, this is used as value for the "http.client_ip" attribute. + HTTPClientIP string +} + // HTTPClientResponse returns trace attributes for an HTTP response received by a // client from a server. It will return the following attributes if the related // values are defined in resp: "http.status.code", @@ -75,8 +80,8 @@ func HTTPClientStatus(code int) (codes.Code, string) { // "http.target", "net.host.name". The following attributes are returned if // they related values are defined in req: "net.host.port", "net.sock.peer.addr", // "net.sock.peer.port", "user_agent.original", "http.client_ip". -func HTTPServerRequest(server string, req *http.Request) []attribute.KeyValue { - return hc.ServerRequest(server, req) +func HTTPServerRequest(server string, req *http.Request, opts HTTPServerRequestOptions) []attribute.KeyValue { + return hc.ServerRequest(server, req, opts) } // HTTPServerRequestMetrics returns metric attributes for an HTTP request received by a @@ -305,7 +310,7 @@ func (c *httpConv) ClientRequestMetrics(req *http.Request) []attribute.KeyValue // related values are defined in req: "net.host.port", "net.sock.peer.addr", // "net.sock.peer.port", "user_agent.original", "http.client_ip", // "net.protocol.name", "net.protocol.version". -func (c *httpConv) ServerRequest(server string, req *http.Request) []attribute.KeyValue { +func (c *httpConv) ServerRequest(server string, req *http.Request, opts HTTPServerRequestOptions) []attribute.KeyValue { /* The following semantic conventions are returned if present: http.method string http.scheme string @@ -358,7 +363,17 @@ func (c *httpConv) ServerRequest(server string, req *http.Request) []attribute.K n++ } - clientIP := serverClientIP(req.Header.Get("X-Forwarded-For")) + // For client IP, use, in order: + // 1. The value passed in the options + // 2. The value in the X-Forwarded-For header + // 3. The peer address + clientIP := opts.HTTPClientIP + if clientIP == "" { + clientIP = serverClientIP(req.Header.Get("X-Forwarded-For")) + if clientIP == "" { + clientIP = peer + } + } if clientIP != "" { n++ } diff --git a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconvutil/httpconv_test.go b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconvutil/httpconv_test.go index 553c75569e5..9b618b558cd 100644 --- a/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconvutil/httpconv_test.go +++ b/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconvutil/httpconv_test.go @@ -12,6 +12,7 @@ import ( "net/url" "strconv" "testing" + "time" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -165,47 +166,91 @@ func TestHTTPClientRequestRequired(t *testing.T) { } func TestHTTPServerRequest(t *testing.T) { - got := make(chan *http.Request, 1) - handler := func(w http.ResponseWriter, r *http.Request) { - got <- r - w.WriteHeader(http.StatusOK) - } + for _, tt := range []struct { + name string + requestModifierFn func(r *http.Request) + httpServerRequestOpts HTTPServerRequestOptions - srv := httptest.NewServer(http.HandlerFunc(handler)) - defer srv.Close() + wantClientIP string + }{ + { + name: "with a client IP from the network", + wantClientIP: "1.2.3.4", + }, + { + name: "with a client IP from x-forwarded-for header", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + wantClientIP: "5.6.7.8", + }, + { + name: "with a client IP in options", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + httpServerRequestOpts: HTTPServerRequestOptions{ + HTTPClientIP: "9.8.7.6", + }, + wantClientIP: "9.8.7.6", + }, + } { + t.Run(tt.name, func(t *testing.T) { + reqCh := make(chan *http.Request, 1) + handler := func(w http.ResponseWriter, r *http.Request) { + r.RemoteAddr = "1.2.3.4:5678" + reqCh <- r + w.WriteHeader(http.StatusOK) + } - srvURL, err := url.Parse(srv.URL) - require.NoError(t, err) - srvPort, err := strconv.ParseInt(srvURL.Port(), 10, 32) - require.NoError(t, err) + srv := httptest.NewServer(http.HandlerFunc(handler)) + defer srv.Close() - resp, err := srv.Client().Get(srv.URL) - require.NoError(t, err) - require.NoError(t, resp.Body.Close()) + srvURL, err := url.Parse(srv.URL) + require.NoError(t, err) + srvPort, err := strconv.ParseInt(srvURL.Port(), 10, 32) + require.NoError(t, err) - req := <-got - peer, peerPort := splitHostPort(req.RemoteAddr) + req, err := http.NewRequest(http.MethodGet, srv.URL, nil) + require.NoError(t, err) - const user = "alice" - req.SetBasicAuth(user, "pswrd") + if tt.requestModifierFn != nil { + tt.requestModifierFn(req) + } - const clientIP = "127.0.0.5" - req.Header.Add("X-Forwarded-For", clientIP) + resp, err := srv.Client().Do(req) + require.NoError(t, err) + require.NoError(t, resp.Body.Close()) - assert.ElementsMatch(t, - []attribute.KeyValue{ - attribute.String("http.method", "GET"), - attribute.String("http.scheme", "http"), - attribute.String("net.host.name", srvURL.Hostname()), - attribute.Int("net.host.port", int(srvPort)), - attribute.String("net.sock.peer.addr", peer), - attribute.Int("net.sock.peer.port", peerPort), - attribute.String("user_agent.original", "Go-http-client/1.1"), - attribute.String("http.client_ip", clientIP), - attribute.String("net.protocol.version", "1.1"), - attribute.String("http.target", "/"), - }, - HTTPServerRequest("", req)) + var got *http.Request + select { + case got = <-reqCh: + // All good + case <-time.After(5 * time.Second): + t.Fatal("Did not receive a signal in 5s") + } + + peer, peerPort := splitHostPort(got.RemoteAddr) + + const user = "alice" + got.SetBasicAuth(user, "pswrd") + + assert.ElementsMatch(t, + []attribute.KeyValue{ + attribute.String("http.method", "GET"), + attribute.String("http.scheme", "http"), + attribute.String("net.host.name", srvURL.Hostname()), + attribute.Int("net.host.port", int(srvPort)), + attribute.String("net.sock.peer.addr", peer), + attribute.Int("net.sock.peer.port", peerPort), + attribute.String("user_agent.original", "Go-http-client/1.1"), + attribute.String("http.client_ip", tt.wantClientIP), + attribute.String("net.protocol.version", "1.1"), + attribute.String("http.target", "/"), + }, + HTTPServerRequest("", got, tt.httpServerRequestOpts)) + }) + } } func TestHTTPServerRequestMetrics(t *testing.T) { @@ -227,7 +272,13 @@ func TestHTTPServerRequestMetrics(t *testing.T) { require.NoError(t, err) require.NoError(t, resp.Body.Close()) - req := <-got + var req *http.Request + select { + case req = <-got: + // All good + case <-time.After(5 * time.Second): + t.Fatal("did not receive a signal in 5s") + } assert.ElementsMatch(t, []attribute.KeyValue{ @@ -250,14 +301,14 @@ func TestHTTPServerName(t *testing.T) { ) portStr := strconv.Itoa(port) server := host + ":" + portStr - assert.NotPanics(t, func() { got = HTTPServerRequest(server, req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest(server, req, HTTPServerRequestOptions{}) }) assert.Contains(t, got, attribute.String("net.host.name", host)) assert.Contains(t, got, attribute.Int("net.host.port", port)) req = &http.Request{Host: "alt.host.name:" + portStr} // The server parameter does not include a port, ServerRequest should use // the port in the request Host field. - assert.NotPanics(t, func() { got = HTTPServerRequest(host, req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest(host, req, HTTPServerRequestOptions{}) }) assert.Contains(t, got, attribute.String("net.host.name", host)) assert.Contains(t, got, attribute.Int("net.host.port", port)) } @@ -265,7 +316,7 @@ func TestHTTPServerName(t *testing.T) { func TestHTTPServerRequestFailsGracefully(t *testing.T) { req := new(http.Request) var got []attribute.KeyValue - assert.NotPanics(t, func() { got = HTTPServerRequest("", req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest("", req, HTTPServerRequestOptions{}) }) want := []attribute.KeyValue{ attribute.String("http.method", "GET"), attribute.String("http.scheme", "http"), diff --git a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/bench_test.go b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/bench_test.go index 869448c285c..c59aa559369 100644 --- a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/bench_test.go +++ b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/bench_test.go @@ -43,6 +43,6 @@ func BenchmarkHTTPServerRequest(b *testing.B) { b.ReportAllocs() b.ResetTimer() for i := 0; i < b.N; i++ { - benchHTTPServerRequestResults = serv.RequestTraceAttrs("", req) + benchHTTPServerRequestResults = serv.RequestTraceAttrs("", req, RequestTraceAttrsOpts{}) } } diff --git a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/env.go b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/env.go index 467f8cca095..9072d98e3cc 100644 --- a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/env.go +++ b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/env.go @@ -61,9 +61,9 @@ type HTTPServer struct { // // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. -func (s HTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { +func (s HTTPServer) RequestTraceAttrs(server string, req *http.Request, opts RequestTraceAttrsOpts) []attribute.KeyValue { if s.duplicate { - return append(OldHTTPServer{}.RequestTraceAttrs(server, req), CurrentHTTPServer{}.RequestTraceAttrs(server, req)...) + return append(OldHTTPServer{}.RequestTraceAttrs(server, req), CurrentHTTPServer{}.RequestTraceAttrs(server, req, opts)...) } return OldHTTPServer{}.RequestTraceAttrs(server, req) } diff --git a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/env_test.go b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/env_test.go index 2a72965a45d..635f171805a 100644 --- a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/env_test.go +++ b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/env_test.go @@ -42,7 +42,7 @@ func TestHTTPServerDoesNotPanic(t *testing.T) { req, err := http.NewRequest("GET", "http://example.com", nil) require.NoError(t, err) - _ = tt.server.RequestTraceAttrs("stuff", req) + _ = tt.server.RequestTraceAttrs("stuff", req, RequestTraceAttrsOpts{}) _ = tt.server.ResponseTraceAttrs(ResponseTelemetry{StatusCode: 200}) tt.server.RecordMetrics(context.Background(), ServerMetricData{ ServerName: "stuff", @@ -250,7 +250,7 @@ func BenchmarkRecordMetrics(b *testing.B) { for _, bm := range benchmarks { b.Run(bm.name, func(b *testing.B) { req, _ := http.NewRequest("GET", "http://example.com", nil) - _ = bm.server.RequestTraceAttrs("stuff", req) + _ = bm.server.RequestTraceAttrs("stuff", req, RequestTraceAttrsOpts{}) _ = bm.server.ResponseTraceAttrs(ResponseTelemetry{StatusCode: 200}) ctx := context.Background() b.ReportAllocs() diff --git a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/httpconv.go b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/httpconv.go index 9ef162db185..7df9d5c10ed 100644 --- a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/httpconv.go +++ b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/httpconv.go @@ -20,6 +20,11 @@ import ( semconvNew "go.opentelemetry.io/otel/semconv/v1.26.0" ) +type RequestTraceAttrsOpts struct { + // If set, this is used as value for the "http.client_ip" attribute. + HTTPClientIP string +} + type CurrentHTTPServer struct{} // RequestTraceAttrs returns trace attributes for an HTTP request received by a @@ -38,7 +43,7 @@ type CurrentHTTPServer struct{} // // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. -func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { +func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request, opts RequestTraceAttrsOpts) []attribute.KeyValue { count := 3 // ServerAddress, Method, Scheme var host string @@ -65,7 +70,8 @@ func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) [ scheme := n.scheme(req.TLS != nil) - if peer, peerPort := SplitHostPort(req.RemoteAddr); peer != "" { + peer, peerPort := SplitHostPort(req.RemoteAddr) + if peer != "" { // The Go HTTP server sets RemoteAddr to "IP:port", this will not be a // file-path that would be interpreted with a sock family. count++ @@ -79,7 +85,17 @@ func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) [ count++ } - clientIP := serverClientIP(req.Header.Get("X-Forwarded-For")) + // For client IP, use, in order: + // 1. The value passed in the options + // 2. The value in the X-Forwarded-For header + // 3. The peer address + clientIP := opts.HTTPClientIP + if clientIP == "" { + clientIP = serverClientIP(req.Header.Get("X-Forwarded-For")) + if clientIP == "" { + clientIP = peer + } + } if clientIP != "" { count++ } diff --git a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/httpconv_test.go b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/httpconv_test.go index 847634dc149..a398203ba58 100644 --- a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/httpconv_test.go +++ b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/httpconv_test.go @@ -263,7 +263,7 @@ func TestRequestTraceAttrs_HTTPRoute(t *testing.T) { req.Pattern = "/high/cardinality/path/{id}" var found bool - for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req) { + for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req, RequestTraceAttrsOpts{}) { if attr.Key != "http.route" { continue } @@ -272,3 +272,54 @@ func TestRequestTraceAttrs_HTTPRoute(t *testing.T) { } require.True(t, found) } + +func TestRequestTraceAttrs_ClientIP(t *testing.T) { + for _, tt := range []struct { + name string + requestModifierFn func(r *http.Request) + requestTraceOpts RequestTraceAttrsOpts + + wantClientIP string + }{ + { + name: "with a client IP from the network", + wantClientIP: "1.2.3.4", + }, + { + name: "with a client IP from x-forwarded-for header", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + wantClientIP: "5.6.7.8", + }, + { + name: "with a client IP in options", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + requestTraceOpts: RequestTraceAttrsOpts{ + HTTPClientIP: "9.8.7.6", + }, + wantClientIP: "9.8.7.6", + }, + } { + t.Run(tt.name, func(t *testing.T) { + req := httptest.NewRequest("GET", "/example", nil) + req.RemoteAddr = "1.2.3.4:5678" + + if tt.requestModifierFn != nil { + tt.requestModifierFn(req) + } + + var found bool + for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req, tt.requestTraceOpts) { + if attr.Key != "client.address" { + continue + } + found = true + assert.Equal(t, tt.wantClientIP, attr.Value.AsString()) + } + require.True(t, found) + }) + } +} diff --git a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/test/common_test.go b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/test/common_test.go index 72413e64f76..4f90da2b17e 100644 --- a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/test/common_test.go +++ b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/test/common_test.go @@ -67,5 +67,5 @@ func testTraceRequest(t *testing.T, serv semconv.HTTPServer, want func(testServe clientIP: clientIP, } - assert.ElementsMatch(t, want(srvReq), serv.RequestTraceAttrs("", req)) + assert.ElementsMatch(t, want(srvReq), serv.RequestTraceAttrs("", req, semconv.RequestTraceAttrsOpts{})) } diff --git a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/v1.20.0.go b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/v1.20.0.go index 6bc1eeb063c..22ac74b8e35 100644 --- a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/v1.20.0.go +++ b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconv/v1.20.0.go @@ -38,7 +38,7 @@ type OldHTTPServer struct{} // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. func (o OldHTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { - return semconvutil.HTTPServerRequest(server, req) + return semconvutil.HTTPServerRequest(server, req, semconvutil.HTTPServerRequestOptions{}) } func (o OldHTTPServer) NetworkTransportAttr(network string) attribute.KeyValue { diff --git a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconvutil/httpconv.go b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconvutil/httpconv.go index 525ee31ffe8..3bba9388fbe 100644 --- a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconvutil/httpconv.go +++ b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconvutil/httpconv.go @@ -16,6 +16,11 @@ import ( semconv "go.opentelemetry.io/otel/semconv/v1.20.0" ) +type HTTPServerRequestOptions struct { + // If set, this is used as value for the "http.client_ip" attribute. + HTTPClientIP string +} + // HTTPClientResponse returns trace attributes for an HTTP response received by a // client from a server. It will return the following attributes if the related // values are defined in resp: "http.status.code", @@ -75,8 +80,8 @@ func HTTPClientStatus(code int) (codes.Code, string) { // "http.target", "net.host.name". The following attributes are returned if // they related values are defined in req: "net.host.port", "net.sock.peer.addr", // "net.sock.peer.port", "user_agent.original", "http.client_ip". -func HTTPServerRequest(server string, req *http.Request) []attribute.KeyValue { - return hc.ServerRequest(server, req) +func HTTPServerRequest(server string, req *http.Request, opts HTTPServerRequestOptions) []attribute.KeyValue { + return hc.ServerRequest(server, req, opts) } // HTTPServerRequestMetrics returns metric attributes for an HTTP request received by a @@ -305,7 +310,7 @@ func (c *httpConv) ClientRequestMetrics(req *http.Request) []attribute.KeyValue // related values are defined in req: "net.host.port", "net.sock.peer.addr", // "net.sock.peer.port", "user_agent.original", "http.client_ip", // "net.protocol.name", "net.protocol.version". -func (c *httpConv) ServerRequest(server string, req *http.Request) []attribute.KeyValue { +func (c *httpConv) ServerRequest(server string, req *http.Request, opts HTTPServerRequestOptions) []attribute.KeyValue { /* The following semantic conventions are returned if present: http.method string http.scheme string @@ -358,7 +363,17 @@ func (c *httpConv) ServerRequest(server string, req *http.Request) []attribute.K n++ } - clientIP := serverClientIP(req.Header.Get("X-Forwarded-For")) + // For client IP, use, in order: + // 1. The value passed in the options + // 2. The value in the X-Forwarded-For header + // 3. The peer address + clientIP := opts.HTTPClientIP + if clientIP == "" { + clientIP = serverClientIP(req.Header.Get("X-Forwarded-For")) + if clientIP == "" { + clientIP = peer + } + } if clientIP != "" { n++ } diff --git a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconvutil/httpconv_test.go b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconvutil/httpconv_test.go index 553c75569e5..9b618b558cd 100644 --- a/instrumentation/github.com/gorilla/mux/otelmux/internal/semconvutil/httpconv_test.go +++ b/instrumentation/github.com/gorilla/mux/otelmux/internal/semconvutil/httpconv_test.go @@ -12,6 +12,7 @@ import ( "net/url" "strconv" "testing" + "time" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -165,47 +166,91 @@ func TestHTTPClientRequestRequired(t *testing.T) { } func TestHTTPServerRequest(t *testing.T) { - got := make(chan *http.Request, 1) - handler := func(w http.ResponseWriter, r *http.Request) { - got <- r - w.WriteHeader(http.StatusOK) - } + for _, tt := range []struct { + name string + requestModifierFn func(r *http.Request) + httpServerRequestOpts HTTPServerRequestOptions - srv := httptest.NewServer(http.HandlerFunc(handler)) - defer srv.Close() + wantClientIP string + }{ + { + name: "with a client IP from the network", + wantClientIP: "1.2.3.4", + }, + { + name: "with a client IP from x-forwarded-for header", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + wantClientIP: "5.6.7.8", + }, + { + name: "with a client IP in options", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + httpServerRequestOpts: HTTPServerRequestOptions{ + HTTPClientIP: "9.8.7.6", + }, + wantClientIP: "9.8.7.6", + }, + } { + t.Run(tt.name, func(t *testing.T) { + reqCh := make(chan *http.Request, 1) + handler := func(w http.ResponseWriter, r *http.Request) { + r.RemoteAddr = "1.2.3.4:5678" + reqCh <- r + w.WriteHeader(http.StatusOK) + } - srvURL, err := url.Parse(srv.URL) - require.NoError(t, err) - srvPort, err := strconv.ParseInt(srvURL.Port(), 10, 32) - require.NoError(t, err) + srv := httptest.NewServer(http.HandlerFunc(handler)) + defer srv.Close() - resp, err := srv.Client().Get(srv.URL) - require.NoError(t, err) - require.NoError(t, resp.Body.Close()) + srvURL, err := url.Parse(srv.URL) + require.NoError(t, err) + srvPort, err := strconv.ParseInt(srvURL.Port(), 10, 32) + require.NoError(t, err) - req := <-got - peer, peerPort := splitHostPort(req.RemoteAddr) + req, err := http.NewRequest(http.MethodGet, srv.URL, nil) + require.NoError(t, err) - const user = "alice" - req.SetBasicAuth(user, "pswrd") + if tt.requestModifierFn != nil { + tt.requestModifierFn(req) + } - const clientIP = "127.0.0.5" - req.Header.Add("X-Forwarded-For", clientIP) + resp, err := srv.Client().Do(req) + require.NoError(t, err) + require.NoError(t, resp.Body.Close()) - assert.ElementsMatch(t, - []attribute.KeyValue{ - attribute.String("http.method", "GET"), - attribute.String("http.scheme", "http"), - attribute.String("net.host.name", srvURL.Hostname()), - attribute.Int("net.host.port", int(srvPort)), - attribute.String("net.sock.peer.addr", peer), - attribute.Int("net.sock.peer.port", peerPort), - attribute.String("user_agent.original", "Go-http-client/1.1"), - attribute.String("http.client_ip", clientIP), - attribute.String("net.protocol.version", "1.1"), - attribute.String("http.target", "/"), - }, - HTTPServerRequest("", req)) + var got *http.Request + select { + case got = <-reqCh: + // All good + case <-time.After(5 * time.Second): + t.Fatal("Did not receive a signal in 5s") + } + + peer, peerPort := splitHostPort(got.RemoteAddr) + + const user = "alice" + got.SetBasicAuth(user, "pswrd") + + assert.ElementsMatch(t, + []attribute.KeyValue{ + attribute.String("http.method", "GET"), + attribute.String("http.scheme", "http"), + attribute.String("net.host.name", srvURL.Hostname()), + attribute.Int("net.host.port", int(srvPort)), + attribute.String("net.sock.peer.addr", peer), + attribute.Int("net.sock.peer.port", peerPort), + attribute.String("user_agent.original", "Go-http-client/1.1"), + attribute.String("http.client_ip", tt.wantClientIP), + attribute.String("net.protocol.version", "1.1"), + attribute.String("http.target", "/"), + }, + HTTPServerRequest("", got, tt.httpServerRequestOpts)) + }) + } } func TestHTTPServerRequestMetrics(t *testing.T) { @@ -227,7 +272,13 @@ func TestHTTPServerRequestMetrics(t *testing.T) { require.NoError(t, err) require.NoError(t, resp.Body.Close()) - req := <-got + var req *http.Request + select { + case req = <-got: + // All good + case <-time.After(5 * time.Second): + t.Fatal("did not receive a signal in 5s") + } assert.ElementsMatch(t, []attribute.KeyValue{ @@ -250,14 +301,14 @@ func TestHTTPServerName(t *testing.T) { ) portStr := strconv.Itoa(port) server := host + ":" + portStr - assert.NotPanics(t, func() { got = HTTPServerRequest(server, req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest(server, req, HTTPServerRequestOptions{}) }) assert.Contains(t, got, attribute.String("net.host.name", host)) assert.Contains(t, got, attribute.Int("net.host.port", port)) req = &http.Request{Host: "alt.host.name:" + portStr} // The server parameter does not include a port, ServerRequest should use // the port in the request Host field. - assert.NotPanics(t, func() { got = HTTPServerRequest(host, req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest(host, req, HTTPServerRequestOptions{}) }) assert.Contains(t, got, attribute.String("net.host.name", host)) assert.Contains(t, got, attribute.Int("net.host.port", port)) } @@ -265,7 +316,7 @@ func TestHTTPServerName(t *testing.T) { func TestHTTPServerRequestFailsGracefully(t *testing.T) { req := new(http.Request) var got []attribute.KeyValue - assert.NotPanics(t, func() { got = HTTPServerRequest("", req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest("", req, HTTPServerRequestOptions{}) }) want := []attribute.KeyValue{ attribute.String("http.method", "GET"), attribute.String("http.scheme", "http"), diff --git a/instrumentation/github.com/gorilla/mux/otelmux/mux.go b/instrumentation/github.com/gorilla/mux/otelmux/mux.go index 239fa3be28d..73eec8584f7 100644 --- a/instrumentation/github.com/gorilla/mux/otelmux/mux.go +++ b/instrumentation/github.com/gorilla/mux/otelmux/mux.go @@ -102,7 +102,7 @@ func (tw traceware) ServeHTTP(w http.ResponseWriter, r *http.Request) { ctx := tw.propagators.Extract(r.Context(), propagation.HeaderCarrier(r.Header)) opts := []trace.SpanStartOption{ - trace.WithAttributes(tw.semconv.RequestTraceAttrs(tw.service, r)...), + trace.WithAttributes(tw.semconv.RequestTraceAttrs(tw.service, r, semconv.RequestTraceAttrsOpts{})...), trace.WithSpanKind(trace.SpanKindServer), } diff --git a/instrumentation/github.com/labstack/echo/otelecho/echo.go b/instrumentation/github.com/labstack/echo/otelecho/echo.go index bdbbef24d80..b3944535dbe 100644 --- a/instrumentation/github.com/labstack/echo/otelecho/echo.go +++ b/instrumentation/github.com/labstack/echo/otelecho/echo.go @@ -61,7 +61,7 @@ func Middleware(service string, opts ...Option) echo.MiddlewareFunc { }() ctx := cfg.Propagators.Extract(savedCtx, propagation.HeaderCarrier(request.Header)) opts := []oteltrace.SpanStartOption{ - oteltrace.WithAttributes(semconvutil.HTTPServerRequest(service, request)...), + oteltrace.WithAttributes(semconvutil.HTTPServerRequest(service, request, semconvutil.HTTPServerRequestOptions{})...), oteltrace.WithSpanKind(oteltrace.SpanKindServer), } if path := c.Path(); path != "" { diff --git a/instrumentation/github.com/labstack/echo/otelecho/internal/semconvutil/httpconv.go b/instrumentation/github.com/labstack/echo/otelecho/internal/semconvutil/httpconv.go index d9384c3e3fb..094a7dddd45 100644 --- a/instrumentation/github.com/labstack/echo/otelecho/internal/semconvutil/httpconv.go +++ b/instrumentation/github.com/labstack/echo/otelecho/internal/semconvutil/httpconv.go @@ -16,6 +16,11 @@ import ( semconv "go.opentelemetry.io/otel/semconv/v1.20.0" ) +type HTTPServerRequestOptions struct { + // If set, this is used as value for the "http.client_ip" attribute. + HTTPClientIP string +} + // HTTPClientResponse returns trace attributes for an HTTP response received by a // client from a server. It will return the following attributes if the related // values are defined in resp: "http.status.code", @@ -75,8 +80,8 @@ func HTTPClientStatus(code int) (codes.Code, string) { // "http.target", "net.host.name". The following attributes are returned if // they related values are defined in req: "net.host.port", "net.sock.peer.addr", // "net.sock.peer.port", "user_agent.original", "http.client_ip". -func HTTPServerRequest(server string, req *http.Request) []attribute.KeyValue { - return hc.ServerRequest(server, req) +func HTTPServerRequest(server string, req *http.Request, opts HTTPServerRequestOptions) []attribute.KeyValue { + return hc.ServerRequest(server, req, opts) } // HTTPServerRequestMetrics returns metric attributes for an HTTP request received by a @@ -305,7 +310,7 @@ func (c *httpConv) ClientRequestMetrics(req *http.Request) []attribute.KeyValue // related values are defined in req: "net.host.port", "net.sock.peer.addr", // "net.sock.peer.port", "user_agent.original", "http.client_ip", // "net.protocol.name", "net.protocol.version". -func (c *httpConv) ServerRequest(server string, req *http.Request) []attribute.KeyValue { +func (c *httpConv) ServerRequest(server string, req *http.Request, opts HTTPServerRequestOptions) []attribute.KeyValue { /* The following semantic conventions are returned if present: http.method string http.scheme string @@ -358,7 +363,17 @@ func (c *httpConv) ServerRequest(server string, req *http.Request) []attribute.K n++ } - clientIP := serverClientIP(req.Header.Get("X-Forwarded-For")) + // For client IP, use, in order: + // 1. The value passed in the options + // 2. The value in the X-Forwarded-For header + // 3. The peer address + clientIP := opts.HTTPClientIP + if clientIP == "" { + clientIP = serverClientIP(req.Header.Get("X-Forwarded-For")) + if clientIP == "" { + clientIP = peer + } + } if clientIP != "" { n++ } diff --git a/instrumentation/github.com/labstack/echo/otelecho/internal/semconvutil/httpconv_test.go b/instrumentation/github.com/labstack/echo/otelecho/internal/semconvutil/httpconv_test.go index 553c75569e5..9b618b558cd 100644 --- a/instrumentation/github.com/labstack/echo/otelecho/internal/semconvutil/httpconv_test.go +++ b/instrumentation/github.com/labstack/echo/otelecho/internal/semconvutil/httpconv_test.go @@ -12,6 +12,7 @@ import ( "net/url" "strconv" "testing" + "time" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -165,47 +166,91 @@ func TestHTTPClientRequestRequired(t *testing.T) { } func TestHTTPServerRequest(t *testing.T) { - got := make(chan *http.Request, 1) - handler := func(w http.ResponseWriter, r *http.Request) { - got <- r - w.WriteHeader(http.StatusOK) - } + for _, tt := range []struct { + name string + requestModifierFn func(r *http.Request) + httpServerRequestOpts HTTPServerRequestOptions - srv := httptest.NewServer(http.HandlerFunc(handler)) - defer srv.Close() + wantClientIP string + }{ + { + name: "with a client IP from the network", + wantClientIP: "1.2.3.4", + }, + { + name: "with a client IP from x-forwarded-for header", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + wantClientIP: "5.6.7.8", + }, + { + name: "with a client IP in options", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + httpServerRequestOpts: HTTPServerRequestOptions{ + HTTPClientIP: "9.8.7.6", + }, + wantClientIP: "9.8.7.6", + }, + } { + t.Run(tt.name, func(t *testing.T) { + reqCh := make(chan *http.Request, 1) + handler := func(w http.ResponseWriter, r *http.Request) { + r.RemoteAddr = "1.2.3.4:5678" + reqCh <- r + w.WriteHeader(http.StatusOK) + } - srvURL, err := url.Parse(srv.URL) - require.NoError(t, err) - srvPort, err := strconv.ParseInt(srvURL.Port(), 10, 32) - require.NoError(t, err) + srv := httptest.NewServer(http.HandlerFunc(handler)) + defer srv.Close() - resp, err := srv.Client().Get(srv.URL) - require.NoError(t, err) - require.NoError(t, resp.Body.Close()) + srvURL, err := url.Parse(srv.URL) + require.NoError(t, err) + srvPort, err := strconv.ParseInt(srvURL.Port(), 10, 32) + require.NoError(t, err) - req := <-got - peer, peerPort := splitHostPort(req.RemoteAddr) + req, err := http.NewRequest(http.MethodGet, srv.URL, nil) + require.NoError(t, err) - const user = "alice" - req.SetBasicAuth(user, "pswrd") + if tt.requestModifierFn != nil { + tt.requestModifierFn(req) + } - const clientIP = "127.0.0.5" - req.Header.Add("X-Forwarded-For", clientIP) + resp, err := srv.Client().Do(req) + require.NoError(t, err) + require.NoError(t, resp.Body.Close()) - assert.ElementsMatch(t, - []attribute.KeyValue{ - attribute.String("http.method", "GET"), - attribute.String("http.scheme", "http"), - attribute.String("net.host.name", srvURL.Hostname()), - attribute.Int("net.host.port", int(srvPort)), - attribute.String("net.sock.peer.addr", peer), - attribute.Int("net.sock.peer.port", peerPort), - attribute.String("user_agent.original", "Go-http-client/1.1"), - attribute.String("http.client_ip", clientIP), - attribute.String("net.protocol.version", "1.1"), - attribute.String("http.target", "/"), - }, - HTTPServerRequest("", req)) + var got *http.Request + select { + case got = <-reqCh: + // All good + case <-time.After(5 * time.Second): + t.Fatal("Did not receive a signal in 5s") + } + + peer, peerPort := splitHostPort(got.RemoteAddr) + + const user = "alice" + got.SetBasicAuth(user, "pswrd") + + assert.ElementsMatch(t, + []attribute.KeyValue{ + attribute.String("http.method", "GET"), + attribute.String("http.scheme", "http"), + attribute.String("net.host.name", srvURL.Hostname()), + attribute.Int("net.host.port", int(srvPort)), + attribute.String("net.sock.peer.addr", peer), + attribute.Int("net.sock.peer.port", peerPort), + attribute.String("user_agent.original", "Go-http-client/1.1"), + attribute.String("http.client_ip", tt.wantClientIP), + attribute.String("net.protocol.version", "1.1"), + attribute.String("http.target", "/"), + }, + HTTPServerRequest("", got, tt.httpServerRequestOpts)) + }) + } } func TestHTTPServerRequestMetrics(t *testing.T) { @@ -227,7 +272,13 @@ func TestHTTPServerRequestMetrics(t *testing.T) { require.NoError(t, err) require.NoError(t, resp.Body.Close()) - req := <-got + var req *http.Request + select { + case req = <-got: + // All good + case <-time.After(5 * time.Second): + t.Fatal("did not receive a signal in 5s") + } assert.ElementsMatch(t, []attribute.KeyValue{ @@ -250,14 +301,14 @@ func TestHTTPServerName(t *testing.T) { ) portStr := strconv.Itoa(port) server := host + ":" + portStr - assert.NotPanics(t, func() { got = HTTPServerRequest(server, req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest(server, req, HTTPServerRequestOptions{}) }) assert.Contains(t, got, attribute.String("net.host.name", host)) assert.Contains(t, got, attribute.Int("net.host.port", port)) req = &http.Request{Host: "alt.host.name:" + portStr} // The server parameter does not include a port, ServerRequest should use // the port in the request Host field. - assert.NotPanics(t, func() { got = HTTPServerRequest(host, req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest(host, req, HTTPServerRequestOptions{}) }) assert.Contains(t, got, attribute.String("net.host.name", host)) assert.Contains(t, got, attribute.Int("net.host.port", port)) } @@ -265,7 +316,7 @@ func TestHTTPServerName(t *testing.T) { func TestHTTPServerRequestFailsGracefully(t *testing.T) { req := new(http.Request) var got []attribute.KeyValue - assert.NotPanics(t, func() { got = HTTPServerRequest("", req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest("", req, HTTPServerRequestOptions{}) }) want := []attribute.KeyValue{ attribute.String("http.method", "GET"), attribute.String("http.scheme", "http"), diff --git a/instrumentation/net/http/httptrace/otelhttptrace/httptrace.go b/instrumentation/net/http/httptrace/otelhttptrace/httptrace.go index baf3abdf9bc..70e17376472 100644 --- a/instrumentation/net/http/httptrace/otelhttptrace/httptrace.go +++ b/instrumentation/net/http/httptrace/otelhttptrace/httptrace.go @@ -55,7 +55,7 @@ func Extract(ctx context.Context, req *http.Request, opts ...Option) ([]attribut semconvSrv := semconv.NewHTTPServer(nil) - attrs := append(semconvSrv.RequestTraceAttrs("", req), semconvSrv.NetworkTransportAttr("tcp")...) + attrs := append(semconvSrv.RequestTraceAttrs("", req, semconv.RequestTraceAttrsOpts{}), semconvSrv.NetworkTransportAttr("tcp")...) attrs = append(attrs, semconvSrv.ResponseTraceAttrs(semconv.ResponseTelemetry{ ReadBytes: req.ContentLength, })...) diff --git a/instrumentation/net/http/httptrace/otelhttptrace/httptrace_test.go b/instrumentation/net/http/httptrace/otelhttptrace/httptrace_test.go index faf81b85640..e9a5a73e71f 100644 --- a/instrumentation/net/http/httptrace/otelhttptrace/httptrace_test.go +++ b/instrumentation/net/http/httptrace/otelhttptrace/httptrace_test.go @@ -78,6 +78,7 @@ func TestRoundtrip(t *testing.T) { semconv.HTTPSchemeKey: "http", semconv.HTTPTargetKey: "/", semconv.HTTPRequestContentLengthKey: "3", + semconv.HTTPClientIPKey: hp[0], semconv.NetSockPeerAddrKey: hp[0], semconv.NetTransportKey: "ip_tcp", semconv.UserAgentOriginalKey: "Go-http-client/1.1", diff --git a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/bench_test.go b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/bench_test.go index 869448c285c..c59aa559369 100644 --- a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/bench_test.go +++ b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/bench_test.go @@ -43,6 +43,6 @@ func BenchmarkHTTPServerRequest(b *testing.B) { b.ReportAllocs() b.ResetTimer() for i := 0; i < b.N; i++ { - benchHTTPServerRequestResults = serv.RequestTraceAttrs("", req) + benchHTTPServerRequestResults = serv.RequestTraceAttrs("", req, RequestTraceAttrsOpts{}) } } diff --git a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/env.go b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/env.go index 15f48b326de..cc92ee57207 100644 --- a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/env.go +++ b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/env.go @@ -61,9 +61,9 @@ type HTTPServer struct { // // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. -func (s HTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { +func (s HTTPServer) RequestTraceAttrs(server string, req *http.Request, opts RequestTraceAttrsOpts) []attribute.KeyValue { if s.duplicate { - return append(OldHTTPServer{}.RequestTraceAttrs(server, req), CurrentHTTPServer{}.RequestTraceAttrs(server, req)...) + return append(OldHTTPServer{}.RequestTraceAttrs(server, req), CurrentHTTPServer{}.RequestTraceAttrs(server, req, opts)...) } return OldHTTPServer{}.RequestTraceAttrs(server, req) } diff --git a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/env_test.go b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/env_test.go index 2a72965a45d..635f171805a 100644 --- a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/env_test.go +++ b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/env_test.go @@ -42,7 +42,7 @@ func TestHTTPServerDoesNotPanic(t *testing.T) { req, err := http.NewRequest("GET", "http://example.com", nil) require.NoError(t, err) - _ = tt.server.RequestTraceAttrs("stuff", req) + _ = tt.server.RequestTraceAttrs("stuff", req, RequestTraceAttrsOpts{}) _ = tt.server.ResponseTraceAttrs(ResponseTelemetry{StatusCode: 200}) tt.server.RecordMetrics(context.Background(), ServerMetricData{ ServerName: "stuff", @@ -250,7 +250,7 @@ func BenchmarkRecordMetrics(b *testing.B) { for _, bm := range benchmarks { b.Run(bm.name, func(b *testing.B) { req, _ := http.NewRequest("GET", "http://example.com", nil) - _ = bm.server.RequestTraceAttrs("stuff", req) + _ = bm.server.RequestTraceAttrs("stuff", req, RequestTraceAttrsOpts{}) _ = bm.server.ResponseTraceAttrs(ResponseTelemetry{StatusCode: 200}) ctx := context.Background() b.ReportAllocs() diff --git a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/httpconv.go b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/httpconv.go index d5a80836dd1..0fed9361b7e 100644 --- a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/httpconv.go +++ b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/httpconv.go @@ -20,6 +20,11 @@ import ( semconvNew "go.opentelemetry.io/otel/semconv/v1.26.0" ) +type RequestTraceAttrsOpts struct { + // If set, this is used as value for the "http.client_ip" attribute. + HTTPClientIP string +} + type CurrentHTTPServer struct{} // RequestTraceAttrs returns trace attributes for an HTTP request received by a @@ -38,7 +43,7 @@ type CurrentHTTPServer struct{} // // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. -func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { +func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request, opts RequestTraceAttrsOpts) []attribute.KeyValue { count := 3 // ServerAddress, Method, Scheme var host string @@ -65,7 +70,8 @@ func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) [ scheme := n.scheme(req.TLS != nil) - if peer, peerPort := SplitHostPort(req.RemoteAddr); peer != "" { + peer, peerPort := SplitHostPort(req.RemoteAddr) + if peer != "" { // The Go HTTP server sets RemoteAddr to "IP:port", this will not be a // file-path that would be interpreted with a sock family. count++ @@ -79,7 +85,17 @@ func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) [ count++ } - clientIP := serverClientIP(req.Header.Get("X-Forwarded-For")) + // For client IP, use, in order: + // 1. The value passed in the options + // 2. The value in the X-Forwarded-For header + // 3. The peer address + clientIP := opts.HTTPClientIP + if clientIP == "" { + clientIP = serverClientIP(req.Header.Get("X-Forwarded-For")) + if clientIP == "" { + clientIP = peer + } + } if clientIP != "" { count++ } diff --git a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/httpconv_test.go b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/httpconv_test.go index 847634dc149..a398203ba58 100644 --- a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/httpconv_test.go +++ b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/httpconv_test.go @@ -263,7 +263,7 @@ func TestRequestTraceAttrs_HTTPRoute(t *testing.T) { req.Pattern = "/high/cardinality/path/{id}" var found bool - for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req) { + for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req, RequestTraceAttrsOpts{}) { if attr.Key != "http.route" { continue } @@ -272,3 +272,54 @@ func TestRequestTraceAttrs_HTTPRoute(t *testing.T) { } require.True(t, found) } + +func TestRequestTraceAttrs_ClientIP(t *testing.T) { + for _, tt := range []struct { + name string + requestModifierFn func(r *http.Request) + requestTraceOpts RequestTraceAttrsOpts + + wantClientIP string + }{ + { + name: "with a client IP from the network", + wantClientIP: "1.2.3.4", + }, + { + name: "with a client IP from x-forwarded-for header", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + wantClientIP: "5.6.7.8", + }, + { + name: "with a client IP in options", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + requestTraceOpts: RequestTraceAttrsOpts{ + HTTPClientIP: "9.8.7.6", + }, + wantClientIP: "9.8.7.6", + }, + } { + t.Run(tt.name, func(t *testing.T) { + req := httptest.NewRequest("GET", "/example", nil) + req.RemoteAddr = "1.2.3.4:5678" + + if tt.requestModifierFn != nil { + tt.requestModifierFn(req) + } + + var found bool + for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req, tt.requestTraceOpts) { + if attr.Key != "client.address" { + continue + } + found = true + assert.Equal(t, tt.wantClientIP, attr.Value.AsString()) + } + require.True(t, found) + }) + } +} diff --git a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/test/common_test.go b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/test/common_test.go index fb1c0098bbc..37b9c8eb87d 100644 --- a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/test/common_test.go +++ b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/test/common_test.go @@ -67,5 +67,5 @@ func testTraceRequest(t *testing.T, serv semconv.HTTPServer, want func(testServe clientIP: clientIP, } - assert.ElementsMatch(t, want(srvReq), serv.RequestTraceAttrs("", req)) + assert.ElementsMatch(t, want(srvReq), serv.RequestTraceAttrs("", req, semconv.RequestTraceAttrsOpts{})) } diff --git a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/v1.20.0.go b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/v1.20.0.go index 414c0027767..8f1443165f5 100644 --- a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/v1.20.0.go +++ b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconv/v1.20.0.go @@ -38,7 +38,7 @@ type OldHTTPServer struct{} // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. func (o OldHTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { - return semconvutil.HTTPServerRequest(server, req) + return semconvutil.HTTPServerRequest(server, req, semconvutil.HTTPServerRequestOptions{}) } func (o OldHTTPServer) NetworkTransportAttr(network string) attribute.KeyValue { diff --git a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconvutil/httpconv.go b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconvutil/httpconv.go index 811d4f3fe21..6f73d0b1610 100644 --- a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconvutil/httpconv.go +++ b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconvutil/httpconv.go @@ -16,6 +16,11 @@ import ( semconv "go.opentelemetry.io/otel/semconv/v1.20.0" ) +type HTTPServerRequestOptions struct { + // If set, this is used as value for the "http.client_ip" attribute. + HTTPClientIP string +} + // HTTPClientResponse returns trace attributes for an HTTP response received by a // client from a server. It will return the following attributes if the related // values are defined in resp: "http.status.code", @@ -75,8 +80,8 @@ func HTTPClientStatus(code int) (codes.Code, string) { // "http.target", "net.host.name". The following attributes are returned if // they related values are defined in req: "net.host.port", "net.sock.peer.addr", // "net.sock.peer.port", "user_agent.original", "http.client_ip". -func HTTPServerRequest(server string, req *http.Request) []attribute.KeyValue { - return hc.ServerRequest(server, req) +func HTTPServerRequest(server string, req *http.Request, opts HTTPServerRequestOptions) []attribute.KeyValue { + return hc.ServerRequest(server, req, opts) } // HTTPServerRequestMetrics returns metric attributes for an HTTP request received by a @@ -305,7 +310,7 @@ func (c *httpConv) ClientRequestMetrics(req *http.Request) []attribute.KeyValue // related values are defined in req: "net.host.port", "net.sock.peer.addr", // "net.sock.peer.port", "user_agent.original", "http.client_ip", // "net.protocol.name", "net.protocol.version". -func (c *httpConv) ServerRequest(server string, req *http.Request) []attribute.KeyValue { +func (c *httpConv) ServerRequest(server string, req *http.Request, opts HTTPServerRequestOptions) []attribute.KeyValue { /* The following semantic conventions are returned if present: http.method string http.scheme string @@ -358,7 +363,17 @@ func (c *httpConv) ServerRequest(server string, req *http.Request) []attribute.K n++ } - clientIP := serverClientIP(req.Header.Get("X-Forwarded-For")) + // For client IP, use, in order: + // 1. The value passed in the options + // 2. The value in the X-Forwarded-For header + // 3. The peer address + clientIP := opts.HTTPClientIP + if clientIP == "" { + clientIP = serverClientIP(req.Header.Get("X-Forwarded-For")) + if clientIP == "" { + clientIP = peer + } + } if clientIP != "" { n++ } diff --git a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconvutil/httpconv_test.go b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconvutil/httpconv_test.go index 553c75569e5..9b618b558cd 100644 --- a/instrumentation/net/http/httptrace/otelhttptrace/internal/semconvutil/httpconv_test.go +++ b/instrumentation/net/http/httptrace/otelhttptrace/internal/semconvutil/httpconv_test.go @@ -12,6 +12,7 @@ import ( "net/url" "strconv" "testing" + "time" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -165,47 +166,91 @@ func TestHTTPClientRequestRequired(t *testing.T) { } func TestHTTPServerRequest(t *testing.T) { - got := make(chan *http.Request, 1) - handler := func(w http.ResponseWriter, r *http.Request) { - got <- r - w.WriteHeader(http.StatusOK) - } + for _, tt := range []struct { + name string + requestModifierFn func(r *http.Request) + httpServerRequestOpts HTTPServerRequestOptions - srv := httptest.NewServer(http.HandlerFunc(handler)) - defer srv.Close() + wantClientIP string + }{ + { + name: "with a client IP from the network", + wantClientIP: "1.2.3.4", + }, + { + name: "with a client IP from x-forwarded-for header", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + wantClientIP: "5.6.7.8", + }, + { + name: "with a client IP in options", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + httpServerRequestOpts: HTTPServerRequestOptions{ + HTTPClientIP: "9.8.7.6", + }, + wantClientIP: "9.8.7.6", + }, + } { + t.Run(tt.name, func(t *testing.T) { + reqCh := make(chan *http.Request, 1) + handler := func(w http.ResponseWriter, r *http.Request) { + r.RemoteAddr = "1.2.3.4:5678" + reqCh <- r + w.WriteHeader(http.StatusOK) + } - srvURL, err := url.Parse(srv.URL) - require.NoError(t, err) - srvPort, err := strconv.ParseInt(srvURL.Port(), 10, 32) - require.NoError(t, err) + srv := httptest.NewServer(http.HandlerFunc(handler)) + defer srv.Close() - resp, err := srv.Client().Get(srv.URL) - require.NoError(t, err) - require.NoError(t, resp.Body.Close()) + srvURL, err := url.Parse(srv.URL) + require.NoError(t, err) + srvPort, err := strconv.ParseInt(srvURL.Port(), 10, 32) + require.NoError(t, err) - req := <-got - peer, peerPort := splitHostPort(req.RemoteAddr) + req, err := http.NewRequest(http.MethodGet, srv.URL, nil) + require.NoError(t, err) - const user = "alice" - req.SetBasicAuth(user, "pswrd") + if tt.requestModifierFn != nil { + tt.requestModifierFn(req) + } - const clientIP = "127.0.0.5" - req.Header.Add("X-Forwarded-For", clientIP) + resp, err := srv.Client().Do(req) + require.NoError(t, err) + require.NoError(t, resp.Body.Close()) - assert.ElementsMatch(t, - []attribute.KeyValue{ - attribute.String("http.method", "GET"), - attribute.String("http.scheme", "http"), - attribute.String("net.host.name", srvURL.Hostname()), - attribute.Int("net.host.port", int(srvPort)), - attribute.String("net.sock.peer.addr", peer), - attribute.Int("net.sock.peer.port", peerPort), - attribute.String("user_agent.original", "Go-http-client/1.1"), - attribute.String("http.client_ip", clientIP), - attribute.String("net.protocol.version", "1.1"), - attribute.String("http.target", "/"), - }, - HTTPServerRequest("", req)) + var got *http.Request + select { + case got = <-reqCh: + // All good + case <-time.After(5 * time.Second): + t.Fatal("Did not receive a signal in 5s") + } + + peer, peerPort := splitHostPort(got.RemoteAddr) + + const user = "alice" + got.SetBasicAuth(user, "pswrd") + + assert.ElementsMatch(t, + []attribute.KeyValue{ + attribute.String("http.method", "GET"), + attribute.String("http.scheme", "http"), + attribute.String("net.host.name", srvURL.Hostname()), + attribute.Int("net.host.port", int(srvPort)), + attribute.String("net.sock.peer.addr", peer), + attribute.Int("net.sock.peer.port", peerPort), + attribute.String("user_agent.original", "Go-http-client/1.1"), + attribute.String("http.client_ip", tt.wantClientIP), + attribute.String("net.protocol.version", "1.1"), + attribute.String("http.target", "/"), + }, + HTTPServerRequest("", got, tt.httpServerRequestOpts)) + }) + } } func TestHTTPServerRequestMetrics(t *testing.T) { @@ -227,7 +272,13 @@ func TestHTTPServerRequestMetrics(t *testing.T) { require.NoError(t, err) require.NoError(t, resp.Body.Close()) - req := <-got + var req *http.Request + select { + case req = <-got: + // All good + case <-time.After(5 * time.Second): + t.Fatal("did not receive a signal in 5s") + } assert.ElementsMatch(t, []attribute.KeyValue{ @@ -250,14 +301,14 @@ func TestHTTPServerName(t *testing.T) { ) portStr := strconv.Itoa(port) server := host + ":" + portStr - assert.NotPanics(t, func() { got = HTTPServerRequest(server, req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest(server, req, HTTPServerRequestOptions{}) }) assert.Contains(t, got, attribute.String("net.host.name", host)) assert.Contains(t, got, attribute.Int("net.host.port", port)) req = &http.Request{Host: "alt.host.name:" + portStr} // The server parameter does not include a port, ServerRequest should use // the port in the request Host field. - assert.NotPanics(t, func() { got = HTTPServerRequest(host, req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest(host, req, HTTPServerRequestOptions{}) }) assert.Contains(t, got, attribute.String("net.host.name", host)) assert.Contains(t, got, attribute.Int("net.host.port", port)) } @@ -265,7 +316,7 @@ func TestHTTPServerName(t *testing.T) { func TestHTTPServerRequestFailsGracefully(t *testing.T) { req := new(http.Request) var got []attribute.KeyValue - assert.NotPanics(t, func() { got = HTTPServerRequest("", req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest("", req, HTTPServerRequestOptions{}) }) want := []attribute.KeyValue{ attribute.String("http.method", "GET"), attribute.String("http.scheme", "http"), diff --git a/instrumentation/net/http/otelhttp/handler.go b/instrumentation/net/http/otelhttp/handler.go index 3ea05d01995..de36ec912aa 100644 --- a/instrumentation/net/http/otelhttp/handler.go +++ b/instrumentation/net/http/otelhttp/handler.go @@ -98,7 +98,7 @@ func (h *middleware) serveHTTP(w http.ResponseWriter, r *http.Request, next http ctx := h.propagators.Extract(r.Context(), propagation.HeaderCarrier(r.Header)) opts := []trace.SpanStartOption{ - trace.WithAttributes(h.semconv.RequestTraceAttrs(h.server, r)...), + trace.WithAttributes(h.semconv.RequestTraceAttrs(h.server, r, semconv.RequestTraceAttrsOpts{})...), } opts = append(opts, h.spanStartOptions...) diff --git a/instrumentation/net/http/otelhttp/internal/semconv/bench_test.go b/instrumentation/net/http/otelhttp/internal/semconv/bench_test.go index 869448c285c..c59aa559369 100644 --- a/instrumentation/net/http/otelhttp/internal/semconv/bench_test.go +++ b/instrumentation/net/http/otelhttp/internal/semconv/bench_test.go @@ -43,6 +43,6 @@ func BenchmarkHTTPServerRequest(b *testing.B) { b.ReportAllocs() b.ResetTimer() for i := 0; i < b.N; i++ { - benchHTTPServerRequestResults = serv.RequestTraceAttrs("", req) + benchHTTPServerRequestResults = serv.RequestTraceAttrs("", req, RequestTraceAttrsOpts{}) } } diff --git a/instrumentation/net/http/otelhttp/internal/semconv/env.go b/instrumentation/net/http/otelhttp/internal/semconv/env.go index 775b23cf1ba..dc7306a58ca 100644 --- a/instrumentation/net/http/otelhttp/internal/semconv/env.go +++ b/instrumentation/net/http/otelhttp/internal/semconv/env.go @@ -61,9 +61,9 @@ type HTTPServer struct { // // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. -func (s HTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { +func (s HTTPServer) RequestTraceAttrs(server string, req *http.Request, opts RequestTraceAttrsOpts) []attribute.KeyValue { if s.duplicate { - return append(OldHTTPServer{}.RequestTraceAttrs(server, req), CurrentHTTPServer{}.RequestTraceAttrs(server, req)...) + return append(OldHTTPServer{}.RequestTraceAttrs(server, req), CurrentHTTPServer{}.RequestTraceAttrs(server, req, opts)...) } return OldHTTPServer{}.RequestTraceAttrs(server, req) } diff --git a/instrumentation/net/http/otelhttp/internal/semconv/env_test.go b/instrumentation/net/http/otelhttp/internal/semconv/env_test.go index 2a72965a45d..635f171805a 100644 --- a/instrumentation/net/http/otelhttp/internal/semconv/env_test.go +++ b/instrumentation/net/http/otelhttp/internal/semconv/env_test.go @@ -42,7 +42,7 @@ func TestHTTPServerDoesNotPanic(t *testing.T) { req, err := http.NewRequest("GET", "http://example.com", nil) require.NoError(t, err) - _ = tt.server.RequestTraceAttrs("stuff", req) + _ = tt.server.RequestTraceAttrs("stuff", req, RequestTraceAttrsOpts{}) _ = tt.server.ResponseTraceAttrs(ResponseTelemetry{StatusCode: 200}) tt.server.RecordMetrics(context.Background(), ServerMetricData{ ServerName: "stuff", @@ -250,7 +250,7 @@ func BenchmarkRecordMetrics(b *testing.B) { for _, bm := range benchmarks { b.Run(bm.name, func(b *testing.B) { req, _ := http.NewRequest("GET", "http://example.com", nil) - _ = bm.server.RequestTraceAttrs("stuff", req) + _ = bm.server.RequestTraceAttrs("stuff", req, RequestTraceAttrsOpts{}) _ = bm.server.ResponseTraceAttrs(ResponseTelemetry{StatusCode: 200}) ctx := context.Background() b.ReportAllocs() diff --git a/instrumentation/net/http/otelhttp/internal/semconv/httpconv.go b/instrumentation/net/http/otelhttp/internal/semconv/httpconv.go index a69b4e64082..b7abacc3dce 100644 --- a/instrumentation/net/http/otelhttp/internal/semconv/httpconv.go +++ b/instrumentation/net/http/otelhttp/internal/semconv/httpconv.go @@ -20,6 +20,11 @@ import ( semconvNew "go.opentelemetry.io/otel/semconv/v1.26.0" ) +type RequestTraceAttrsOpts struct { + // If set, this is used as value for the "http.client_ip" attribute. + HTTPClientIP string +} + type CurrentHTTPServer struct{} // RequestTraceAttrs returns trace attributes for an HTTP request received by a @@ -38,7 +43,7 @@ type CurrentHTTPServer struct{} // // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. -func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { +func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request, opts RequestTraceAttrsOpts) []attribute.KeyValue { count := 3 // ServerAddress, Method, Scheme var host string @@ -65,7 +70,8 @@ func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) [ scheme := n.scheme(req.TLS != nil) - if peer, peerPort := SplitHostPort(req.RemoteAddr); peer != "" { + peer, peerPort := SplitHostPort(req.RemoteAddr) + if peer != "" { // The Go HTTP server sets RemoteAddr to "IP:port", this will not be a // file-path that would be interpreted with a sock family. count++ @@ -79,7 +85,17 @@ func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) [ count++ } - clientIP := serverClientIP(req.Header.Get("X-Forwarded-For")) + // For client IP, use, in order: + // 1. The value passed in the options + // 2. The value in the X-Forwarded-For header + // 3. The peer address + clientIP := opts.HTTPClientIP + if clientIP == "" { + clientIP = serverClientIP(req.Header.Get("X-Forwarded-For")) + if clientIP == "" { + clientIP = peer + } + } if clientIP != "" { count++ } diff --git a/instrumentation/net/http/otelhttp/internal/semconv/httpconv_test.go b/instrumentation/net/http/otelhttp/internal/semconv/httpconv_test.go index 847634dc149..a398203ba58 100644 --- a/instrumentation/net/http/otelhttp/internal/semconv/httpconv_test.go +++ b/instrumentation/net/http/otelhttp/internal/semconv/httpconv_test.go @@ -263,7 +263,7 @@ func TestRequestTraceAttrs_HTTPRoute(t *testing.T) { req.Pattern = "/high/cardinality/path/{id}" var found bool - for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req) { + for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req, RequestTraceAttrsOpts{}) { if attr.Key != "http.route" { continue } @@ -272,3 +272,54 @@ func TestRequestTraceAttrs_HTTPRoute(t *testing.T) { } require.True(t, found) } + +func TestRequestTraceAttrs_ClientIP(t *testing.T) { + for _, tt := range []struct { + name string + requestModifierFn func(r *http.Request) + requestTraceOpts RequestTraceAttrsOpts + + wantClientIP string + }{ + { + name: "with a client IP from the network", + wantClientIP: "1.2.3.4", + }, + { + name: "with a client IP from x-forwarded-for header", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + wantClientIP: "5.6.7.8", + }, + { + name: "with a client IP in options", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + requestTraceOpts: RequestTraceAttrsOpts{ + HTTPClientIP: "9.8.7.6", + }, + wantClientIP: "9.8.7.6", + }, + } { + t.Run(tt.name, func(t *testing.T) { + req := httptest.NewRequest("GET", "/example", nil) + req.RemoteAddr = "1.2.3.4:5678" + + if tt.requestModifierFn != nil { + tt.requestModifierFn(req) + } + + var found bool + for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req, tt.requestTraceOpts) { + if attr.Key != "client.address" { + continue + } + found = true + assert.Equal(t, tt.wantClientIP, attr.Value.AsString()) + } + require.True(t, found) + }) + } +} diff --git a/instrumentation/net/http/otelhttp/internal/semconv/test/common_test.go b/instrumentation/net/http/otelhttp/internal/semconv/test/common_test.go index c77078ba4a4..8855ebf94ff 100644 --- a/instrumentation/net/http/otelhttp/internal/semconv/test/common_test.go +++ b/instrumentation/net/http/otelhttp/internal/semconv/test/common_test.go @@ -67,5 +67,5 @@ func testTraceRequest(t *testing.T, serv semconv.HTTPServer, want func(testServe clientIP: clientIP, } - assert.ElementsMatch(t, want(srvReq), serv.RequestTraceAttrs("", req)) + assert.ElementsMatch(t, want(srvReq), serv.RequestTraceAttrs("", req, semconv.RequestTraceAttrsOpts{})) } diff --git a/instrumentation/net/http/otelhttp/internal/semconv/v1.20.0.go b/instrumentation/net/http/otelhttp/internal/semconv/v1.20.0.go index 742c2113e1b..cbb87bbca54 100644 --- a/instrumentation/net/http/otelhttp/internal/semconv/v1.20.0.go +++ b/instrumentation/net/http/otelhttp/internal/semconv/v1.20.0.go @@ -38,7 +38,7 @@ type OldHTTPServer struct{} // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. func (o OldHTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { - return semconvutil.HTTPServerRequest(server, req) + return semconvutil.HTTPServerRequest(server, req, semconvutil.HTTPServerRequestOptions{}) } func (o OldHTTPServer) NetworkTransportAttr(network string) attribute.KeyValue { diff --git a/instrumentation/net/http/otelhttp/internal/semconvutil/httpconv.go b/instrumentation/net/http/otelhttp/internal/semconvutil/httpconv.go index a73bb06e90e..b93757c0eb0 100644 --- a/instrumentation/net/http/otelhttp/internal/semconvutil/httpconv.go +++ b/instrumentation/net/http/otelhttp/internal/semconvutil/httpconv.go @@ -16,6 +16,11 @@ import ( semconv "go.opentelemetry.io/otel/semconv/v1.20.0" ) +type HTTPServerRequestOptions struct { + // If set, this is used as value for the "http.client_ip" attribute. + HTTPClientIP string +} + // HTTPClientResponse returns trace attributes for an HTTP response received by a // client from a server. It will return the following attributes if the related // values are defined in resp: "http.status.code", @@ -75,8 +80,8 @@ func HTTPClientStatus(code int) (codes.Code, string) { // "http.target", "net.host.name". The following attributes are returned if // they related values are defined in req: "net.host.port", "net.sock.peer.addr", // "net.sock.peer.port", "user_agent.original", "http.client_ip". -func HTTPServerRequest(server string, req *http.Request) []attribute.KeyValue { - return hc.ServerRequest(server, req) +func HTTPServerRequest(server string, req *http.Request, opts HTTPServerRequestOptions) []attribute.KeyValue { + return hc.ServerRequest(server, req, opts) } // HTTPServerRequestMetrics returns metric attributes for an HTTP request received by a @@ -305,7 +310,7 @@ func (c *httpConv) ClientRequestMetrics(req *http.Request) []attribute.KeyValue // related values are defined in req: "net.host.port", "net.sock.peer.addr", // "net.sock.peer.port", "user_agent.original", "http.client_ip", // "net.protocol.name", "net.protocol.version". -func (c *httpConv) ServerRequest(server string, req *http.Request) []attribute.KeyValue { +func (c *httpConv) ServerRequest(server string, req *http.Request, opts HTTPServerRequestOptions) []attribute.KeyValue { /* The following semantic conventions are returned if present: http.method string http.scheme string @@ -358,7 +363,17 @@ func (c *httpConv) ServerRequest(server string, req *http.Request) []attribute.K n++ } - clientIP := serverClientIP(req.Header.Get("X-Forwarded-For")) + // For client IP, use, in order: + // 1. The value passed in the options + // 2. The value in the X-Forwarded-For header + // 3. The peer address + clientIP := opts.HTTPClientIP + if clientIP == "" { + clientIP = serverClientIP(req.Header.Get("X-Forwarded-For")) + if clientIP == "" { + clientIP = peer + } + } if clientIP != "" { n++ } diff --git a/instrumentation/net/http/otelhttp/internal/semconvutil/httpconv_test.go b/instrumentation/net/http/otelhttp/internal/semconvutil/httpconv_test.go index 553c75569e5..9b618b558cd 100644 --- a/instrumentation/net/http/otelhttp/internal/semconvutil/httpconv_test.go +++ b/instrumentation/net/http/otelhttp/internal/semconvutil/httpconv_test.go @@ -12,6 +12,7 @@ import ( "net/url" "strconv" "testing" + "time" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -165,47 +166,91 @@ func TestHTTPClientRequestRequired(t *testing.T) { } func TestHTTPServerRequest(t *testing.T) { - got := make(chan *http.Request, 1) - handler := func(w http.ResponseWriter, r *http.Request) { - got <- r - w.WriteHeader(http.StatusOK) - } + for _, tt := range []struct { + name string + requestModifierFn func(r *http.Request) + httpServerRequestOpts HTTPServerRequestOptions - srv := httptest.NewServer(http.HandlerFunc(handler)) - defer srv.Close() + wantClientIP string + }{ + { + name: "with a client IP from the network", + wantClientIP: "1.2.3.4", + }, + { + name: "with a client IP from x-forwarded-for header", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + wantClientIP: "5.6.7.8", + }, + { + name: "with a client IP in options", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + httpServerRequestOpts: HTTPServerRequestOptions{ + HTTPClientIP: "9.8.7.6", + }, + wantClientIP: "9.8.7.6", + }, + } { + t.Run(tt.name, func(t *testing.T) { + reqCh := make(chan *http.Request, 1) + handler := func(w http.ResponseWriter, r *http.Request) { + r.RemoteAddr = "1.2.3.4:5678" + reqCh <- r + w.WriteHeader(http.StatusOK) + } - srvURL, err := url.Parse(srv.URL) - require.NoError(t, err) - srvPort, err := strconv.ParseInt(srvURL.Port(), 10, 32) - require.NoError(t, err) + srv := httptest.NewServer(http.HandlerFunc(handler)) + defer srv.Close() - resp, err := srv.Client().Get(srv.URL) - require.NoError(t, err) - require.NoError(t, resp.Body.Close()) + srvURL, err := url.Parse(srv.URL) + require.NoError(t, err) + srvPort, err := strconv.ParseInt(srvURL.Port(), 10, 32) + require.NoError(t, err) - req := <-got - peer, peerPort := splitHostPort(req.RemoteAddr) + req, err := http.NewRequest(http.MethodGet, srv.URL, nil) + require.NoError(t, err) - const user = "alice" - req.SetBasicAuth(user, "pswrd") + if tt.requestModifierFn != nil { + tt.requestModifierFn(req) + } - const clientIP = "127.0.0.5" - req.Header.Add("X-Forwarded-For", clientIP) + resp, err := srv.Client().Do(req) + require.NoError(t, err) + require.NoError(t, resp.Body.Close()) - assert.ElementsMatch(t, - []attribute.KeyValue{ - attribute.String("http.method", "GET"), - attribute.String("http.scheme", "http"), - attribute.String("net.host.name", srvURL.Hostname()), - attribute.Int("net.host.port", int(srvPort)), - attribute.String("net.sock.peer.addr", peer), - attribute.Int("net.sock.peer.port", peerPort), - attribute.String("user_agent.original", "Go-http-client/1.1"), - attribute.String("http.client_ip", clientIP), - attribute.String("net.protocol.version", "1.1"), - attribute.String("http.target", "/"), - }, - HTTPServerRequest("", req)) + var got *http.Request + select { + case got = <-reqCh: + // All good + case <-time.After(5 * time.Second): + t.Fatal("Did not receive a signal in 5s") + } + + peer, peerPort := splitHostPort(got.RemoteAddr) + + const user = "alice" + got.SetBasicAuth(user, "pswrd") + + assert.ElementsMatch(t, + []attribute.KeyValue{ + attribute.String("http.method", "GET"), + attribute.String("http.scheme", "http"), + attribute.String("net.host.name", srvURL.Hostname()), + attribute.Int("net.host.port", int(srvPort)), + attribute.String("net.sock.peer.addr", peer), + attribute.Int("net.sock.peer.port", peerPort), + attribute.String("user_agent.original", "Go-http-client/1.1"), + attribute.String("http.client_ip", tt.wantClientIP), + attribute.String("net.protocol.version", "1.1"), + attribute.String("http.target", "/"), + }, + HTTPServerRequest("", got, tt.httpServerRequestOpts)) + }) + } } func TestHTTPServerRequestMetrics(t *testing.T) { @@ -227,7 +272,13 @@ func TestHTTPServerRequestMetrics(t *testing.T) { require.NoError(t, err) require.NoError(t, resp.Body.Close()) - req := <-got + var req *http.Request + select { + case req = <-got: + // All good + case <-time.After(5 * time.Second): + t.Fatal("did not receive a signal in 5s") + } assert.ElementsMatch(t, []attribute.KeyValue{ @@ -250,14 +301,14 @@ func TestHTTPServerName(t *testing.T) { ) portStr := strconv.Itoa(port) server := host + ":" + portStr - assert.NotPanics(t, func() { got = HTTPServerRequest(server, req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest(server, req, HTTPServerRequestOptions{}) }) assert.Contains(t, got, attribute.String("net.host.name", host)) assert.Contains(t, got, attribute.Int("net.host.port", port)) req = &http.Request{Host: "alt.host.name:" + portStr} // The server parameter does not include a port, ServerRequest should use // the port in the request Host field. - assert.NotPanics(t, func() { got = HTTPServerRequest(host, req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest(host, req, HTTPServerRequestOptions{}) }) assert.Contains(t, got, attribute.String("net.host.name", host)) assert.Contains(t, got, attribute.Int("net.host.port", port)) } @@ -265,7 +316,7 @@ func TestHTTPServerName(t *testing.T) { func TestHTTPServerRequestFailsGracefully(t *testing.T) { req := new(http.Request) var got []attribute.KeyValue - assert.NotPanics(t, func() { got = HTTPServerRequest("", req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest("", req, HTTPServerRequestOptions{}) }) want := []attribute.KeyValue{ attribute.String("http.method", "GET"), attribute.String("http.scheme", "http"), diff --git a/internal/shared/semconv/bench_test.go.tmpl b/internal/shared/semconv/bench_test.go.tmpl index 869448c285c..c59aa559369 100644 --- a/internal/shared/semconv/bench_test.go.tmpl +++ b/internal/shared/semconv/bench_test.go.tmpl @@ -43,6 +43,6 @@ func BenchmarkHTTPServerRequest(b *testing.B) { b.ReportAllocs() b.ResetTimer() for i := 0; i < b.N; i++ { - benchHTTPServerRequestResults = serv.RequestTraceAttrs("", req) + benchHTTPServerRequestResults = serv.RequestTraceAttrs("", req, RequestTraceAttrsOpts{}) } } diff --git a/internal/shared/semconv/env.go.tmpl b/internal/shared/semconv/env.go.tmpl index e4c8421dae2..eda5e7eb81a 100644 --- a/internal/shared/semconv/env.go.tmpl +++ b/internal/shared/semconv/env.go.tmpl @@ -61,9 +61,9 @@ type HTTPServer struct { // // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. -func (s HTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { +func (s HTTPServer) RequestTraceAttrs(server string, req *http.Request, opts RequestTraceAttrsOpts) []attribute.KeyValue { if s.duplicate { - return append(OldHTTPServer{}.RequestTraceAttrs(server, req), CurrentHTTPServer{}.RequestTraceAttrs(server, req)...) + return append(OldHTTPServer{}.RequestTraceAttrs(server, req), CurrentHTTPServer{}.RequestTraceAttrs(server, req, opts)...) } return OldHTTPServer{}.RequestTraceAttrs(server, req) } diff --git a/internal/shared/semconv/env_test.go.tmpl b/internal/shared/semconv/env_test.go.tmpl index 2a72965a45d..635f171805a 100644 --- a/internal/shared/semconv/env_test.go.tmpl +++ b/internal/shared/semconv/env_test.go.tmpl @@ -42,7 +42,7 @@ func TestHTTPServerDoesNotPanic(t *testing.T) { req, err := http.NewRequest("GET", "http://example.com", nil) require.NoError(t, err) - _ = tt.server.RequestTraceAttrs("stuff", req) + _ = tt.server.RequestTraceAttrs("stuff", req, RequestTraceAttrsOpts{}) _ = tt.server.ResponseTraceAttrs(ResponseTelemetry{StatusCode: 200}) tt.server.RecordMetrics(context.Background(), ServerMetricData{ ServerName: "stuff", @@ -250,7 +250,7 @@ func BenchmarkRecordMetrics(b *testing.B) { for _, bm := range benchmarks { b.Run(bm.name, func(b *testing.B) { req, _ := http.NewRequest("GET", "http://example.com", nil) - _ = bm.server.RequestTraceAttrs("stuff", req) + _ = bm.server.RequestTraceAttrs("stuff", req, RequestTraceAttrsOpts{}) _ = bm.server.ResponseTraceAttrs(ResponseTelemetry{StatusCode: 200}) ctx := context.Background() b.ReportAllocs() diff --git a/internal/shared/semconv/httpconv.go.tmpl b/internal/shared/semconv/httpconv.go.tmpl index ca118899395..5d1b8f90e27 100644 --- a/internal/shared/semconv/httpconv.go.tmpl +++ b/internal/shared/semconv/httpconv.go.tmpl @@ -20,6 +20,11 @@ import ( semconvNew "go.opentelemetry.io/otel/semconv/v1.26.0" ) +type RequestTraceAttrsOpts struct { + // If set, this is used as value for the "http.client_ip" attribute. + HTTPClientIP string +} + type CurrentHTTPServer struct{} // RequestTraceAttrs returns trace attributes for an HTTP request received by a @@ -38,7 +43,7 @@ type CurrentHTTPServer struct{} // // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. -func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { +func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request, opts RequestTraceAttrsOpts) []attribute.KeyValue { count := 3 // ServerAddress, Method, Scheme var host string @@ -65,7 +70,8 @@ func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) [ scheme := n.scheme(req.TLS != nil) - if peer, peerPort := SplitHostPort(req.RemoteAddr); peer != "" { + peer, peerPort := SplitHostPort(req.RemoteAddr) + if peer != "" { // The Go HTTP server sets RemoteAddr to "IP:port", this will not be a // file-path that would be interpreted with a sock family. count++ @@ -79,7 +85,17 @@ func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request) [ count++ } - clientIP := serverClientIP(req.Header.Get("X-Forwarded-For")) + // For client IP, use, in order: + // 1. The value passed in the options + // 2. The value in the X-Forwarded-For header + // 3. The peer address + clientIP := opts.HTTPClientIP + if clientIP == "" { + clientIP = serverClientIP(req.Header.Get("X-Forwarded-For")) + if clientIP == "" { + clientIP = peer + } + } if clientIP != "" { count++ } diff --git a/internal/shared/semconv/httpconv_test.go.tmpl b/internal/shared/semconv/httpconv_test.go.tmpl index 847634dc149..a398203ba58 100644 --- a/internal/shared/semconv/httpconv_test.go.tmpl +++ b/internal/shared/semconv/httpconv_test.go.tmpl @@ -263,7 +263,7 @@ func TestRequestTraceAttrs_HTTPRoute(t *testing.T) { req.Pattern = "/high/cardinality/path/{id}" var found bool - for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req) { + for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req, RequestTraceAttrsOpts{}) { if attr.Key != "http.route" { continue } @@ -272,3 +272,54 @@ func TestRequestTraceAttrs_HTTPRoute(t *testing.T) { } require.True(t, found) } + +func TestRequestTraceAttrs_ClientIP(t *testing.T) { + for _, tt := range []struct { + name string + requestModifierFn func(r *http.Request) + requestTraceOpts RequestTraceAttrsOpts + + wantClientIP string + }{ + { + name: "with a client IP from the network", + wantClientIP: "1.2.3.4", + }, + { + name: "with a client IP from x-forwarded-for header", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + wantClientIP: "5.6.7.8", + }, + { + name: "with a client IP in options", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + requestTraceOpts: RequestTraceAttrsOpts{ + HTTPClientIP: "9.8.7.6", + }, + wantClientIP: "9.8.7.6", + }, + } { + t.Run(tt.name, func(t *testing.T) { + req := httptest.NewRequest("GET", "/example", nil) + req.RemoteAddr = "1.2.3.4:5678" + + if tt.requestModifierFn != nil { + tt.requestModifierFn(req) + } + + var found bool + for _, attr := range (CurrentHTTPServer{}).RequestTraceAttrs("", req, tt.requestTraceOpts) { + if attr.Key != "client.address" { + continue + } + found = true + assert.Equal(t, tt.wantClientIP, attr.Value.AsString()) + } + require.True(t, found) + }) + } +} diff --git a/internal/shared/semconv/test/common_test.go.tmpl b/internal/shared/semconv/test/common_test.go.tmpl index 14ee09591ff..644ed46afde 100644 --- a/internal/shared/semconv/test/common_test.go.tmpl +++ b/internal/shared/semconv/test/common_test.go.tmpl @@ -67,5 +67,5 @@ func testTraceRequest(t *testing.T, serv semconv.HTTPServer, want func(testServe clientIP: clientIP, } - assert.ElementsMatch(t, want(srvReq), serv.RequestTraceAttrs("", req)) + assert.ElementsMatch(t, want(srvReq), serv.RequestTraceAttrs("", req, semconv.RequestTraceAttrsOpts{})) } diff --git a/internal/shared/semconv/v1.20.0.go.tmpl b/internal/shared/semconv/v1.20.0.go.tmpl index ec4e14f255d..8b623c1edaa 100644 --- a/internal/shared/semconv/v1.20.0.go.tmpl +++ b/internal/shared/semconv/v1.20.0.go.tmpl @@ -38,7 +38,7 @@ type OldHTTPServer struct{} // If the primary server name is not known, server should be an empty string. // The req Host will be used to determine the server instead. func (o OldHTTPServer) RequestTraceAttrs(server string, req *http.Request) []attribute.KeyValue { - return semconvutil.HTTPServerRequest(server, req) + return semconvutil.HTTPServerRequest(server, req, semconvutil.HTTPServerRequestOptions{}) } func (o OldHTTPServer) NetworkTransportAttr(network string) attribute.KeyValue { diff --git a/internal/shared/semconvutil/httpconv.go.tmpl b/internal/shared/semconvutil/httpconv.go.tmpl index 3a675411290..2c0eb4d2892 100644 --- a/internal/shared/semconvutil/httpconv.go.tmpl +++ b/internal/shared/semconvutil/httpconv.go.tmpl @@ -16,6 +16,11 @@ import ( semconv "go.opentelemetry.io/otel/semconv/v1.20.0" ) +type HTTPServerRequestOptions struct { + // If set, this is used as value for the "http.client_ip" attribute. + HTTPClientIP string +} + // HTTPClientResponse returns trace attributes for an HTTP response received by a // client from a server. It will return the following attributes if the related // values are defined in resp: "http.status.code", @@ -75,8 +80,8 @@ func HTTPClientStatus(code int) (codes.Code, string) { // "http.target", "net.host.name". The following attributes are returned if // they related values are defined in req: "net.host.port", "net.sock.peer.addr", // "net.sock.peer.port", "user_agent.original", "http.client_ip". -func HTTPServerRequest(server string, req *http.Request) []attribute.KeyValue { - return hc.ServerRequest(server, req) +func HTTPServerRequest(server string, req *http.Request, opts HTTPServerRequestOptions) []attribute.KeyValue { + return hc.ServerRequest(server, req, opts) } // HTTPServerRequestMetrics returns metric attributes for an HTTP request received by a @@ -305,7 +310,7 @@ func (c *httpConv) ClientRequestMetrics(req *http.Request) []attribute.KeyValue // related values are defined in req: "net.host.port", "net.sock.peer.addr", // "net.sock.peer.port", "user_agent.original", "http.client_ip", // "net.protocol.name", "net.protocol.version". -func (c *httpConv) ServerRequest(server string, req *http.Request) []attribute.KeyValue { +func (c *httpConv) ServerRequest(server string, req *http.Request, opts HTTPServerRequestOptions) []attribute.KeyValue { /* The following semantic conventions are returned if present: http.method string http.scheme string @@ -358,7 +363,17 @@ func (c *httpConv) ServerRequest(server string, req *http.Request) []attribute.K n++ } - clientIP := serverClientIP(req.Header.Get("X-Forwarded-For")) + // For client IP, use, in order: + // 1. The value passed in the options + // 2. The value in the X-Forwarded-For header + // 3. The peer address + clientIP := opts.HTTPClientIP + if clientIP == "" { + clientIP = serverClientIP(req.Header.Get("X-Forwarded-For")) + if clientIP == "" { + clientIP = peer + } + } if clientIP != "" { n++ } diff --git a/internal/shared/semconvutil/httpconv_test.go.tmpl b/internal/shared/semconvutil/httpconv_test.go.tmpl index 553c75569e5..9b618b558cd 100644 --- a/internal/shared/semconvutil/httpconv_test.go.tmpl +++ b/internal/shared/semconvutil/httpconv_test.go.tmpl @@ -12,6 +12,7 @@ import ( "net/url" "strconv" "testing" + "time" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -165,47 +166,91 @@ func TestHTTPClientRequestRequired(t *testing.T) { } func TestHTTPServerRequest(t *testing.T) { - got := make(chan *http.Request, 1) - handler := func(w http.ResponseWriter, r *http.Request) { - got <- r - w.WriteHeader(http.StatusOK) - } + for _, tt := range []struct { + name string + requestModifierFn func(r *http.Request) + httpServerRequestOpts HTTPServerRequestOptions - srv := httptest.NewServer(http.HandlerFunc(handler)) - defer srv.Close() + wantClientIP string + }{ + { + name: "with a client IP from the network", + wantClientIP: "1.2.3.4", + }, + { + name: "with a client IP from x-forwarded-for header", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + wantClientIP: "5.6.7.8", + }, + { + name: "with a client IP in options", + requestModifierFn: func(r *http.Request) { + r.Header.Add("X-Forwarded-For", "5.6.7.8") + }, + httpServerRequestOpts: HTTPServerRequestOptions{ + HTTPClientIP: "9.8.7.6", + }, + wantClientIP: "9.8.7.6", + }, + } { + t.Run(tt.name, func(t *testing.T) { + reqCh := make(chan *http.Request, 1) + handler := func(w http.ResponseWriter, r *http.Request) { + r.RemoteAddr = "1.2.3.4:5678" + reqCh <- r + w.WriteHeader(http.StatusOK) + } - srvURL, err := url.Parse(srv.URL) - require.NoError(t, err) - srvPort, err := strconv.ParseInt(srvURL.Port(), 10, 32) - require.NoError(t, err) + srv := httptest.NewServer(http.HandlerFunc(handler)) + defer srv.Close() - resp, err := srv.Client().Get(srv.URL) - require.NoError(t, err) - require.NoError(t, resp.Body.Close()) + srvURL, err := url.Parse(srv.URL) + require.NoError(t, err) + srvPort, err := strconv.ParseInt(srvURL.Port(), 10, 32) + require.NoError(t, err) - req := <-got - peer, peerPort := splitHostPort(req.RemoteAddr) + req, err := http.NewRequest(http.MethodGet, srv.URL, nil) + require.NoError(t, err) - const user = "alice" - req.SetBasicAuth(user, "pswrd") + if tt.requestModifierFn != nil { + tt.requestModifierFn(req) + } - const clientIP = "127.0.0.5" - req.Header.Add("X-Forwarded-For", clientIP) + resp, err := srv.Client().Do(req) + require.NoError(t, err) + require.NoError(t, resp.Body.Close()) - assert.ElementsMatch(t, - []attribute.KeyValue{ - attribute.String("http.method", "GET"), - attribute.String("http.scheme", "http"), - attribute.String("net.host.name", srvURL.Hostname()), - attribute.Int("net.host.port", int(srvPort)), - attribute.String("net.sock.peer.addr", peer), - attribute.Int("net.sock.peer.port", peerPort), - attribute.String("user_agent.original", "Go-http-client/1.1"), - attribute.String("http.client_ip", clientIP), - attribute.String("net.protocol.version", "1.1"), - attribute.String("http.target", "/"), - }, - HTTPServerRequest("", req)) + var got *http.Request + select { + case got = <-reqCh: + // All good + case <-time.After(5 * time.Second): + t.Fatal("Did not receive a signal in 5s") + } + + peer, peerPort := splitHostPort(got.RemoteAddr) + + const user = "alice" + got.SetBasicAuth(user, "pswrd") + + assert.ElementsMatch(t, + []attribute.KeyValue{ + attribute.String("http.method", "GET"), + attribute.String("http.scheme", "http"), + attribute.String("net.host.name", srvURL.Hostname()), + attribute.Int("net.host.port", int(srvPort)), + attribute.String("net.sock.peer.addr", peer), + attribute.Int("net.sock.peer.port", peerPort), + attribute.String("user_agent.original", "Go-http-client/1.1"), + attribute.String("http.client_ip", tt.wantClientIP), + attribute.String("net.protocol.version", "1.1"), + attribute.String("http.target", "/"), + }, + HTTPServerRequest("", got, tt.httpServerRequestOpts)) + }) + } } func TestHTTPServerRequestMetrics(t *testing.T) { @@ -227,7 +272,13 @@ func TestHTTPServerRequestMetrics(t *testing.T) { require.NoError(t, err) require.NoError(t, resp.Body.Close()) - req := <-got + var req *http.Request + select { + case req = <-got: + // All good + case <-time.After(5 * time.Second): + t.Fatal("did not receive a signal in 5s") + } assert.ElementsMatch(t, []attribute.KeyValue{ @@ -250,14 +301,14 @@ func TestHTTPServerName(t *testing.T) { ) portStr := strconv.Itoa(port) server := host + ":" + portStr - assert.NotPanics(t, func() { got = HTTPServerRequest(server, req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest(server, req, HTTPServerRequestOptions{}) }) assert.Contains(t, got, attribute.String("net.host.name", host)) assert.Contains(t, got, attribute.Int("net.host.port", port)) req = &http.Request{Host: "alt.host.name:" + portStr} // The server parameter does not include a port, ServerRequest should use // the port in the request Host field. - assert.NotPanics(t, func() { got = HTTPServerRequest(host, req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest(host, req, HTTPServerRequestOptions{}) }) assert.Contains(t, got, attribute.String("net.host.name", host)) assert.Contains(t, got, attribute.Int("net.host.port", port)) } @@ -265,7 +316,7 @@ func TestHTTPServerName(t *testing.T) { func TestHTTPServerRequestFailsGracefully(t *testing.T) { req := new(http.Request) var got []attribute.KeyValue - assert.NotPanics(t, func() { got = HTTPServerRequest("", req) }) + assert.NotPanics(t, func() { got = HTTPServerRequest("", req, HTTPServerRequestOptions{}) }) want := []attribute.KeyValue{ attribute.String("http.method", "GET"), attribute.String("http.scheme", "http"),