Draft: Propagate client identity (user_id, username, remote_ip) (!93) · Merge requests · GitLab.org / labkit

Igor requested to merge client-identity into master Nov 17, 2020

This is a PoC for gitlab#232645 (closed).

If accepted, we could integrate it into gitaly!2802 (merged).

Labkit currently propagates "client name" (which service made the call) as well as correlation_id. What is missing in many cases is client identity, as in, who made the call.

The proposal is to add propagation for the following values, so that they can be logged directly.

user_id/username: This makes it difficult to tell who made the call
remote_ip: So that we have a more general method for propagating this information. For HTTP we can use X-Forwarded-For. For TCP we can use the PROXY protocol (currently not integrated with labkit, but perhaps in the future, see gitlab-pages!278 (merged)). For GRPC we use metadata.

I wanted to gather some feedback on this general idea and approach. If it seems like a good idea, I will proceed to add tests and polish it.

There were some ideas to possibly use opentracing baggage for this. It'd definitely be nice to combine this stuff into a single parameter that we can easily pass around. But I also didn't want to make any too invasive structural changes at this point.

WDYT?

cc @zj-gitlab @hphilipps @steveazz @andrewn

Edited Nov 17, 2020 by Igor

Draft: Propagate client identity (user_id, username, remote_ip)

Merge request reports