gRPC plugin framework does not respect --query.bearer-token-propagation flag

[radekg]

Requirement - what kind of business use case are you trying to solve?

I am trying to run elastic search storage back end via GRPC plugin and have the bearer token forwarded to the GRPC plugin server.

Problem - what in Jaeger blocks you from solving the requirement?

Query UI has an option to forward Bearer token to the storage back end using --query.bearer-token-propagation=true flag. However, when using the GRPC storage plugin, the context created with spanstore.ContextWithBearerToken(ctx, token) in https://github.com/jaegertracing/jaeger/blob/master/cmd/query/app/token_propagation_handler.go#L48 is not passed to the GRPC plugin.

Currently, the last place in the storage where the context with the bearer.token can be reached, is the GRPC client: https://github.com/jaegertracing/jaeger/blob/master/plugin/storage/grpc/shared/grpc_client.go.

This can be tested by adding these lines of code:

  str, ok := spanstore.GetBearerToken(ctx)
  fmt.Println(fmt.Sprintf(" =====================> CLIENT: The context is: %v ::: %t", str, ok))

to any of the following methods:

• func (c *grpcClient) GetTrace(ctx context.Context, traceID model.TraceID) (*model.Trace, error)
• func (c *grpcClient) GetServices(ctx context.Context) ([]string, error)
• func (c *grpcClient) GetOperations(ctx context.Context, service string) ([]string, error)
• func (c *grpcClient) FindTraces(ctx context.Context, query *spanstore.TraceQueryParameters) ([]*model.Trace, error)
• func (c *grpcClient) FindTraceIDs(ctx context.Context, query *spanstore.TraceQueryParameters) ([]model.TraceID, error)

However, on the server part of the plugin, the context is a new instance because the plugin is running as a separate process.

Proposal - what do you suggest to solve the problem or improve the existing situation?

To fix this problem, the bearer token has to be passed inside of the GRPC requests to the GRPC server and the ContextWithBearerToken must be reconstructed on the other side.

[yurishkuro]

Out of curiosity, which storage backend are you using via grpc plugin that requires bearer token?

[radekg]

At Klarrio, we are using Jaeger for multi-tenant KPN Data Services Hub. Here's a talk from Kafka Summit London: https://www.confluent.io/kafka-summit-lon19/talking-traffic-data-in-the-drivers-seat.
We have traces shared between tenants and we want to make sure that the tenants can see only the spans which are relevant to them, without having to deploy a UI for each tenant. We do this with ES storage embedded via the custom gRPC plugin. Feel free to reach out directly if you'd like to follow up. We are definitely interested in more multi-tenant features (using/contributing) in Jaeger.

[pavolloffay]

@radekg we (@jpkrohling ) would like to follow up on the multitenancy and ES storage. Feel free to ping me on IRC or via email or just comment here. Is the plugin published somewhere?

[yurishkuro]

@radekg maybe you want to add your company to ADOPTERS.md and comment on #207?

[pavolloffay]

done in #1822