Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ES APM traces for HTTP requests include authn duration #96205

Merged
merged 5 commits into from May 18, 2023
Merged

ES APM traces for HTTP requests include authn duration #96205

merged 5 commits into from May 18, 2023

Conversation

albertzaharovits
Copy link
Contributor

@albertzaharovits albertzaharovits commented May 17, 2023
edited

Following the changes in #95112, which relocated the calls into the AuthenticationService that authenticate HTTP requests, the authentication duration was no longer comprised in between the Tracer#startTrace and Tracer#stopTrace. Consequently, the span records didn't cover the authentication duration any longer.

This PR remedies that by changing the Tracer implementation, i.e. APMTracer, to look for the trace start time instant in the transient thread context and use that when starting traces (overriding the now default). The trace start time is set in the thread context when the request-wise thread context is first populated (with HTTP request headers).

@albertzaharovits albertzaharovits self-assigned this May 17, 2023
@albertzaharovits albertzaharovits changed the title APM tracer start time ES APM trace for HTTP request includes authn duration May 18, 2023
@albertzaharovits albertzaharovits changed the title ES APM trace for HTTP request includes authn duration ES APM traces for HTTP requests include authn duration May 18, 2023
@albertzaharovits albertzaharovits added >non-issue :Core/Infra/Core Core issues without another label :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) labels May 18, 2023
@albertzaharovits albertzaharovits marked this pull request as ready for review May 18, 2023 13:39
@elasticsearchmachine elasticsearchmachine added Team:Core/Infra Meta label for core/infra team Team:Security Meta label for security team labels May 18, 2023
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-core-infra (Team:Core/Infra)

pugnascotia
pugnascotia approved these changes May 18, 2023
View reviewed changes
Copy link
Contributor

@pugnascotia pugnascotia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@albertzaharovits albertzaharovits merged commit 669c50c into elastic:main May 18, 2023
11 checks passed
@albertzaharovits albertzaharovits deleted the APM_tracing_for_authn branch May 18, 2023 16:57
DaveCTurner added a commit to DaveCTurner/elasticsearch that referenced this pull request Aug 1, 2023
@DaveCTurner
Fix APM trace start time
ffbbaa5 
In elastic#96205 we started recording the start time of the authn phase of REST
request processing, because this happens too early to even start a span
for the request. However we capture the threadpool's cached time which
can be 200ms slow, yielding spans that appear much longer than they
should. This commit moves to capturing the time using
`System.currentTimeMillis` to avoid this problem.
@DaveCTurner DaveCTurner mentioned this pull request Aug 1, 2023
Merged
DaveCTurner added a commit that referenced this pull request Aug 2, 2023
@DaveCTurner
Fix APM trace start time (#98113)
7259b0d 
In #96205 we started recording the start time of the authn phase of REST
request processing, because this happens too early to even start a span
for the request. However we capture the threadpool's cached time which
can be 200ms slow, yielding spans that appear much longer than they
should. This commit moves to capturing the time using
`System.currentTimeMillis` to avoid this problem.
DaveCTurner added a commit that referenced this pull request Aug 2, 2023
@DaveCTurner
Fix APM trace start time
4c7de01 
In #96205 we started recording the start time of the authn phase of REST
request processing, because this happens too early to even start a span
for the request. However we capture the threadpool's cached time which
can be 200ms slow, yielding spans that appear much longer than they
should. This commit moves to capturing the time using
`System.currentTimeMillis` to avoid this problem.

Backport of #98113 to 8.9
felixbarny pushed a commit to felixbarny/elasticsearch that referenced this pull request Aug 3, 2023
@DaveCTurner @felixbarny
Fix APM trace start time (elastic#98113)
bd53cf0 
In elastic#96205 we started recording the start time of the authn phase of REST
request processing, because this happens too early to even start a span
for the request. However we capture the threadpool's cached time which
can be 200ms slow, yielding spans that appear much longer than they
should. This commit moves to capturing the time using
`System.currentTimeMillis` to avoid this problem.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pugnascotia pugnascotia pugnascotia approved these changes

@jakelandis jakelandis Awaiting requested review from jakelandis

Assignees

@albertzaharovits albertzaharovits

Labels
:Core/Infra/Core Core issues without another label >non-issue :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Core/Infra Meta label for core/infra team Team:Security Meta label for security team v8.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@albertzaharovits @elasticsearchmachine @pugnascotia