Update metalinter, fix a few lint warnings and replace deprecated linters.
`deadcode`, `structcheck` and `varcheck` are abandoned and now replaced by [`unused`][1].
Since 1.19, `go fmt` reformats godocs according to https://go.dev/doc/comment. I've done a bulk-reformatting of the codebase to keep the linter happy. Backporting is mostly harmless (the exception being `lib/services/role_test.go`, that for some reason breaks the _old_ linter using the new format).
[1]: https://golangci-lint.run/usage/linters/
* Bump golangci-lint version
* Replace abandoned linters
* Fix bodyclose on lib/auth/github.com
* Fix bodyclose on lib/kube/proxy/streamproto/proto_test.go
* Fix bodyclose on lib/srv/alpnproxy/proxy_test.go
* Fix bodyclose on lib/web/conn_upgrade_test.go
* Silence staticcheck on lib/kube/proxy/forwarder_test.go
* Silence staticcheck on lib/utils/certs_test.go
* Address BuildNameToCertificate deprecation warnings
* Run `go fmt ./...`
* Run `go fmt ./...` on api/
* Ignore formatting in role_test.go
* Remove redundant initializers in lib/srv/uacc/
* Update e/
* Fix incorrect use of loop variables
This commit fixes a few occurrences of loop variables being
incorrectly used in the context of Go-routines or (most frequently)
parallel tests. To fix the issues, we create a local copy of the range
variables before the parallel tests (or Go-routine), as suggested in
the documentation of the `testing` package:
https://pkg.go.dev/testing#hdr-Subtests_and_Sub_benchmarks
Issues were found using the `loopvarcapture` linter.
Signed-off-by: Roman Tkachenko <roman@goteleport.com>
* fix TestTraceProvider/spans_exported_with_gRPC+TLS
* run TestSSH serially
* operator: Conserve 'created_by' data in user spec
Signed-off-by: Roman Tkachenko <roman@goteleport.com>
Co-authored-by: Renato Costa <renato@cockroachlabs.com>
Co-authored-by: Tim Ross <tim.ross@goteleport.com>
Co-authored-by: Hugo Hervieux <hugo.hervieux@goteleport.com>
* Add dynamodb metrics
Adds promethues counters for dynamo api requests, requests failed,
and latency of requests. Each counter is labeled with the table type,
either backend or events, and the operation being requested.
* Allow traces to be exported to files
Adds support for exporting traces to a file. While not recommended
for production use, some folks may need to collect traces without
having any telemetry infrastructure in place to store them. To do
so they can simply update their tracing_service to point to a
directory, as seen in the following config snippet.
```yaml
tracing_service:
exporter_url: "file:///var/lib/teleport/traces"
```
The file contents will contain one json encoded otlp trace per line.
Files written by the exporter will all follow the following naming
convention: <unix_timestamp>-<random_number>.trace
To prevent a trace file from growing unbound forever, there is a
default limit of 100MB, after which, the file will be rotated for
a brand new file. Users can adjust the file size limit by adding
a query paramter to the exporter url like: `?limit=12345`.
Part of #12241
* Add s3 metrics
Adds promethues counters for s3 api requests and a histogram
for requests latencies. Each counter is labeled with the
operation being requested.
* Fix tracing exporter endpoints
Ensure that the endpoint provided to the trace clients
are correct even if the configuration doesn't include
the scheme. Prior to this the endpoint always attempted
to remove the scheme prefix, even when one wasn't provided.
Doing so led to the hostname to be altered which caused
some unknown host issues.
This also removes the process and process owner detector
from the tracing resource. Running within a container might
not have a username mapped to the uid which was preventing
tracing from being initialized.
Adds a `trace.Tracer` to the `backend.Reporter`
wrapper so that all `bakend.Backend` implementations
can be traced. Further instrumentation of each specific
backend will be added at a later date to see how long
each sql query, or call to dynamo/etcd took within
each backend operation.
#12241
* Span forwarding
Modifies the auth grpc server to implement the OTLP Collector
RegisterTraceServiceServer API (https://github.com/open-telemetry/opentelemetry-proto/blob/main/opentelemetry/proto/collector/trace/v1/trace_service.proto).
This allows the auth server to receive spans from other services
like `tsh`, `tctl`, and `tbot`. Any spans received by the auth
server will be forwarded to the exporter configured via the
`tracing_service` if it is enabled. All received spans will be
dropped in the event that the`tracing_service` disabled. By
forwarding spans to the auth server, `tsh` doesn't need to
be provided with any of the telemetry backend information
to have its spans exported.
Adds a new `--trace` flag to `tsh` to enable collecting and
forwarding spans to the auth server. When set, the tracing
provider is initialized with a sampling rate of 1.0 to force
all spans to be recorded. Teleport respects the sampling rate
from remote spans, which means that when `--trace` is set, all
spans from `tsh` and any downstream Teleport services will be
recorded and exported regardless of the sampling rate that each
Teleport service is configured with.
* Add tracing service and configuration
Provides a new tracing configuration block, which can be
used to configure if and how spans are exported to a
telemetry backend. In the example below, the tracing
service is enabled and will export spans to
`collector.example.com:4317` via gRPC with mTLS enabled.
```yaml
tracing_service:
enabled: yes
exporter_url: collector.example.com:4317
sampling_rate_per_million: 1000000
ca_certs:
- /certs/rootCA.pem
keypairs:
- key_file: /certs/example.com-client-key.pem
cert_file: /certs/example.com-client.pem
```
This configuration ends up being consumed by the `TeleportProcess`
and passed to `tracing.NewTraceProvider` which sets up the OpenTelemetry
Exporter, TracerProvider, Propagator and Sampler. In order for spans to
be exported, the `tracing_service` must be enabled **and** have a
`sampling_rate_per_million` value > 0.
