-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathotel.go
More file actions
64 lines (51 loc) · 2.6 KB
/
Copy pathotel.go
File metadata and controls
64 lines (51 loc) · 2.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
// Copyright 2026 Hyperscale. All rights reserved.
// Use of this source code is governed by a MIT
// license that can be found in the LICENSE file.
package security
import (
"go.opentelemetry.io/otel"
"go.opentelemetry.io/otel/attribute"
"go.opentelemetry.io/otel/trace"
)
// trAttrName is a tiny helper that wraps a name into an event option to keep
// span.AddEvent calls succinct.
func trAttrName(name string) trace.EventOption {
return trace.WithAttributes(AttrAuthenticatorName.String(name))
}
// tracerName is the OTel instrumentation scope name for the core package.
// Sub-modules MUST use their own scope (e.g. github.com/hyperscale-stack/security/http)
// to keep span attribution unambiguous.
const tracerName = "github.com/hyperscale-stack/security"
// tracer returns the package-level tracer. Callers should not cache it across
// goroutines; the OTel SDK already memoizes the returned tracer.
func tracer() trace.Tracer { return otel.Tracer(tracerName) }
// Span attribute keys used across the core. They are kept here as typed
// constants so that documentation in docs/observability.md can be diffed
// against the source of truth.
const (
// AttrAuthenticated reports whether the resulting Authentication is
// authenticated. Value: bool.
AttrAuthenticated = attribute.Key("security.authenticated")
// AttrPrincipalSubject is the principal subject. Emission is gated by the
// subject-redaction policy (see SetSubjectAttributeMode) to avoid leaking
// personal data into trace backends; the default is a hashed prefix.
AttrPrincipalSubject = attribute.Key("security.principal.subject")
// AttrExtractorsCount counts the extractors tried by an Engine call.
// Value: int.
AttrExtractorsCount = attribute.Key("security.extractors.count")
// AttrAuthenticatorsCount counts the authenticators tried by a Manager.
// Value: int.
AttrAuthenticatorsCount = attribute.Key("security.authenticators.count")
// AttrAuthenticatorName names the authenticator that produced the final
// authenticated value, when known. Value: string.
AttrAuthenticatorName = attribute.Key("security.authenticator.name")
// AttrStrategy names the AccessDecisionManager strategy that took the
// final decision. Value: "affirmative" | "consensus" | "unanimous".
AttrStrategy = attribute.Key("security.strategy")
// AttrDecision is the final authorization decision.
// Value: "permit" | "deny" | "abstain".
AttrDecision = attribute.Key("security.decision")
// AttrAttributes is the joined String() form of the Attributes considered
// for an authorization decision. Value: string.
AttrAttributes = attribute.Key("security.attributes")
)