Skip to content

[LFXV2-1737] feat(otel): instrument outbound HTTP clients#37

Merged
bramwelt merged 3 commits into
mainfrom
feat/LFXV2-1737-outbound-http-tracing
May 27, 2026
Merged

[LFXV2-1737] feat(otel): instrument outbound HTTP clients#37
bramwelt merged 3 commits into
mainfrom
feat/LFXV2-1737-outbound-http-tracing

Conversation

@bramwelt
Copy link
Copy Markdown
Contributor

@bramwelt bramwelt commented May 27, 2026
edited by atlassian Bot
Loading

Summary

Part of LFXV2-1737.

  • Wraps the JWKS HTTP client with otelhttp.NewTransport so Heimdall key-fetch requests appear as child spans in distributed traces
  • Wraps the Auth0 HTTP client with otelhttp.NewTransport so token acquisition appears in traces; Auth0 spans are independent (not child spans of inbound requests) because the token source uses context.Background() — it is shared and cached across requests
  • Wraps the ITX API HTTP client with otelhttp.NewTransport so ITX calls appear as child spans of inbound request spans
  • Adds jwksClientTimeout (10s) to bound JWKS fetch time; uses config.Timeout for the Auth0 client
  • Fixes stdlib import grouping (net/http moved into stdlib group per goimports)

🤖 Generated with Claude Code

bramwelt and others added 2 commits May 26, 2026 14:25
@bramwelt @claude
feat(otel): add otelhttp transport to outbound clients
48cc6ab 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Issue: LFXV2-1737
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
@bramwelt @claude
fix: import grouping and otel client timeouts
eb51064 
Move net/http into the stdlib import group, add a
10s timeout to the JWKS otelhttp client, and add
config.Timeout to the Auth0 otelhttp client.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Issue: LFXV2-1737
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
Copilot AI review requested due to automatic review settings May 27, 2026 00:12
Copilot AI reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds OpenTelemetry instrumentation to outbound HTTP calls so external dependencies (Heimdall JWKS fetch, Auth0 token acquisition, and ITX API calls) show up in distributed traces, and bounds JWKS fetch latency with an explicit timeout.

Changes:

  • Wrap Auth0 and ITX HTTP client transports with otelhttp.NewTransport for outbound span creation.
  • Add an otel-instrumented JWKS HTTP client and enforce a jwksClientTimeout (10s) for key retrieval.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
internal/infrastructure/proxy/client.go Instruments Auth0 token and ITX API outbound HTTP transports with otelhttp.
internal/infrastructure/auth/jwt.go Instruments JWKS fetch client with otelhttp and adds a 10s JWKS client timeout.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread internal/infrastructure/proxy/client.go Outdated
@bramwelt @claude
fix(review): correct otelClient comment
623aec8 
The comment said otelClient was used for "both Auth0 token requests
and ITX API calls" — otelClient is only passed to the Auth0 SDK;
ITX API calls are instrumented separately via httpClient. Update the
comment to accurately describe the two distinct instrumented clients.

Resolves 1 review thread (copilot-pull-request-reviewer).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Issue: LFXV2-1737
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
@bramwelt
Copy link
Copy Markdown
Contributor Author

bramwelt commented May 27, 2026

Review Feedback Addressed

Commit: 623aec8

Changes Made

  • internal/infrastructure/proxy/client.go: Updated the otelClient comment to accurately state it is used for Auth0 token requests only; ITX API calls are instrumented separately via httpClient (per copilot-pull-request-reviewer)

Threads Resolved

1 of 1 unresolved threads addressed.

@bramwelt bramwelt marked this pull request as ready for review May 27, 2026 01:53
@bramwelt bramwelt requested a review from a team as a code owner May 27, 2026 01:53
Copilot AI review requested due to automatic review settings May 27, 2026 01:53
Copilot AI reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

Comment thread internal/infrastructure/proxy/client.go
@bramwelt
Copy link
Copy Markdown
Contributor Author

bramwelt commented May 27, 2026

Review Feedback Addressed

No Code Change Needed

  • internal/infrastructure/proxy/client.go:94: copilot-pull-request-reviewer flagged that Auth0 token spans won't be child spans of inbound requests. This is intentional — the auth0TokenSource uses context.Background() because it is shared and cached via oauth2.ReuseTokenSource. Tying it to a per-request context would cause token fetches to be canceled prematurely.

PR Descriptions Updated

Updated descriptions on all 4 affected PRs (voting #37, meeting #182, mailing-list #64, survey #26) to accurately describe the tracing behavior:

  • Auth0 token-fetch spans → independent root spans (not child spans)
  • ITX API call spans → child spans of inbound request spans

Threads Resolved

1 of 1 unresolved threads addressed in this iteration.

@bramwelt bramwelt merged commit 3bfb0b0 into main May 27, 2026
10 checks passed
@bramwelt bramwelt deleted the feat/LFXV2-1737-outbound-http-tracing branch May 27, 2026 21:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jordane jordane jordane approved these changes

@andrest50 andrest50 andrest50 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bramwelt @jordane @andrest50