def test_distributed_context(self): previous_propagator = propagators.get_global_textmap() try: propagators.set_global_textmap(MockTextMapPropagator()) result = self.perform_request(self.URL) self.assertEqual(result.read(), b"Hello!") span = self.assert_span() headers_ = dict(httpretty.last_request().headers) headers = {} for k, v in headers_.items(): headers[k.lower()] = v self.assertIn(MockTextMapPropagator.TRACE_ID_KEY, headers) self.assertEqual( str(span.get_span_context().trace_id), headers[MockTextMapPropagator.TRACE_ID_KEY], ) self.assertIn(MockTextMapPropagator.SPAN_ID_KEY, headers) self.assertEqual( str(span.get_span_context().span_id), headers[MockTextMapPropagator.SPAN_ID_KEY], ) finally: propagators.set_global_textmap(previous_propagator)
def get_otel_tracer(): set_global_textmap(CompositeHTTPPropagator([B3Format()])) span_exporter = get_otlp_exporter() trace.get_tracer_provider().add_span_processor( BatchExportSpanProcessor(span_exporter)) return trace.get_tracer(__name__)
def serve(): trace.set_tracer_provider(TracerProvider()) trace.get_tracer_provider().add_span_processor( SimpleExportSpanProcessor(ConsoleSpanExporter())) propagators.set_global_textmap(B3Format()) server = grpc.server(futures.ThreadPoolExecutor(max_workers=10), interceptors=[server_interceptor()]) add_ImageServiceServicer_to_server(ImageServer(), server) server.add_insecure_port("[::]:50051") server.start() server.wait_for_termination()
def test_extract_empty_context_returns_invalid_context(self): """In the case where the propagator cannot extract a SpanContext, extract should return and invalid span context. """ _old_propagator = propagators.get_global_textmap() propagators.set_global_textmap(NOOPTextMapPropagator()) try: carrier = {} ctx = self.shim.extract(opentracing.Format.HTTP_HEADERS, carrier) self.assertEqual(ctx.unwrap(), trace.INVALID_SPAN_CONTEXT) finally: propagators.set_global_textmap(_old_propagator)
def test_propagator_injects_into_request(self): headers = {} previous_propagator = propagators.get_global_textmap() def check_headers(**kwargs): nonlocal headers headers = kwargs["request"].headers try: propagators.set_global_textmap(MockTextMapPropagator()) ec2 = self.session.create_client("ec2", region_name="us-west-2") ec2.meta.events.register_first("before-send.ec2.DescribeInstances", check_headers) ec2.describe_instances() spans = self.memory_exporter.get_finished_spans() assert spans span = spans[0] self.assertEqual(len(spans), 1) self.assertEqual(span.attributes["aws.agent"], "botocore") self.assertEqual(span.attributes["aws.region"], "us-west-2") self.assertEqual(span.attributes["aws.operation"], "DescribeInstances") assert_span_http_status_code(span, 200) self.assertEqual( span.resource, Resource(attributes={ "endpoint": "ec2", "operation": "describeinstances", }), ) self.assertEqual(span.name, "ec2.command") self.assertIn(MockTextMapPropagator.TRACE_ID_KEY, headers) self.assertEqual( str(span.get_span_context().trace_id), headers[MockTextMapPropagator.TRACE_ID_KEY], ) self.assertIn(MockTextMapPropagator.SPAN_ID_KEY, headers) self.assertEqual( str(span.get_span_context().span_id), headers[MockTextMapPropagator.SPAN_ID_KEY], ) finally: propagators.set_global_textmap(previous_propagator)
def test_propagator_injects_into_request(self): headers = {} previous_propagator = propagators.get_global_textmap() def check_headers(**kwargs): nonlocal headers headers = kwargs["request"].headers try: propagators.set_global_textmap(MockTextMapPropagator()) ec2 = self.session.create_client("ec2", region_name="us-west-2") ec2.meta.events.register_first( "before-send.ec2.DescribeInstances", check_headers ) ec2.describe_instances() spans = self.memory_exporter.get_finished_spans() self.assertEqual(len(spans), 1) span = spans[0] describe_instances_attributes = spans[0].attributes self.assertEqual( describe_instances_attributes, { "aws.operation": "DescribeInstances", "aws.region": "us-west-2", "aws.request_id": "fdcdcab1-ae5c-489e-9c33-4637c5dda355", "aws.service": "ec2", "retry_attempts": 0, "http.status_code": 200, }, ) self.assertIn(MockTextMapPropagator.TRACE_ID_KEY, headers) self.assertEqual( str(span.get_span_context().trace_id), headers[MockTextMapPropagator.TRACE_ID_KEY], ) self.assertIn(MockTextMapPropagator.SPAN_ID_KEY, headers) self.assertEqual( str(span.get_span_context().span_id), headers[MockTextMapPropagator.SPAN_ID_KEY], ) finally: propagators.set_global_textmap(previous_propagator)
def serve(): trace.set_tracer_provider(TracerProvider()) trace.get_tracer_provider().add_span_processor( SimpleExportSpanProcessor(ConsoleSpanExporter()) ) propagators.set_global_textmap(B3Format()) server = grpc.server(futures.ThreadPoolExecutor(max_workers=10), interceptors=[server_interceptor()]) add_ProductInfoServicer_to_server(ProductInfoServer(), server) server.add_insecure_port("[::]:50050") server.start() proxy = MyProxy(ProductInfoServer) try: proxy.start() server.wait_for_termination() except KeyboardInterrupt: print("terminating") proxy.stop() print("Goodbye")
def set_up(service_name: str): """Instantiate and configure the span exporter. The exporter is select and configured through environment variables. Parameters ---------- service_name : str The name under which the data is exported. """ if tracing_settings.TRACING_EXPORTER.lower() == "jaeger": from opentelemetry.sdk.trace.export import BatchExportSpanProcessor jaeger_exporter = jaeger.JaegerSpanExporter( service_name=service_name, agent_host_name=tracing_settings.JAEGER_AGENT_HOST_NAME, agent_port=tracing_settings.JAEGER_AGENT_PORT, ) trace.get_tracer_provider().add_span_processor( BatchExportSpanProcessor(jaeger_exporter)) elif tracing_settings.TRACING_EXPORTER.lower() == "console": from opentelemetry.sdk.trace.export import SimpleExportSpanProcessor, ConsoleSpanExporter trace.get_tracer_provider().add_span_processor( SimpleExportSpanProcessor(ConsoleSpanExporter())) elif tracing_settings.TRACING_EXPORTER == "gcp": from opentelemetry.exporter.cloud_trace import CloudTraceSpanExporter from opentelemetry.tools.cloud_trace_propagator import CloudTraceFormatPropagator from opentelemetry.sdk.trace.export import BatchExportSpanProcessor from opentelemetry.propagators import set_global_textmap cloud_trace_exporter = CloudTraceSpanExporter() trace.get_tracer_provider().add_span_processor( BatchExportSpanProcessor(cloud_trace_exporter)) set_global_textmap(CloudTraceFormatPropagator())
def create_app(): """Flask application factory to create instances of the Contact Service Flask App """ app = Flask(__name__) # Disabling unused-variable for lines with route decorated functions # as pylint thinks they are unused # pylint: disable=unused-variable @app.route("/version", methods=["GET"]) def version(): """ Service version endpoint """ return app.config["VERSION"], 200 @app.route("/ready", methods=["GET"]) def ready(): """Readiness probe.""" return "ok", 200 @app.route("/contacts/<username>", methods=["GET"]) def get_contacts(username): """Retrieve the contacts list for the authenticated user. This list is used for populating Payment and Deposit fields. Return: a list of contacts """ auth_header = request.headers.get("Authorization") if auth_header: token = auth_header.split(" ")[-1] else: token = "" try: auth_payload = jwt.decode( token, key=app.config["PUBLIC_KEY"], algorithms="RS256" ) if username != auth_payload["user"]: raise PermissionError contacts_list = contacts_db.get_contacts(username) app.logger.debug("Succesfully retrieved contacts.") return jsonify(contacts_list), 200 except (PermissionError, jwt.exceptions.InvalidTokenError) as err: app.logger.error("Error retrieving contacts list: %s", str(err)) return "authentication denied", 401 except SQLAlchemyError as err: app.logger.error("Error retrieving contacts list: %s", str(err)) return "failed to retrieve contacts list", 500 @app.route("/contacts/<username>", methods=["POST"]) def add_contact(username): """Add a new favorite account to user's contacts list Fails if account or routing number are invalid or if label is not alphanumeric request fields: - account_num - routing_num - label - is_external """ auth_header = request.headers.get("Authorization") if auth_header: token = auth_header.split(" ")[-1] else: token = "" try: auth_payload = jwt.decode( token, key=app.config["PUBLIC_KEY"], algorithms="RS256" ) if username != auth_payload["user"]: raise PermissionError req = { k: (bleach.clean(v) if isinstance(v, str) else v) for k, v in request.get_json().items() } _validate_new_contact(req) _check_contact_allowed(username, auth_payload["acct"], req) # Create contact data to be added to the database. contact_data = { "username": username, "label": req["label"], "account_num": req["account_num"], "routing_num": req["routing_num"], "is_external": req["is_external"], } # Add contact_data to database app.logger.debug("Adding new contact to the database.") contacts_db.add_contact(contact_data) app.logger.info("Successfully added new contact.") return jsonify({}), 201 except (PermissionError, jwt.exceptions.InvalidTokenError) as err: app.logger.error("Error adding contact: %s", str(err)) return "authentication denied", 401 except UserWarning as warn: app.logger.error("Error adding contact: %s", str(warn)) return str(warn), 400 except ValueError as err: app.logger.error("Error adding contact: %s", str(err)) return str(err), 409 except SQLAlchemyError as err: app.logger.error("Error adding contact: %s", str(err)) return "failed to add contact", 500 def _validate_new_contact(req): """Check that this new contact request has valid fields""" app.logger.debug("validating add contact request: %s", str(req)) # Check if required fields are filled fields = ("label", "account_num", "routing_num", "is_external") if any(f not in req for f in fields): raise UserWarning("missing required field(s)") # Validate account number (must be 10 digits) if req["account_num"] is None or not re.match(r"\A[0-9]{10}\Z", req["account_num"]): raise UserWarning("invalid account number") # Validate routing number (must be 9 digits) if req["routing_num"] is None or not re.match(r"\A[0-9]{9}\Z", req["routing_num"]): raise UserWarning("invalid routing number") # Only allow external accounts to deposit if (req["is_external"] and req["routing_num"] == app.config["LOCAL_ROUTING"]): raise UserWarning("invalid routing number") # Validate label # Must be >0 and <=30 chars, alphanumeric and spaces, can't start with space if req["label"] is None or not re.match(r"^[0-9a-zA-Z][0-9a-zA-Z ]{0,29}$", req["label"]): raise UserWarning("invalid account label") def _check_contact_allowed(username, accountid, req): """Check that this contact is allowed to be created""" app.logger.debug("checking that this contact is allowed to be created: %s", str(req)) # Don't allow self reference if (req["account_num"] == accountid and req["routing_num"] == app.config["LOCAL_ROUTING"]): raise ValueError("may not add yourself to contacts") # Don't allow identical contacts for contact in contacts_db.get_contacts(username): if (contact["account_num"] == req["account_num"] and contact["routing_num"] == req["routing_num"]): raise ValueError("account already exists as a contact") if contact["label"] == req["label"]: raise ValueError("contact already exists with that label") @atexit.register def _shutdown(): """Executed when web app is terminated.""" app.logger.info("Stopping contacts service.") # set log formatting date_format = "%Y-%m-%d %H:%M:%S" message_format = '%(asctime)s | [%(levelname)s] | %(funcName)s | %(message)s' logging.basicConfig(format= message_format, datefmt= date_format, stream=sys.stdout) # set log level log_levels = { "DEBUG": logging.DEBUG, "WARNING": logging.WARNING, "INFO": logging.INFO, "ERROR": logging.ERROR, "CRITICAL": logging.CRITICAL } level = logging.INFO #default user_log_level = os.environ.get("LOG_LEVEL") if user_log_level is not None and user_log_level.upper() in log_levels: level = log_levels.get(user_log_level.upper()) app.logger.setLevel(level) app.logger.info("Starting contacts service.") # Set up tracing and export spans to Cloud Trace. if os.environ['ENABLE_TRACING'] == "true": app.logger.info("✅ Tracing enabled.") # Set up tracing and export spans to Cloud Trace trace.set_tracer_provider(TracerProvider()) cloud_trace_exporter = CloudTraceSpanExporter() trace.get_tracer_provider().add_span_processor( BatchExportSpanProcessor(cloud_trace_exporter) ) set_global_textmap(CloudTraceFormatPropagator()) FlaskInstrumentor().instrument_app(app) else: app.logger.info("🚫 Tracing disabled.") # setup global variables app.config["VERSION"] = os.environ.get("VERSION") app.config["LOCAL_ROUTING"] = os.environ.get("LOCAL_ROUTING_NUM") app.config["PUBLIC_KEY"] = open(os.environ.get("PUB_KEY_PATH"), "r").read() # Configure database connection try: contacts_db = ContactsDb(os.environ.get("ACCOUNTS_DB_URI"), app.logger) except OperationalError: app.logger.critical("database connection failed") sys.exit(1) return app
def create_app(): """Flask application factory to create instances of the Frontend Flask App """ app = Flask(__name__) # Disabling unused-variable for lines with route decorated functions # as pylint thinks they are unused # pylint: disable=unused-variable @app.route('/version', methods=['GET']) def version(): """ Service version endpoint """ return os.environ.get('VERSION'), 200 @app.route('/ready', methods=['GET']) def readiness(): """ Readiness probe """ return 'ok', 200 @app.route("/") def root(): """ Renders home page or login page, depending on authentication status. """ token = request.cookies.get(app.config['TOKEN_NAME']) if not verify_token(token): return login_page() return home() @app.route("/home") def home(): """ Renders home page. Redirects to /login if token is not valid """ token = request.cookies.get(app.config['TOKEN_NAME']) if not verify_token(token): # user isn't authenticated app.logger.debug( 'User isn\'t authenticated. Redirecting to login page.') return redirect( url_for('login_page', _external=True, _scheme=app.config['SCHEME'])) token_data = jwt.decode(token, verify=False) display_name = token_data['name'] username = token_data['user'] account_id = token_data['acct'] hed = {'Authorization': 'Bearer ' + token} # get balance balance = None try: url = '{}/{}'.format(app.config["BALANCES_URI"], account_id) app.logger.debug('Getting account balance.') response = requests.get(url=url, headers=hed, timeout=app.config['BACKEND_TIMEOUT']) if response: balance = response.json() except (requests.exceptions.RequestException, ValueError) as err: app.logger.error('Error getting account balance: %s', str(err)) # get history transaction_list = None try: url = '{}/{}'.format(app.config["HISTORY_URI"], account_id) app.logger.debug('Getting transaction history.') response = requests.get(url=url, headers=hed, timeout=app.config['BACKEND_TIMEOUT']) if response: transaction_list = response.json() except (requests.exceptions.RequestException, ValueError) as err: app.logger.error('Error getting transaction history: %s', str(err)) # get contacts contacts = [] try: url = '{}/{}'.format(app.config["CONTACTS_URI"], username) app.logger.debug('Getting contacts.') response = requests.get(url=url, headers=hed, timeout=app.config['BACKEND_TIMEOUT']) if response: contacts = response.json() except (requests.exceptions.RequestException, ValueError) as err: app.logger.error('Error getting contacts: %s', str(err)) _populate_contact_labels(account_id, transaction_list, contacts) return render_template('index.html', cymbal_logo=os.getenv('CYMBAL_LOGO', 'false'), history=transaction_list, balance=balance, name=display_name, account_id=account_id, contacts=contacts, message=request.args.get('msg', None), bank_name=os.getenv('BANK_NAME', 'Bank of Anthos')) def _populate_contact_labels(account_id, transactions, contacts): """ Populate contact labels for the passed transactions. Side effect: Take each transaction and set the 'accountLabel' field with the label of the contact each transaction was associated with. If there was no associated contact, set 'accountLabel' to None. If any parameter is None, nothing happens. Params: account_id - the account id for the user owning the transaction list transactions - a list of transactions as key/value dicts [{transaction1}, {transaction2}, ...] contacts - a list of contacts as key/value dicts [{contact1}, {contact2}, ...] """ app.logger.debug('Populating contact labels.') if account_id is None or transactions is None or contacts is None: return # Map contact accounts to their labels. If no label found, default to None. contact_map = {c['account_num']: c.get('label') for c in contacts} # Populate the 'accountLabel' field. If no match found, default to None. for trans in transactions: if trans['toAccountNum'] == account_id: trans['accountLabel'] = contact_map.get( trans['fromAccountNum']) elif trans['fromAccountNum'] == account_id: trans['accountLabel'] = contact_map.get(trans['toAccountNum']) @app.route('/payment', methods=['POST']) def payment(): """ Submits payment request to ledgerwriter service Fails if: - token is not valid - basic validation checks fail - response code from ledgerwriter is not 201 """ token = request.cookies.get(app.config['TOKEN_NAME']) if not verify_token(token): # user isn't authenticated app.logger.error( 'Error submitting payment: user is not authenticated.') return abort(401) try: account_id = jwt.decode(token, verify=False)['acct'] recipient = request.form['account_num'] if recipient == 'add': recipient = request.form['contact_account_num'] label = request.form.get('contact_label', None) if label: # new contact. Add to contacts list _add_contact(label, recipient, app.config['LOCAL_ROUTING'], False) transaction_data = { "fromAccountNum": account_id, "fromRoutingNum": app.config['LOCAL_ROUTING'], "toAccountNum": recipient, "toRoutingNum": app.config['LOCAL_ROUTING'], "amount": int(Decimal(request.form['amount']) * 100), "uuid": request.form['uuid'] } _submit_transaction(transaction_data) app.logger.info('Payment initiated successfully.') return redirect( url_for('home', msg='Payment successful', _external=True, _scheme=app.config['SCHEME'])) except requests.exceptions.RequestException as err: app.logger.error('Error submitting payment: %s', str(err)) except UserWarning as warn: app.logger.error('Error submitting payment: %s', str(warn)) msg = 'Payment failed: {}'.format(str(warn)) return redirect( url_for('home', msg=msg, _external=True, _scheme=app.config['SCHEME'])) return redirect( url_for('home', msg='Payment failed', _external=True, _scheme=app.config['SCHEME'])) @app.route('/deposit', methods=['POST']) def deposit(): """ Submits deposit request to ledgerwriter service Fails if: - token is not valid - routing number == local routing number - response code from ledgerwriter is not 201 """ token = request.cookies.get(app.config['TOKEN_NAME']) if not verify_token(token): # user isn't authenticated app.logger.error( 'Error submitting deposit: user is not authenticated.') return abort(401) try: # get account id from token account_id = jwt.decode(token, verify=False)['acct'] if request.form['account'] == 'add': external_account_num = request.form['external_account_num'] external_routing_num = request.form['external_routing_num'] if external_routing_num == app.config['LOCAL_ROUTING']: raise UserWarning("invalid routing number") external_label = request.form.get('external_label', None) if external_label: # new contact. Add to contacts list _add_contact(external_label, external_account_num, external_routing_num, True) else: account_details = json.loads(request.form['account']) external_account_num = account_details['account_num'] external_routing_num = account_details['routing_num'] transaction_data = { "fromAccountNum": external_account_num, "fromRoutingNum": external_routing_num, "toAccountNum": account_id, "toRoutingNum": app.config['LOCAL_ROUTING'], "amount": int(Decimal(request.form['amount']) * 100), "uuid": request.form['uuid'] } _submit_transaction(transaction_data) app.logger.info('Deposit submitted successfully.') return redirect( url_for('home', msg='Deposit successful', _external=True, _scheme=app.config['SCHEME'])) except requests.exceptions.RequestException as err: app.logger.error('Error submitting deposit: %s', str(err)) except UserWarning as warn: app.logger.error('Error submitting deposit: %s', str(warn)) msg = 'Deposit failed: {}'.format(str(warn)) return redirect( url_for('home', msg=msg, _external=True, _scheme=app.config['SCHEME'])) return redirect( url_for('home', msg='Deposit failed', _external=True, _scheme=app.config['SCHEME'])) def _submit_transaction(transaction_data): app.logger.debug('Submitting transaction.') token = request.cookies.get(app.config['TOKEN_NAME']) hed = { 'Authorization': 'Bearer ' + token, 'content-type': 'application/json' } resp = requests.post(url=app.config["TRANSACTIONS_URI"], data=jsonify(transaction_data).data, headers=hed, timeout=app.config['BACKEND_TIMEOUT']) try: resp.raise_for_status() # Raise on HTTP Status code 4XX or 5XX except requests.exceptions.HTTPError: raise UserWarning(resp.text) def _add_contact(label, acct_num, routing_num, is_external_acct=False): """ Submits a new contact to the contact service. Raise: UserWarning if the response status is 4xx or 5xx. """ app.logger.debug('Adding new contact.') token = request.cookies.get(app.config['TOKEN_NAME']) hed = { 'Authorization': 'Bearer ' + token, 'content-type': 'application/json' } contact_data = { 'label': label, 'account_num': acct_num, 'routing_num': routing_num, 'is_external': is_external_acct } token_data = jwt.decode(token, verify=False) url = '{}/{}'.format(app.config["CONTACTS_URI"], token_data['user']) resp = requests.post(url=url, data=jsonify(contact_data).data, headers=hed, timeout=app.config['BACKEND_TIMEOUT']) try: resp.raise_for_status() # Raise on HTTP Status code 4XX or 5XX except requests.exceptions.HTTPError: raise UserWarning(resp.text) @app.route("/login", methods=['GET']) def login_page(): """ Renders login page. Redirects to /home if user already has a valid token """ token = request.cookies.get(app.config['TOKEN_NAME']) if verify_token(token): # already authenticated app.logger.debug( 'User already authenticated. Redirecting to /home') return redirect( url_for('home', _external=True, _scheme=app.config['SCHEME'])) return render_template('login.html', cymbal_logo=os.getenv('CYMBAL_LOGO', 'false'), message=request.args.get('msg', None), default_user=os.getenv('DEFAULT_USERNAME', ''), default_password=os.getenv( 'DEFAULT_PASSWORD', ''), bank_name=os.getenv('BANK_NAME', 'Bank of Anthos')) @app.route('/login', methods=['POST']) def login(): """ Submits login request to userservice and saves resulting token Fails if userservice does not accept input username and password """ return _login_helper(request.form['username'], request.form['password']) def _login_helper(username, password): try: app.logger.debug('Logging in.') req = requests.get(url=app.config["LOGIN_URI"], params={ 'username': username, 'password': password }) req.raise_for_status() # Raise on HTTP Status code 4XX or 5XX # login success token = req.json()['token'].encode('utf-8') claims = jwt.decode(token, verify=False) max_age = claims['exp'] - claims['iat'] resp = make_response( redirect( url_for('home', _external=True, _scheme=app.config['SCHEME']))) resp.set_cookie(app.config['TOKEN_NAME'], token, max_age=max_age) app.logger.info('Successfully logged in.') return resp except (RequestException, HTTPError) as err: app.logger.error('Error logging in: %s', str(err)) return redirect( url_for('login', msg='Login Failed', _external=True, _scheme=app.config['SCHEME'])) @app.route("/signup", methods=['GET']) def signup_page(): """ Renders signup page. Redirects to /login if token is not valid """ token = request.cookies.get(app.config['TOKEN_NAME']) if verify_token(token): # already authenticated app.logger.debug( 'User already authenticated. Redirecting to /home') return redirect( url_for('home', _external=True, _scheme=app.config['SCHEME'])) return render_template('signup.html', cymbal_logo=os.getenv('CYMBAL_LOGO', 'false'), bank_name=os.getenv('BANK_NAME', 'Bank of Anthos')) @app.route("/signup", methods=['POST']) def signup(): """ Submits signup request to userservice Fails if userservice does not accept input form data """ try: # create user app.logger.debug('Creating new user.') resp = requests.post(url=app.config["USERSERVICE_URI"], data=request.form, timeout=app.config['BACKEND_TIMEOUT']) if resp.status_code == 201: # user created. Attempt login app.logger.info('New user created.') return _login_helper(request.form['username'], request.form['password']) except requests.exceptions.RequestException as err: app.logger.error('Error creating new user: %s', str(err)) return redirect( url_for('login', msg='Error: Account creation failed', _external=True, _scheme=app.config['SCHEME'])) @app.route('/logout', methods=['POST']) def logout(): """ Logs out user by deleting token cookie and redirecting to login page """ app.logger.info('Logging out.') resp = make_response( redirect( url_for('login_page', _external=True, _scheme=app.config['SCHEME']))) resp.delete_cookie(app.config['TOKEN_NAME']) return resp def verify_token(token): """ Validates token using userservice public key """ app.logger.debug('Verifying token.') if token is None: return False try: jwt.decode(token, key=app.config['PUBLIC_KEY'], algorithms='RS256', verify=True) app.logger.debug('Token verified.') return True except jwt.exceptions.InvalidTokenError as err: app.logger.error('Error validating token: %s', str(err)) return False # register html template formatters def format_timestamp_day(timestamp): """ Format the input timestamp day in a human readable way """ # TODO: time zones? date = datetime.datetime.strptime(timestamp, app.config['TIMESTAMP_FORMAT']) return date.strftime('%d') def format_timestamp_month(timestamp): """ Format the input timestamp month in a human readable way """ # TODO: time zones? date = datetime.datetime.strptime(timestamp, app.config['TIMESTAMP_FORMAT']) return date.strftime('%b') def format_currency(int_amount): """ Format the input currency in a human readable way """ if int_amount is None: return '$---' amount_str = '${:0,.2f}'.format(abs(Decimal(int_amount) / 100)) if int_amount < 0: amount_str = '-' + amount_str return amount_str # set up global variables app.config["TRANSACTIONS_URI"] = 'http://{}/transactions'.format( os.environ.get('TRANSACTIONS_API_ADDR')) app.config["USERSERVICE_URI"] = 'http://{}/users'.format( os.environ.get('USERSERVICE_API_ADDR')) app.config["BALANCES_URI"] = 'http://{}/balances'.format( os.environ.get('BALANCES_API_ADDR')) app.config["HISTORY_URI"] = 'http://{}/transactions'.format( os.environ.get('HISTORY_API_ADDR')) app.config["LOGIN_URI"] = 'http://{}/login'.format( os.environ.get('USERSERVICE_API_ADDR')) app.config["CONTACTS_URI"] = 'http://{}/contacts'.format( os.environ.get('CONTACTS_API_ADDR')) app.config['PUBLIC_KEY'] = open(os.environ.get('PUB_KEY_PATH'), 'r').read() app.config['LOCAL_ROUTING'] = os.getenv('LOCAL_ROUTING_NUM') app.config[ 'BACKEND_TIMEOUT'] = 4 # timeout in seconds for calls to the backend app.config['TOKEN_NAME'] = 'token' app.config['TIMESTAMP_FORMAT'] = '%Y-%m-%dT%H:%M:%S.%f%z' app.config['SCHEME'] = os.environ.get('SCHEME', 'http') # register formater functions app.jinja_env.globals.update(format_currency=format_currency) app.jinja_env.globals.update(format_timestamp_month=format_timestamp_month) app.jinja_env.globals.update(format_timestamp_day=format_timestamp_day) # Set up logging app.logger.handlers = logging.getLogger('gunicorn.error').handlers app.logger.setLevel(logging.getLogger('gunicorn.error').level) app.logger.info('Starting frontend service.') # Set up tracing and export spans to Cloud Trace. if os.environ['ENABLE_TRACING'] == "true": app.logger.info("✅ Tracing enabled.") trace.set_tracer_provider(TracerProvider()) cloud_trace_exporter = CloudTraceSpanExporter() trace.get_tracer_provider().add_span_processor( BatchExportSpanProcessor(cloud_trace_exporter)) set_global_textmap(CloudTraceFormatPropagator()) # Add tracing auto-instrumentation for Flask, jinja and requests FlaskInstrumentor().instrument_app(app) RequestsInstrumentor().instrument() Jinja2Instrumentor().instrument() else: app.logger.info("🚫 Tracing disabled.") return app
def create_app(): """Flask application factory to create instances of the Userservice Flask App """ app = Flask(__name__) # Disabling unused-variable for lines with route decorated functions # as pylint thinks they are unused # pylint: disable=unused-variable @app.route('/version', methods=['GET']) def version(): """ Service version endpoint """ return app.config['VERSION'], 200 @app.route('/ready', methods=['GET']) def readiness(): """ Readiness probe """ return 'ok', 200 @app.route('/users', methods=['POST']) def create_user(): """Create a user record. Fails if that username already exists. Generates a unique accountid. request fields: - username - password - password-repeat - firstname - lastname - birthday - timezone - address - state - zip - ssn """ try: app.logger.debug('Sanitizing input.') req = {k: bleach.clean(v) for k, v in request.form.items()} __validate_new_user(req) # Check if user already exists if users_db.get_user(req['username']) is not None: raise NameError('user {} already exists'.format( req['username'])) # Create password hash with salt app.logger.debug("Creating password hash.") password = req['password'] salt = bcrypt.gensalt() passhash = bcrypt.hashpw(password.encode('utf-8'), salt) accountid = users_db.generate_accountid() # Create user data to be added to the database user_data = { 'accountid': accountid, 'username': req['username'], 'passhash': passhash, 'firstname': req['firstname'], 'lastname': req['lastname'], 'birthday': req['birthday'], 'timezone': req['timezone'], 'address': req['address'], 'state': req['state'], 'zip': req['zip'], 'ssn': req['ssn'], } # Add user_data to database app.logger.debug("Adding user to the database") users_db.add_user(user_data) app.logger.info("Successfully created user.") except UserWarning as warn: app.logger.error("Error creating new user: %s", str(warn)) return str(warn), 400 except NameError as err: app.logger.error("Error creating new user: %s", str(err)) return str(err), 409 except SQLAlchemyError as err: app.logger.error("Error creating new user: %s", str(err)) return 'failed to create user', 500 return jsonify({}), 201 def __validate_new_user(req): app.logger.debug('validating create user request: %s', str(req)) # Check if required fields are filled fields = ( 'username', 'password', 'password-repeat', 'firstname', 'lastname', 'birthday', 'timezone', 'address', 'state', 'zip', 'ssn', ) if any(f not in req for f in fields): raise UserWarning('missing required field(s)') if any(not bool(req[f] or req[f].strip()) for f in fields): raise UserWarning('missing value for input field(s)') # Verify username contains only 2-15 alphanumeric or underscore characters if not re.match(r"\A[a-zA-Z0-9_]{2,15}\Z", req['username']): raise UserWarning( 'username must contain 2-15 alphanumeric characters or underscores' ) # Check if passwords match if not req['password'] == req['password-repeat']: raise UserWarning('passwords do not match') @app.route('/login', methods=['GET']) def login(): """Login a user and return a JWT token Fails if username doesn't exist or password doesn't match hash token expiry time determined by environment variable request fields: - username - password """ app.logger.debug('Sanitizing login input.') username = bleach.clean(request.args.get('username')) password = bleach.clean(request.args.get('password')) # Get user data try: app.logger.debug('Getting the user data.') user = users_db.get_user(username) if user is None: raise LookupError('user {} does not exist'.format(username)) # Validate the password app.logger.debug('Validating the password.') if not bcrypt.checkpw(password.encode('utf-8'), user['passhash']): raise PermissionError('invalid login') full_name = '{} {}'.format(user['firstname'], user['lastname']) exp_time = datetime.utcnow() + timedelta( seconds=app.config['EXPIRY_SECONDS']) payload = { 'user': username, 'acct': user['accountid'], 'name': full_name, 'iat': datetime.utcnow(), 'exp': exp_time, } app.logger.debug('Creating jwt token.') token = jwt.encode(payload, app.config['PRIVATE_KEY'], algorithm='RS256') app.logger.info('Login Successful.') return jsonify({'token': token.decode("utf-8")}), 200 except LookupError as err: app.logger.error('Error logging in: %s', str(err)) return str(err), 404 except PermissionError as err: app.logger.error('Error logging in: %s', str(err)) return str(err), 401 except SQLAlchemyError as err: app.logger.error('Error logging in: %s', str(err)) return 'failed to retrieve user information', 500 @atexit.register def _shutdown(): """Executed when web app is terminated.""" app.logger.info("Stopping userservice.") # Set up logger app.logger.handlers = logging.getLogger('gunicorn.error').handlers app.logger.setLevel(logging.getLogger('gunicorn.error').level) app.logger.info('Starting userservice.') # Set up tracing and export spans to Cloud Trace. if os.environ['ENABLE_TRACING'] == "true": app.logger.info("✅ Tracing enabled.") # Set up tracing and export spans to Cloud Trace trace.set_tracer_provider(TracerProvider()) cloud_trace_exporter = CloudTraceSpanExporter() trace.get_tracer_provider().add_span_processor( BatchExportSpanProcessor(cloud_trace_exporter)) set_global_textmap(CloudTraceFormatPropagator()) FlaskInstrumentor().instrument_app(app) else: app.logger.info("🚫 Tracing disabled.") app.config['VERSION'] = os.environ.get('VERSION') app.config['EXPIRY_SECONDS'] = int(os.environ.get('TOKEN_EXPIRY_SECONDS')) app.config['PRIVATE_KEY'] = open(os.environ.get('PRIV_KEY_PATH'), 'r').read() app.config['PUBLIC_KEY'] = open(os.environ.get('PUB_KEY_PATH'), 'r').read() # Configure database connection try: users_db = UserDb(os.environ.get("ACCOUNTS_DB_URI"), app.logger) except OperationalError: app.logger.critical("users_db database connection failed") sys.exit(1) return app
def configure_exporter(exporter): trace.set_tracer_provider(TracerProvider()) trace.get_tracer_provider().add_span_processor( SimpleExportSpanProcessor(exporter)) propagators.set_global_textmap(CloudTraceFormatPropagator())
def tearDownClass(cls): # Restore previous propagator. propagators.set_global_textmap(cls._previous_propagator)
def setUpClass(cls): # Save current propagator to be restored on teardown. cls._previous_propagator = propagators.get_global_textmap() # Set mock propagator for testing. propagators.set_global_textmap(MockTextMapPropagator())
from flask import Flask # Instrumenting requests opentelemetry.ext.requests.RequestsInstrumentor().instrument() # Instrumenting flask app = Flask(__name__) FlaskInstrumentor().instrument_app(app) # Tracer boilerplate trace.set_tracer_provider(TracerProvider()) trace.get_tracer_provider().add_span_processor( SimpleExportSpanProcessor(CloudTraceSpanExporter()) ) # Using the X-Cloud-Trace-Context header set_global_textmap(CloudTraceFormatPropagator()) @app.route("/") def hello_world(): tracer = trace.get_tracer(__name__) with tracer.start_as_current_span("server_span"): return "Hello World!" if __name__ == "__main__": port = 5000 app.run(port=port)
def configure_opentelemetry( access_token: str = _LS_ACCESS_TOKEN, span_exporter_endpoint: str = _OTEL_EXPORTER_OTLP_TRACES_ENDPOINT, service_name: str = _LS_SERVICE_NAME, service_version: str = _LS_SERVICE_VERSION, propagators: str = _OTEL_PROPAGATORS, resource_attributes: str = _OTEL_RESOURCE_ATTRIBUTES, log_level: str = _OTEL_LOG_LEVEL, span_exporter_insecure: bool = _OTEL_EXPORTER_OTLP_TRACES_INSECURE, _auto_instrumented: bool = False, ): # pylint: disable=too-many-locals # pylint: disable=too-many-statements """ Configures OpenTelemetry with Lightstep environment variables This function works as a configuration layer that allows the Lightstep end user to use current environment variables seamlessly with OpenTelemetry. In this way, it is not needed to make any configuration changes to the environment before using OpenTelemetry. The configuration can be done via environment variables (prefixed with `LS`) or via arguments passed to this function. Each argument has a 1:1 correspondence with an environment variable, their description follows: Arguments: access_token (str): LS_ACCESS_TOKEN, the access token used to authenticate with the Lightstep satellite. This configuration value is mandatory. span_exporter_endpoint (str): OTEL_EXPORTER_OTLP_TRACES_ENDPOINT, the URL of the Lightstep satellite where the spans are to be exported. Defaults to `ingest.lightstep.com:443`. service_name (str): LS_SERVICE_NAME, the name of the service that is used along with the access token to send spans to the Lighstep satellite. This configuration value is mandatory. service_version (str): LS_SERVICE_VERSION, the version of the service used to sernd spans to the Lightstep satellite. Defaults to `None`. propagators (str): OTEL_PROPAGATORS, a list of propagators to be used. The list is specified as a comma-separated string of values, for example: `a,b,c,d,e,f`. Defaults to `b3`. resource_attributes (str): OTEL_RESOURCE_ATTRIBUTES, a dictionary of key value pairs used to instantiate the resouce of the tracer provider. The dictionary is specified as a string of comma-separated `key=value` pairs. For example: `a=1,b=2,c=3`. Defaults to `telemetry.sdk.language=python,telemetry.sdk.version=X` where `X` is the version of this package. log_level (str): OTEL_LOG_LEVEL, one of: - `NOTSET` (0) - `DEBUG` (10) - `INFO` (20) - `WARNING` (30) - `ERROR` (40) - `CRITICAL` (50) Defaults to `logging.ERROR`. span_exporter_insecure (bool): OTEL_EXPORTER_OTLP_TRACES_INSECURE, a boolean value that indicates if an insecure channel is to be used to send spans to the satellite. Defaults to `False`. """ log_levels = { "NOTSET": NOTSET, "DEBUG": DEBUG, "INFO": INFO, "WARNING": WARNING, "ERROR": ERROR, "CRITICAL": CRITICAL, } # No environment variable is passed here as the first argument since what # is intended here is just to parse the value of the already obtained value # of the environment variables OTEL_PROPAGATORS and # OTEL_RESOURCE_ATTRIBUTES into a list and a dictionary. This is not done # at the attribute declaration to avoid having mutable objects as default # arguments. propagators = _env.list("", propagators) resource_attributes = _env.dict("", resource_attributes) log_level = log_level.upper() if log_level not in log_levels.keys(): message = ( "Invalid configuration: invalid log_level value." "It must be one of {}.".format(", ".join(log_levels.keys())) ) _logger.error(message) raise InvalidConfigurationError(message) log_level = log_levels[log_level] basicConfig(level=log_level) _logger.debug("configuration") if not _validate_service_name(service_name): message = ( "Invalid configuration: service name missing. " "Set environment variable LS_SERVICE_NAME" ) if not _auto_instrumented: message += ( " or call configure_opentelemetry with service_name defined" ) _logger.error(message) raise InvalidConfigurationError(message) resource_attributes["service.name"] = service_name logged_attributes = { "access_token": access_token, "span_exporter_endpoint": span_exporter_endpoint, "service_name": service_name, "propagators": propagators, "resource_attributes": resource_attributes, "log_level": getLevelName(log_level), "span_exporter_insecure": span_exporter_insecure, } if service_version is not None: resource_attributes["service.version"] = service_version logged_attributes["service_version"] = service_version for key, value in logged_attributes.items(): _logger.debug("%s: %s", key, value) if access_token is None: if ( span_exporter_endpoint == _DEFAULT_OTEL_EXPORTER_OTLP_TRACES_ENDPOINT ): message = ( "Invalid configuration: token missing. " "Must be set to send data to {}. " "Set environment variable LS_ACCESS_TOKEN" ).format(_OTEL_EXPORTER_OTLP_TRACES_ENDPOINT) if not _auto_instrumented: message += " or call configure_opentelemetry with access_token defined" _logger.error(message) raise InvalidConfigurationError(message) if access_token is not None and not _validate_token(access_token): message = ( "Invalid configuration: invalid token. " "Token must be a 32, 84 or 104 character long string." ) _logger.error(message) raise InvalidConfigurationError(message) _logger.debug("configuring propagation") # FIXME use entry points (instead of a dictionary) to locate propagator # classes set_global_textmap( CompositeHTTPPropagator( [ { "b3": B3Format(), "baggage": BaggagePropagator(), "tracecontext": TraceContextTextMapPropagator(), }[propagator] for propagator in propagators ] ) ) headers = None if access_token != "": headers = (("lightstep-access-token", access_token),) _logger.debug("configuring tracing") credentials = _common_configuration( set_tracer_provider, TracerProvider, "OTEL_PYTHON_TRACER_PROVIDER", span_exporter_insecure, ) get_tracer_provider().add_span_processor( BatchExportSpanProcessor( LightstepOTLPSpanExporter( endpoint=span_exporter_endpoint, credentials=credentials, headers=headers, ) ) ) if _ATTRIBUTE_HOST_NAME not in resource_attributes.keys() or not ( resource_attributes[_ATTRIBUTE_HOST_NAME] ): no_hostname_message = ( "set it with the environment variable OTEL_RESOURCE_ATTRIBUTES or " 'with the resource_attributes argument. Use "host.name" as key ' "in both cases." ) try: hostname = gethostname() if not hostname: _logger.warning("Hostname is empty, %s", no_hostname_message) else: resource_attributes[_ATTRIBUTE_HOST_NAME] = hostname # pylint: disable=broad-except except Exception: _logger.exception( "Unable to get hostname, %s", no_hostname_message ) get_tracer_provider().resource = Resource(resource_attributes) if log_level <= DEBUG: get_tracer_provider().add_span_processor( BatchExportSpanProcessor(ConsoleSpanExporter()) )
dd_agent = os.getenv('DD_AGENT_HOST') app = Sanic(name=service_name) resource = Resource.create({"service.name": service_name}) trace.set_tracer_provider(TracerProvider(resource=resource)) trace.get_tracer_provider().add_span_processor( DatadogExportSpanProcessor( DatadogSpanExporter(agent_url="http://" + dd_agent + ":8126", service=service_name))) global_textmap = get_global_textmap() if isinstance(global_textmap, CompositeHTTPPropagator) and not any( isinstance(p, DatadogFormat) for p in global_textmap._propagators): set_global_textmap( CompositeHTTPPropagator(global_textmap._propagators + [DatadogFormat()])) else: set_global_textmap(DatadogFormat()) tracer = trace.get_tracer(__name__) @app.route('/') async def test(request): param = request.args.get("param") with tracer.start_as_current_span("hello-world"): if param == "error": raise ValueError("forced server error") return json({'hello': param})
import demo_pb2 import demo_pb2_grpc from grpc_health.v1 import health_pb2 from grpc_health.v1 import health_pb2_grpc from logger import getJSONLogger logger = getJSONLogger('recommendationservice-server') zipkin_exporter = zipkin.ZipkinSpanExporter( service_name="recommendationservice", url=os.environ['SIGNALFX_ENDPOINT_URL'] ) span_processor = BatchExportSpanProcessor(zipkin_exporter) propagators.set_global_textmap(FixedB3Format()) trace.set_tracer_provider(TracerProvider()) trace.get_tracer_provider().add_span_processor(span_processor) tracer = trace.get_tracer(__name__) instrumentor = GrpcInstrumentorClient() instrumentor.instrument() grpc_server_instrumentor = GrpcInstrumentorServer() grpc_server_instrumentor.instrument() class RecommendationService(demo_pb2_grpc.RecommendationServiceServicer): def ListRecommendations(self, request, context): max_responses = 5 # fetch list of products from product catalog stub cat_response = product_catalog_stub.ListProducts(demo_pb2.Empty())