131868bdca
Major security, observability, and configuration improvements:
## Security Hardening
- Implemented configurable CORS (no more wildcards)
- Added comprehensive auth middleware for admin endpoints
- Enhanced webhook HMAC validation
- Added input validation and rate limiting
- Security headers and CSP policies
## Configuration Management
- Made N8N webhook URL configurable (WHOOSH_N8N_BASE_URL)
- Replaced all hardcoded endpoints with environment variables
- Added feature flags for LLM vs heuristic composition
- Gitea fetch hardening with EAGER_FILTER and FULL_RESCAN options
## API Completeness
- Implemented GetCouncilComposition function
- Added GET /api/v1/councils/{id} endpoint
- Council artifacts API (POST/GET /api/v1/councils/{id}/artifacts)
- /admin/health/details endpoint with component status
- Database lookup for repository URLs (no hardcoded fallbacks)
## Observability & Performance
- Added OpenTelemetry distributed tracing with goal/pulse correlation
- Performance optimization database indexes
- Comprehensive health monitoring
- Enhanced logging and error handling
## Infrastructure
- Production-ready P2P discovery (replaces mock implementation)
- Removed unused Redis configuration
- Enhanced Docker Swarm integration
- Added migration files for performance indexes
## Code Quality
- Comprehensive input validation
- Graceful error handling and failsafe fallbacks
- Backwards compatibility maintained
- Following security best practices
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
207 lines
6.6 KiB
Go
207 lines
6.6 KiB
Go
// Copyright The OpenTelemetry Authors
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package resource // import "go.opentelemetry.io/otel/sdk/resource"
|
|
|
|
import (
|
|
"context"
|
|
|
|
"go.opentelemetry.io/otel/attribute"
|
|
)
|
|
|
|
// config contains configuration for Resource creation.
|
|
type config struct {
|
|
// detectors that will be evaluated.
|
|
detectors []Detector
|
|
// SchemaURL to associate with the Resource.
|
|
schemaURL string
|
|
}
|
|
|
|
// Option is the interface that applies a configuration option.
|
|
type Option interface {
|
|
// apply sets the Option value of a config.
|
|
apply(config) config
|
|
}
|
|
|
|
// WithAttributes adds attributes to the configured Resource.
|
|
func WithAttributes(attributes ...attribute.KeyValue) Option {
|
|
return WithDetectors(detectAttributes{attributes})
|
|
}
|
|
|
|
type detectAttributes struct {
|
|
attributes []attribute.KeyValue
|
|
}
|
|
|
|
func (d detectAttributes) Detect(context.Context) (*Resource, error) {
|
|
return NewSchemaless(d.attributes...), nil
|
|
}
|
|
|
|
// WithDetectors adds detectors to be evaluated for the configured resource.
|
|
func WithDetectors(detectors ...Detector) Option {
|
|
return detectorsOption{detectors: detectors}
|
|
}
|
|
|
|
type detectorsOption struct {
|
|
detectors []Detector
|
|
}
|
|
|
|
func (o detectorsOption) apply(cfg config) config {
|
|
cfg.detectors = append(cfg.detectors, o.detectors...)
|
|
return cfg
|
|
}
|
|
|
|
// WithFromEnv adds attributes from environment variables to the configured resource.
|
|
func WithFromEnv() Option {
|
|
return WithDetectors(fromEnv{})
|
|
}
|
|
|
|
// WithHost adds attributes from the host to the configured resource.
|
|
func WithHost() Option {
|
|
return WithDetectors(host{})
|
|
}
|
|
|
|
// WithHostID adds host ID information to the configured resource.
|
|
func WithHostID() Option {
|
|
return WithDetectors(hostIDDetector{})
|
|
}
|
|
|
|
// WithTelemetrySDK adds TelemetrySDK version info to the configured resource.
|
|
func WithTelemetrySDK() Option {
|
|
return WithDetectors(telemetrySDK{})
|
|
}
|
|
|
|
// WithSchemaURL sets the schema URL for the configured resource.
|
|
func WithSchemaURL(schemaURL string) Option {
|
|
return schemaURLOption(schemaURL)
|
|
}
|
|
|
|
type schemaURLOption string
|
|
|
|
func (o schemaURLOption) apply(cfg config) config {
|
|
cfg.schemaURL = string(o)
|
|
return cfg
|
|
}
|
|
|
|
// WithOS adds all the OS attributes to the configured Resource.
|
|
// See individual WithOS* functions to configure specific attributes.
|
|
func WithOS() Option {
|
|
return WithDetectors(
|
|
osTypeDetector{},
|
|
osDescriptionDetector{},
|
|
)
|
|
}
|
|
|
|
// WithOSType adds an attribute with the operating system type to the configured Resource.
|
|
func WithOSType() Option {
|
|
return WithDetectors(osTypeDetector{})
|
|
}
|
|
|
|
// WithOSDescription adds an attribute with the operating system description to the
|
|
// configured Resource. The formatted string is equivalent to the output of the
|
|
// `uname -snrvm` command.
|
|
func WithOSDescription() Option {
|
|
return WithDetectors(osDescriptionDetector{})
|
|
}
|
|
|
|
// WithProcess adds all the Process attributes to the configured Resource.
|
|
//
|
|
// Warning! This option will include process command line arguments. If these
|
|
// contain sensitive information it will be included in the exported resource.
|
|
//
|
|
// This option is equivalent to calling WithProcessPID,
|
|
// WithProcessExecutableName, WithProcessExecutablePath,
|
|
// WithProcessCommandArgs, WithProcessOwner, WithProcessRuntimeName,
|
|
// WithProcessRuntimeVersion, and WithProcessRuntimeDescription. See each
|
|
// option function for information about what resource attributes each
|
|
// includes.
|
|
func WithProcess() Option {
|
|
return WithDetectors(
|
|
processPIDDetector{},
|
|
processExecutableNameDetector{},
|
|
processExecutablePathDetector{},
|
|
processCommandArgsDetector{},
|
|
processOwnerDetector{},
|
|
processRuntimeNameDetector{},
|
|
processRuntimeVersionDetector{},
|
|
processRuntimeDescriptionDetector{},
|
|
)
|
|
}
|
|
|
|
// WithProcessPID adds an attribute with the process identifier (PID) to the
|
|
// configured Resource.
|
|
func WithProcessPID() Option {
|
|
return WithDetectors(processPIDDetector{})
|
|
}
|
|
|
|
// WithProcessExecutableName adds an attribute with the name of the process
|
|
// executable to the configured Resource.
|
|
func WithProcessExecutableName() Option {
|
|
return WithDetectors(processExecutableNameDetector{})
|
|
}
|
|
|
|
// WithProcessExecutablePath adds an attribute with the full path to the process
|
|
// executable to the configured Resource.
|
|
func WithProcessExecutablePath() Option {
|
|
return WithDetectors(processExecutablePathDetector{})
|
|
}
|
|
|
|
// WithProcessCommandArgs adds an attribute with all the command arguments (including
|
|
// the command/executable itself) as received by the process to the configured
|
|
// Resource.
|
|
//
|
|
// Warning! This option will include process command line arguments. If these
|
|
// contain sensitive information it will be included in the exported resource.
|
|
func WithProcessCommandArgs() Option {
|
|
return WithDetectors(processCommandArgsDetector{})
|
|
}
|
|
|
|
// WithProcessOwner adds an attribute with the username of the user that owns the process
|
|
// to the configured Resource.
|
|
func WithProcessOwner() Option {
|
|
return WithDetectors(processOwnerDetector{})
|
|
}
|
|
|
|
// WithProcessRuntimeName adds an attribute with the name of the runtime of this
|
|
// process to the configured Resource.
|
|
func WithProcessRuntimeName() Option {
|
|
return WithDetectors(processRuntimeNameDetector{})
|
|
}
|
|
|
|
// WithProcessRuntimeVersion adds an attribute with the version of the runtime of
|
|
// this process to the configured Resource.
|
|
func WithProcessRuntimeVersion() Option {
|
|
return WithDetectors(processRuntimeVersionDetector{})
|
|
}
|
|
|
|
// WithProcessRuntimeDescription adds an attribute with an additional description
|
|
// about the runtime of the process to the configured Resource.
|
|
func WithProcessRuntimeDescription() Option {
|
|
return WithDetectors(processRuntimeDescriptionDetector{})
|
|
}
|
|
|
|
// WithContainer adds all the Container attributes to the configured Resource.
|
|
// See individual WithContainer* functions to configure specific attributes.
|
|
func WithContainer() Option {
|
|
return WithDetectors(
|
|
cgroupContainerIDDetector{},
|
|
)
|
|
}
|
|
|
|
// WithContainerID adds an attribute with the id of the container to the configured Resource.
|
|
// Note: WithContainerID will not extract the correct container ID in an ECS environment.
|
|
// Please use the ECS resource detector instead (https://pkg.go.dev/go.opentelemetry.io/contrib/detectors/aws/ecs).
|
|
func WithContainerID() Option {
|
|
return WithDetectors(cgroupContainerIDDetector{})
|
|
}
|