open-telemetry
/
semantic-conventions
mirror of https://github.com/open-telemetry/semantic-conventions.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[chore] Move end user attributes to the registry (#844)

This commit is contained in:
Joao Grassi 2024-03-27 17:48:13 +01:00 committed by GitHub
parent 6bbc74de66
commit 3adaac281c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 52 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/ISSUE_TEMPLATE/bug_report.yaml vendored
View File

@ -31,6 +31,7 @@ body:
- area:device - area:device
- area:disk - area:disk
- area:dns - area:dns
- area:enduser
- area:error - area:error
- area:exception - area:exception
- area:faas - area:faas

1
.github/ISSUE_TEMPLATE/change_proposal.yaml vendored
View File

@ -24,6 +24,7 @@ body:
- area:device - area:device
- area:disk - area:disk
- area:dns - area:dns
- area:enduser
- area:error - area:error
- area:exception - area:exception
- area:faas - area:faas

1
.github/ISSUE_TEMPLATE/new-conventions.yaml vendored
View File

@ -33,6 +33,7 @@ body:
- area:device - area:device
- area:disk - area:disk
- area:dns - area:dns
- area:enduser
- area:error - area:error
- area:exception - area:exception
- area:faas - area:faas

1
docs/attributes-registry/README.md
View File

@ -38,6 +38,7 @@ Currently, the following namespaces exist:
* [Destination](destination.md) * [Destination](destination.md)
* [Device](device.md) * [Device](device.md)
* [Disk](disk.md) * [Disk](disk.md)
* [End user](enduser.md)
* [Error](error.md) * [Error](error.md)
* [Exception](exception.md) * [Exception](exception.md)
* [FaaS](faas.md) * [FaaS](faas.md)

10
docs/attributes-registry/enduser.md Normal file
View File

@ -0,0 +1,10 @@
# End User
## End User Attributes
<!-- semconv registry.enduser(omit_requirement_level) -->
| Attribute | Type | Description | Examples |
|---|---|---|---|
| `enduser.id` | string | Username or client_id extracted from the access token or [Authorization](https://tools.ietf.org/html/rfc7235#section-4.2) header in the inbound request from outside the system. | `username` |
| `enduser.role` | string | Actual/assumed role the client is making the request under extracted from token or application security context. | `admin` |
| `enduser.scope` | string | Scopes or granted authorities the client currently possesses extracted from token or application security context. The value would come from the scope associated with an [OAuth 2.0 Access Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute value in a [SAML 2.0 Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html). | `read:message, write:files` |
<!-- endsemconv -->

6
docs/general/attributes.md
View File

@ -311,9 +311,9 @@ These attributes may be used for any operation with an authenticated and/or auth
<!-- semconv identity --> <!-- semconv identity -->
| Attribute | Type | Description | Examples | Requirement Level | | Attribute | Type | Description | Examples | Requirement Level |
|---|---|---|---|---| |---|---|---|---|---|
| `enduser.id` | string | Username or client_id extracted from the access token or [Authorization](https://tools.ietf.org/html/rfc7235#section-4.2) header in the inbound request from outside the system. | `username` | Recommended | | [`enduser.id`](../attributes-registry/enduser.md) | string | Username or client_id extracted from the access token or [Authorization](https://tools.ietf.org/html/rfc7235#section-4.2) header in the inbound request from outside the system. | `username` | Recommended |
| `enduser.role` | string | Actual/assumed role the client is making the request under extracted from token or application security context. | `admin` | Recommended | | [`enduser.role`](../attributes-registry/enduser.md) | string | Actual/assumed role the client is making the request under extracted from token or application security context. | `admin` | Recommended |
| `enduser.scope` | string | Scopes or granted authorities the client currently possesses extracted from token or application security context. The value would come from the scope associated with an [OAuth 2.0 Access Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute value in a [SAML 2.0 Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html). | `read:message, write:files` | Recommended | | [`enduser.scope`](../attributes-registry/enduser.md) | string | Scopes or granted authorities the client currently possesses extracted from token or application security context. The value would come from the scope associated with an [OAuth 2.0 Access Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute value in a [SAML 2.0 Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html). | `read:message, write:files` | Recommended |
<!-- endsemconv --> <!-- endsemconv -->
These attributes describe the authenticated user driving the user agent making requests to the instrumented These attributes describe the authenticated user driving the user agent making requests to the instrumented

29
model/general.yaml
View File

@ -41,33 +41,16 @@ groups:
resource attribute of the remote service if any. resource attribute of the remote service if any.
examples: "AuthTokenCache" examples: "AuthTokenCache"
- id: identity - id: identity
prefix: enduser
type: span type: span
brief: > brief: >
These attributes may be used for any operation with an authenticated and/or authorized enduser. These attributes may be used for any operation with an authenticated and/or authorized enduser.
attributes: attributes:
- id: id - ref: enduser.id
type: string requirement_level: recommended
stability: experimental - ref: enduser.role
brief: > requirement_level: recommended
Username or client_id extracted from the access token or - ref: enduser.scope
[Authorization](https://tools.ietf.org/html/rfc7235#section-4.2) requirement_level: recommended
header in the inbound request from outside the system.
examples: 'username'
- id: role
type: string
stability: experimental
brief: 'Actual/assumed role the client is making the request under extracted from token or application security context.'
examples: 'admin'
- id: scope
type: string
stability: experimental
brief: >
Scopes or granted authorities the client currently possesses extracted from token
or application security context. The value would come from the scope associated
with an [OAuth 2.0 Access Token](https://tools.ietf.org/html/rfc6749#section-3.3)
or an attribute value in a [SAML 2.0 Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).
examples: 'read:message, write:files'
- id: thread - id: thread
type: span type: span
brief: > brief: >

29
model/registry/enduser.yaml Normal file
View File

@ -0,0 +1,29 @@
groups:
- id: registry.enduser
prefix: enduser
type: attribute_group
brief: >
This document defines attributes for operations with an authenticated and/or authorized enduser.
attributes:
- id: id
type: string
stability: experimental
brief: >
Username or client_id extracted from the access token or
[Authorization](https://tools.ietf.org/html/rfc7235#section-4.2)
header in the inbound request from outside the system.
examples: 'username'
- id: role
type: string
stability: experimental
brief: 'Actual/assumed role the client is making the request under extracted from token or application security context.'
examples: 'admin'
- id: scope
type: string
stability: experimental
brief: >
Scopes or granted authorities the client currently possesses extracted from token
or application security context. The value would come from the scope associated
with an [OAuth 2.0 Access Token](https://tools.ietf.org/html/rfc6749#section-3.3)
or an attribute value in a [SAML 2.0 Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).
examples: 'read:message, write:files'