Capture account and user name on traces

cmd/tea.go

@@ -57,7 +57,7 @@ type FinalReportingModel interface {
 func CmdWrapper(action string, requiredScopes []string, commandModel func(args []string, parent *cmdModel, width int) tea.Model) func(cmd *cobra.Command, args []string) {
 	return func(cmd *cobra.Command, args []string) {
 		// set up a context for the command
-		ctx, cancel := context.WithCancel(context.Background())
+		ctx, cancel := context.WithCancel(cmd.Context())
 		defer cancel()
 
 		cmdName := fmt.Sprintf("CLI %v", cmd.CommandPath())
@@ -92,8 +92,6 @@ func CmdWrapper(action string, requiredScopes []string, commandModel func(args [
 
 		// wrap the rest of the function in a closure to allow for cleaner error handling and deferring.
 		err := func() error {
-			ctx := cmd.Context()
-
 			timeout, err := time.ParseDuration(viper.GetString("timeout"))
 			if err != nil {
 				return flagError{usage: fmt.Sprintf("invalid --timeout value '%v'\n\n%v", viper.GetString("timeout"), cmd.UsageString())}

cmd/tea_ensuretoken.go

@@ -13,6 +13,8 @@ import (
 
 	"connectrpc.com/connect"
 	tea "github.com/charmbracelet/bubbletea"
+	"github.com/go-jose/go-jose/v4"
+	josejwt "github.com/go-jose/go-jose/v4/jwt"
 	"github.com/overmindtech/sdp-go"
 	"github.com/pkg/browser"
 	log "github.com/sirupsen/logrus"
@@ -340,9 +342,6 @@ func (m ensureTokenModel) awaitTokenCmd() tea.Msg {
 		}
 	}
 
-	span := trace.SpanFromContext(m.ctx)
-	span.SetAttributes(attribute.Bool("ovm.cli.authenticated", true))
-
 	// Save the token locally
 	home, err := os.UserHomeDir()
 	if err != nil {
@@ -470,8 +469,25 @@ func getOauthToken(ctx context.Context, oi OvermindInstance, requiredScopes []st
 		os.Exit(1)
 	}
 
+	tok, err := josejwt.ParseSigned(m.token.AccessToken, []jose.SignatureAlgorithm{jose.RS256})
+	if err != nil {
+		fmt.Println("Error running program: received invalid token:", err)
+		os.Exit(1)
+	}
+	out := josejwt.Claims{}
+	customClaims := sdp.CustomClaims{}
+	err = tok.UnsafeClaimsWithoutVerification(&out, &customClaims)
+	if err != nil {
+		fmt.Println("Error running program: received unparsable token:", err)
+		os.Exit(1)
+	}
+
 	span := trace.SpanFromContext(ctx)
-	span.SetAttributes(attribute.Bool("ovm.cli.authenticated", true))
+	span.SetAttributes(
+		attribute.Bool("ovm.cli.authenticated", true),
+		attribute.String("ovm.cli.accountName", customClaims.AccountName),
+		attribute.String("ovm.cli.userId", out.Subject),
+	)
 
 	// Save the token locally
 	if home, err := os.UserHomeDir(); err == nil {

cmd/tea_terraform.go

@@ -10,6 +10,8 @@ import (
 
 	tea "github.com/charmbracelet/bubbletea"
 	"github.com/getsentry/sentry-go"
+	"github.com/go-jose/go-jose/v4"
+	josejwt "github.com/go-jose/go-jose/v4/jwt"
 	"github.com/overmindtech/sdp-go"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/viper"
@@ -211,6 +213,24 @@ func (m *cmdModel) tokenChecks(token *oauth2.Token) tea.Cmd {
 	// some of the models require access to viper (for GetConfig/SetConfig) or
 	// contortions to store that data somewhere else.
 	return func() tea.Msg {
+		tok, err := josejwt.ParseSigned(token.AccessToken, []jose.SignatureAlgorithm{jose.RS256})
+		if err != nil {
+			return fatalError{err: fmt.Errorf("received invalid token: %w", err)}
+		}
+		out := josejwt.Claims{}
+		customClaims := sdp.CustomClaims{}
+		err = tok.UnsafeClaimsWithoutVerification(&out, &customClaims)
+		if err != nil {
+			return fatalError{err: fmt.Errorf("received unparsable token: %w", err)}
+		}
+
+		span := trace.SpanFromContext(m.ctx)
+		span.SetAttributes(
+			attribute.Bool("ovm.cli.authenticated", true),
+			attribute.String("ovm.cli.accountName", customClaims.AccountName),
+			attribute.String("ovm.cli.userId", out.Subject),
+		)
+
 		return loadSourcesConfigMsg{
 			ctx:    m.ctx,
 			oi:     m.oi,