-
Notifications
You must be signed in to change notification settings - Fork 822
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat: Migrate EC2 Plugin Resource Detector from IMDSv1 to IMDSv2 #1408
Conversation
Codecov Report
@@ Coverage Diff @@
## master #1408 +/- ##
==========================================
+ Coverage 94.11% 94.24% +0.13%
==========================================
Files 142 144 +2
Lines 4280 4346 +66
Branches 873 879 +6
==========================================
+ Hits 4028 4096 +68
+ Misses 252 250 -2
|
return new Resource({ | ||
[CLOUD_RESOURCE.PROVIDER]: 'aws', | ||
[CLOUD_RESOURCE.ACCOUNT_ID]: accountId, | ||
[CLOUD_RESOURCE.REGION]: region, | ||
[CLOUD_RESOURCE.ZONE]: availabilityZone, | ||
[HOST_RESOURCE.ID]: instanceId, | ||
[HOST_RESOURCE.TYPE]: instanceType, | ||
[HOST_RESOURCE.NAME]: hostname, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Name and hostname are the same?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, at least in Java implementation they take Name and hostname as the same: https://github.com/open-telemetry/opentelemetry-java/blob/master/sdk_extensions/aws_v1_support/src/main/java/io/opentelemetry/sdk/extensions/trace/aws/resource/Ec2Resource.java#L192
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The main reason for this is not knowing how to populate this :) I filed an issue to ask about why there are two similar fields
* If the application is running on an EC2 instance, we should be able | ||
* to get back a valid JSON document. Parses that document and stores | ||
* the identity properties in a local map. | ||
*/ | ||
private async _awsMetadataAccessor<T>(): Promise<T> { | ||
private async _fetchString(options: Record<string, any>): Promise<string> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a more descriptive type we can use than Record<string, any>
? Looks like HttpRequestOptions
might be a good fit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds great! Let me do it!
readonly AWS_INSTANCE_IDENTITY_DOCUMENT_URI = | ||
'http://169.254.169.254/latest/dynamic/instance-identity/document'; | ||
readonly AWS_INSTANCE_TOKEN_DOCUMENT_URI = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like unused.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, will delete this part, thank you for pointing out!
readonly AWS_INSTANCE_IDENTITY_DOCUMENT_URI = | ||
'http://169.254.169.254/latest/dynamic/instance-identity/document'; | ||
readonly AWS_INSTANCE_TOKEN_DOCUMENT_URI = | ||
'http://169.254.169.254/latest/api/token'; | ||
readonly AWS_INSTANCE_HOST_DOCUMENT_URI = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
@@ -30,8 +30,18 @@ class AwsEc2Detector implements Detector { | |||
* See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html | |||
* for documentation about the AWS instance identity document endpoint. | |||
*/ | |||
readonly HTTP_HEADER = 'http://'; | |||
readonly AWS_IDMS_ENDPOINT = '169.254.169.254'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe AWS_IDMS_HOST_ADDRESS
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice suggestion!
But because we have another path called HOST_DOCUMENT. To avoid confusion, I suppose this kind of naming is also acceptable
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's IMDS (Instance Metadata Service) ;)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for pointing out! Will modify this
const options = { | ||
host: this.AWS_IDMS_ENDPOINT, | ||
path: this.AWS_INSTANCE_TOKEN_DOCUMENT_PATH, | ||
method: 'PUT', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this PUT
instead of GET
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is part of AWS IDMSv2 standard, we need to do PUT
first to obtain TOKEN
. You can refer to https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
packages/opentelemetry-resources/src/platform/node/detectors/AwsEc2Detector.ts
Outdated
Show resolved
Hide resolved
packages/opentelemetry-resources/src/platform/node/detectors/AwsEc2Detector.ts
Outdated
Show resolved
Hide resolved
packages/opentelemetry-resources/src/platform/node/detectors/AwsEc2Detector.ts
Outdated
Show resolved
Hide resolved
packages/opentelemetry-resources/test/detectors/AwsEc2Detector.test.ts
Outdated
Show resolved
Hide resolved
packages/opentelemetry-resources/test/detectors/AwsEc2Detector.test.ts
Outdated
Show resolved
Hide resolved
packages/opentelemetry-resources/test/detectors/AwsEc2Detector.test.ts
Outdated
Show resolved
Hide resolved
packages/opentelemetry-resources/test/detectors/AwsEc2Detector.test.ts
Outdated
Show resolved
Hide resolved
packages/opentelemetry-resources/test/detectors/AwsEc2Detector.test.ts
Outdated
Show resolved
Hide resolved
*/ | ||
readonly AWS_INSTANCE_IDENTITY_DOCUMENT_URI = | ||
'http://169.254.169.254/latest/dynamic/instance-identity/document'; | ||
readonly HTTP_HEADER = 'http://'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is probably not a great name since HTTP Header already has its own meaning. It looks like you're looking for the URL Scheme.
It looks like this is also only used in tests, so why is it defined here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh here is a historical problem. Initially we use Url in order to connect with AWS identity document. And current version we use host and path separately.
I will move this constant to test code, thank you for pointing out!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, I hope you can address just last Nit comment prior to merging.
Which problem is this PR solving?
Since currently, the most updated version of Instance Metadata Service is already v2 and the previous implementation follows the IMDSv1 standard. We migrate it to follow IMDSv2 standard in this PR.
For more details, refer to AWS EC2 Instance Metadata Service
Short description of the changes
If you would like to review @dyladan @anuraaga
Really appreciate it!
Additional Question:
When implementing this part, I notice that detect-resources take use of all the detectors components, should I also add Beanstalk and ECS detector to this part of code and make new PR?