rename attribute key, update sqs url parser, modify cross account impl logic

Author: blairhyy-amazon

awsagentprovider/src/main/java/software/amazon/opentelemetry/javaagent/providers/AwsAttributeKeys.java

@@ -22,6 +22,11 @@ final class AwsAttributeKeys {
 
   private AwsAttributeKeys() {}
 
+  static final AttributeKey<String> AWS_AUTH_ACCESS_KEY =
+      AttributeKey.stringKey("aws.auth.account.access_key");
+
+  static final AttributeKey<String> AWS_AUTH_REGION = AttributeKey.stringKey("aws.auth.region");
+
   static final AttributeKey<String> AWS_SPAN_KIND = AttributeKey.stringKey("aws.span.kind");
 
   static final AttributeKey<String> AWS_LOCAL_SERVICE = AttributeKey.stringKey("aws.local.service");
@@ -35,6 +40,15 @@ private AwsAttributeKeys() {}
   static final AttributeKey<String> AWS_REMOTE_OPERATION =
       AttributeKey.stringKey("aws.remote.operation");
 
+  static final AttributeKey<String> AWS_REMOTE_RESOURCE_ACCESS_KEY =
+      AttributeKey.stringKey("aws.remote.resource.account.access_key");
+
+  static final AttributeKey<String> AWS_REMOTE_RESOURCE_ACCOUNT_ID =
+      AttributeKey.stringKey("aws.remote.resource.account.id");
+
+  static final AttributeKey<String> AWS_REMOTE_RESOURCE_REGION =
+      AttributeKey.stringKey("aws.remote.resource.region");
+
   static final AttributeKey<String> AWS_REMOTE_RESOURCE_IDENTIFIER =
       AttributeKey.stringKey("aws.remote.resource.identifier");
 
@@ -44,15 +58,6 @@ private AwsAttributeKeys() {}
   static final AttributeKey<String> AWS_REMOTE_RESOURCE_TYPE =
       AttributeKey.stringKey("aws.remote.resource.type");
 
-  static final AttributeKey<String> AWS_REMOTE_RESOURCE_ACCOUNT_ID =
-      AttributeKey.stringKey("aws.remote.resource.account.id");
-
-  static final AttributeKey<String> AWS_REMOTE_RESOURCE_ACCESS_KEY =
-      AttributeKey.stringKey("aws.remote.resource.account.access_key");
-
-  static final AttributeKey<String> AWS_REMOTE_RESOURCE_REGION =
-      AttributeKey.stringKey("aws.remote.resource.region");
-
   static final AttributeKey<String> AWS_REMOTE_DB_USER =
       AttributeKey.stringKey("aws.remote.db.user");
 
@@ -73,7 +78,7 @@ private AwsAttributeKeys() {}
   static final AttributeKey<String> AWS_SECRET_ARN =
       AttributeKey.stringKey("aws.secretsmanager.secret.arn");
 
-  static final AttributeKey<String> AWS_LAMBDA_ARN =
+  static final AttributeKey<String> AWS_LAMBDA_FUNCTION_ARN =
       AttributeKey.stringKey("aws.lambda.function.arn");
 
   static final AttributeKey<String> AWS_LAMBDA_RESOURCE_ID =

awsagentprovider/src/main/java/software/amazon/opentelemetry/javaagent/providers/AwsMetricAttributeGenerator.java

@@ -46,13 +46,15 @@
 import static io.opentelemetry.semconv.SemanticAttributes.SERVER_SOCKET_PORT;
 import static io.opentelemetry.semconv.SemanticAttributes.URL_FULL;
 import static software.amazon.opentelemetry.javaagent.providers.AwsAttributeKeys.AWS_AGENT_ID;
+import static software.amazon.opentelemetry.javaagent.providers.AwsAttributeKeys.AWS_AUTH_ACCESS_KEY;
+import static software.amazon.opentelemetry.javaagent.providers.AwsAttributeKeys.AWS_AUTH_REGION;
 import static software.amazon.opentelemetry.javaagent.providers.AwsAttributeKeys.AWS_BUCKET_NAME;
 import static software.amazon.opentelemetry.javaagent.providers.AwsAttributeKeys.AWS_CLOUDFORMATION_PRIMARY_IDENTIFIER;
 import static software.amazon.opentelemetry.javaagent.providers.AwsAttributeKeys.AWS_DATA_SOURCE_ID;
 import static software.amazon.opentelemetry.javaagent.providers.AwsAttributeKeys.AWS_GUARDRAIL_ARN;
 import static software.amazon.opentelemetry.javaagent.providers.AwsAttributeKeys.AWS_GUARDRAIL_ID;
 import static software.amazon.opentelemetry.javaagent.providers.AwsAttributeKeys.AWS_KNOWLEDGE_BASE_ID;
-import static software.amazon.opentelemetry.javaagent.providers.AwsAttributeKeys.AWS_LAMBDA_ARN;
+import static software.amazon.opentelemetry.javaagent.providers.AwsAttributeKeys.AWS_LAMBDA_FUNCTION_ARN;
 import static software.amazon.opentelemetry.javaagent.providers.AwsAttributeKeys.AWS_LAMBDA_RESOURCE_ID;
 import static software.amazon.opentelemetry.javaagent.providers.AwsAttributeKeys.AWS_LOCAL_OPERATION;
 import static software.amazon.opentelemetry.javaagent.providers.AwsAttributeKeys.AWS_LOCAL_SERVICE;
@@ -79,9 +81,7 @@
 import static software.amazon.opentelemetry.javaagent.providers.AwsSpanProcessingUtil.MAX_KEYWORD_LENGTH;
 import static software.amazon.opentelemetry.javaagent.providers.AwsSpanProcessingUtil.SQL_DIALECT_PATTERN;
 import static software.amazon.opentelemetry.javaagent.providers.AwsSpanProcessingUtil.UNKNOWN_OPERATION;
-import static software.amazon.opentelemetry.javaagent.providers.AwsSpanProcessingUtil.UNKNOWN_REMOTE_ACCOUNT_ID;
 import static software.amazon.opentelemetry.javaagent.providers.AwsSpanProcessingUtil.UNKNOWN_REMOTE_OPERATION;
-import static software.amazon.opentelemetry.javaagent.providers.AwsSpanProcessingUtil.UNKNOWN_REMOTE_REGION;
 import static software.amazon.opentelemetry.javaagent.providers.AwsSpanProcessingUtil.UNKNOWN_REMOTE_SERVICE;
 import static software.amazon.opentelemetry.javaagent.providers.AwsSpanProcessingUtil.isAwsSDKSpan;
 import static software.amazon.opentelemetry.javaagent.providers.AwsSpanProcessingUtil.isDBSpan;
@@ -137,6 +137,8 @@ final class AwsMetricAttributeGenerator implements MetricAttributeGenerator {
   private static final String NORMALIZED_SNS_SERVICE_NAME = "AWS::SNS";
   private static final String NORMALIZED_SECRETSMANAGER_SERVICE_NAME = "AWS::SecretsManager";
   private static final String NORMALIZED_LAMBDA_SERVICE_NAME = "AWS::Lambda";
+
+  // List of resource arns to extract cross-account information
   private static final List<AttributeKey<String>> ARN_ATTRIBUTES =
       List.of(
           AWS_TABLE_ARN,
@@ -146,7 +148,7 @@ final class AwsMetricAttributeGenerator implements MetricAttributeGenerator {
           AWS_STEP_FUNCTIONS_ACTIVITY_ARN,
           AWS_STATE_MACHINE_ARN,
           AWS_GUARDRAIL_ARN,
-          AWS_LAMBDA_ARN);
+          AWS_LAMBDA_FUNCTION_ARN);
 
   // Special DEPENDENCY attribute value if GRAPHQL_OPERATION_TYPE attribute key is present.
   private static final String GRAPHQL = "graphql";
@@ -186,10 +188,13 @@ private Attributes generateDependencyMetricAttributes(SpanData span, Resource re
     setService(resource, span, builder);
     setEgressOperation(span, builder);
     setRemoteServiceAndOperation(span, builder);
-    setRemoteResourceTypeAndIdentifier(span, builder);
-    setRemoteResourceAccessKeyAndRegion(span, builder);
-    setRemoteResourceAccountIdAndRegion(
-        span, builder); // Overwrite remote region from STS with one from resource ARN
+    boolean isRemoteResourceIdentifierPresent = setRemoteResourceTypeAndIdentifier(span, builder);
+    if (isRemoteResourceIdentifierPresent) {
+      boolean isAccountIdAndRegionPresent = setRemoteResourceAccountIdAndRegion(span, builder);
+      if (!isAccountIdAndRegionPresent) {
+        setRemoteResourceAccessKeyAndRegion(span, builder);
+      }
+    }
     setSpanKindForDependency(span, builder);
     setHttpStatus(span, builder);
     setRemoteDbUser(span, builder);
@@ -461,7 +466,8 @@ private static String normalizeRemoteServiceName(SpanData span, String serviceNa
    * href="https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/supported-resources.html">AWS
    * Cloud Control resource format</a>.
    */
-  private static void setRemoteResourceTypeAndIdentifier(SpanData span, AttributesBuilder builder) {
+  private static boolean setRemoteResourceTypeAndIdentifier(
+      SpanData span, AttributesBuilder builder) {
     Optional<String> remoteResourceType = Optional.empty();
     Optional<String> remoteResourceIdentifier = Optional.empty();
     Optional<String> cloudformationPrimaryIdentifier = Optional.empty();
@@ -471,10 +477,20 @@ private static void setRemoteResourceTypeAndIdentifier(SpanData span, Attributes
         remoteResourceType = Optional.of(NORMALIZED_DYNAMO_DB_SERVICE_NAME + "::Table");
         remoteResourceIdentifier =
             Optional.ofNullable(escapeDelimiters(span.getAttributes().get(AWS_TABLE_NAME)));
+      } else if (isKeyPresent(span, AWS_TABLE_ARN)) {
+        remoteResourceType = Optional.of(NORMALIZED_DYNAMO_DB_SERVICE_NAME + "::Table");
+        remoteResourceIdentifier =
+            getDynamodbTableNameFromArn(
+                Optional.ofNullable(escapeDelimiters(span.getAttributes().get(AWS_TABLE_ARN))));
       } else if (isKeyPresent(span, AWS_STREAM_NAME)) {
         remoteResourceType = Optional.of(NORMALIZED_KINESIS_SERVICE_NAME + "::Stream");
         remoteResourceIdentifier =
             Optional.ofNullable(escapeDelimiters(span.getAttributes().get(AWS_STREAM_NAME)));
+      } else if (isKeyPresent(span, AWS_STREAM_ARN)) {
+        remoteResourceType = Optional.of(NORMALIZED_KINESIS_SERVICE_NAME + "::Stream");
+        remoteResourceIdentifier =
+            getKinesisStreamNameFromArn(
+                Optional.ofNullable(escapeDelimiters(span.getAttributes().get(AWS_STREAM_ARN))));
       } else if (isKeyPresent(span, AWS_BUCKET_NAME)) {
         remoteResourceType = Optional.of(NORMALIZED_S3_SERVICE_NAME + "::Bucket");
         remoteResourceIdentifier =
@@ -558,77 +574,113 @@ private static void setRemoteResourceTypeAndIdentifier(SpanData span, Attributes
       builder.put(AWS_REMOTE_RESOURCE_TYPE, remoteResourceType.get());
       builder.put(AWS_REMOTE_RESOURCE_IDENTIFIER, remoteResourceIdentifier.get());
       builder.put(AWS_CLOUDFORMATION_PRIMARY_IDENTIFIER, cloudformationPrimaryIdentifier.get());
+      return true;
     }
+    return false;
   }
 
   private static void setRemoteResourceAccessKeyAndRegion(
       SpanData span, AttributesBuilder builder) {
-    if (isKeyPresent(span, AWS_REMOTE_RESOURCE_ACCESS_KEY)) {
-      String remoteAccessKey = span.getAttributes().get(AWS_REMOTE_RESOURCE_ACCESS_KEY);
-      builder.put(AWS_REMOTE_RESOURCE_ACCESS_KEY, remoteAccessKey);
+    if (isKeyPresent(span, AWS_AUTH_ACCESS_KEY)) {
+      String remoteResourceAccessKey = span.getAttributes().get(AWS_AUTH_ACCESS_KEY);
+      builder.put(AWS_REMOTE_RESOURCE_ACCESS_KEY, remoteResourceAccessKey);
     }
 
-    if (isKeyPresent(span, AWS_REMOTE_RESOURCE_REGION)) {
-      String remoteRegion = span.getAttributes().get(AWS_REMOTE_RESOURCE_REGION);
-      builder.put(AWS_REMOTE_RESOURCE_REGION, remoteRegion);
+    if (isKeyPresent(span, AWS_AUTH_REGION)) {
+      String remoteResourceRegion = span.getAttributes().get(AWS_AUTH_REGION);
+      builder.put(AWS_REMOTE_RESOURCE_REGION, remoteResourceRegion);
     }
   }
 
-  private static void setRemoteResourceAccountIdAndRegion(
+  private static boolean setRemoteResourceAccountIdAndRegion(
       SpanData span, AttributesBuilder builder) {
-    String remoteAccountId = UNKNOWN_REMOTE_ACCOUNT_ID;
-    String remoteRegion = UNKNOWN_REMOTE_REGION;
+    Optional<String> remoteResourceAccountId = Optional.empty();
+    Optional<String> remoteResourceRegion = Optional.empty();
 
     if (isKeyPresent(span, AWS_QUEUE_URL)) {
-      try {
-        // queue url format: https://sqs.{region}.amazonaws.com/{account_id}/{queue_name}
-        String queueUrl = span.getAttributes().get(AWS_QUEUE_URL);
-        queueUrl = queueUrl.replace("https://", "");
-
-        String[] parts = queueUrl.split("/");
-        remoteAccountId = parts[1];
-
-        String domain = parts[0];
-        String[] domainParts = domain.split("\\.");
-        remoteRegion = domainParts[1];
-      } catch (Exception e) {
-        logger.log(
-            Level.WARNING,
-            "Remote resource account id and region cannot be populated due to invalid url",
-            e);
-      }
+      String url = escapeDelimiters(span.getAttributes().get(AWS_QUEUE_URL));
+      remoteResourceAccountId = SqsUrlParser.getAccountId(url);
+      remoteResourceRegion = SqsUrlParser.getRegion(url);
     } else {
       for (AttributeKey<String> attributeKey : ARN_ATTRIBUTES) {
         if (isKeyPresent(span, attributeKey)) {
-          String arn = span.getAttributes().get(attributeKey);
-          remoteAccountId = arn.split(":")[4];
-          remoteRegion = arn.split(":")[3];
-          break;
+          String stringArn = escapeDelimiters(span.getAttributes().get(attributeKey));
+          try {
+            Arn resourceArn = Arn.fromString(stringArn);
+            remoteResourceAccountId = Optional.of(resourceArn.getAccountId());
+            remoteResourceRegion = Optional.of(resourceArn.getRegion());
+          } catch (IllegalArgumentException e) {
+            logger.log(
+                Level.FINE,
+                String.format(
+                    "Could not parse ARN to extract cross-account information: %s", stringArn));
+          }
         }
       }
     }
 
-    if (!remoteAccountId.equals(UNKNOWN_REMOTE_ACCOUNT_ID)
-        && !remoteRegion.equals(UNKNOWN_REMOTE_REGION)) {
-      builder.put(AWS_REMOTE_RESOURCE_ACCOUNT_ID, remoteAccountId);
-      builder.put(AWS_REMOTE_RESOURCE_REGION, remoteRegion);
-      builder.remove(AWS_REMOTE_RESOURCE_ACCESS_KEY);
+    if (remoteResourceAccountId.isPresent() && remoteResourceRegion.isPresent()) {
+      builder.put(AWS_REMOTE_RESOURCE_ACCOUNT_ID, remoteResourceAccountId.get());
+      builder.put(AWS_REMOTE_RESOURCE_REGION, remoteResourceRegion.get());
+      return true;
+    }
+    return false;
+  }
+
+  private static Optional<String> getKinesisStreamNameFromArn(Optional<String> stringArn) {
+    try {
+      Arn resourceArn = Arn.fromString(stringArn.get());
+      return Optional.of(resourceArn.getResource().toString().split(":")[1]);
+    } catch (IllegalArgumentException e) {
+      logger.log(
+          Level.FINE, String.format("Could not parse Kinesis stream name from ARN: %s", stringArn));
+    }
+    return Optional.empty();
+  }
+
+  private static Optional<String> getDynamodbTableNameFromArn(Optional<String> stringArn) {
+    try {
+      Arn resourceArn = Arn.fromString(stringArn.get());
+      return Optional.of(resourceArn.getResource().toString().split(":")[1]);
+    } catch (IllegalArgumentException e) {
+      logger.log(
+          Level.FINE, String.format("Could not parse DynamoDB table name from ARN: %s", stringArn));
     }
+    return Optional.empty();
   }
 
   private static Optional<String> getSecretsManagerResourceNameFromArn(Optional<String> stringArn) {
-    Arn resourceArn = Arn.fromString(stringArn.get());
-    return Optional.of(resourceArn.getResource().toString().split(":")[1]);
+    try {
+      Arn resourceArn = Arn.fromString(stringArn.get());
+      return Optional.of(resourceArn.getResource().toString().split(":")[1]);
+    } catch (IllegalArgumentException e) {
+      logger.log(
+          Level.FINE,
+          String.format("Could not parse Secrets Manager resource name from ARN: %s", stringArn));
+    }
+    return Optional.empty();
   }
 
   private static Optional<String> getSfnResourceNameFromArn(Optional<String> stringArn) {
-    Arn resourceArn = Arn.fromString(stringArn.get());
-    return Optional.of(resourceArn.getResource().toString().split(":")[1]);
+    try {
+      Arn resourceArn = Arn.fromString(stringArn.get());
+      return Optional.of(resourceArn.getResource().toString().split(":")[1]);
+    } catch (IllegalArgumentException e) {
+      logger.log(
+          Level.FINE, String.format("Could not parse Sfn resource name from ARN: %s", stringArn));
+    }
+    return Optional.empty();
   }
 
   private static Optional<String> getSnsResourceNameFromArn(Optional<String> stringArn) {
-    Arn resourceArn = Arn.fromString(stringArn.get());
-    return Optional.of(resourceArn.getResource().toString());
+    try {
+      Arn resourceArn = Arn.fromString(stringArn.get());
+      return Optional.of(resourceArn.getResource().toString());
+    } catch (IllegalArgumentException e) {
+      logger.log(
+          Level.FINE, String.format("Could not parse Sfn resource name from ARN: %s", stringArn));
+    }
+    return Optional.empty();
   }
 
   /**

awsagentprovider/src/main/java/software/amazon/opentelemetry/javaagent/providers/AwsSpanProcessingUtil.java

@@ -52,8 +52,6 @@ final class AwsSpanProcessingUtil {
   static final String UNKNOWN_OPERATION = "UnknownOperation";
   static final String UNKNOWN_REMOTE_SERVICE = "UnknownRemoteService";
   static final String UNKNOWN_REMOTE_OPERATION = "UnknownRemoteOperation";
-  static final String UNKNOWN_REMOTE_ACCOUNT_ID = "UnknownRemoteAccountId";
-  static final String UNKNOWN_REMOTE_REGION = "UnknownRemoteRegion";
   static final String INTERNAL_OPERATION = "InternalOperation";
   static final String LOCAL_ROOT = "LOCAL_ROOT";
   static final String SQS_RECEIVE_MESSAGE_SPAN_NAME = "Sqs.ReceiveMessage";

awsagentprovider/src/main/java/software/amazon/opentelemetry/javaagent/providers/SqsUrlParser.java

@@ -40,6 +40,42 @@ public static Optional<String> getQueueName(String url) {
     return Optional.empty();
   }
 
+  public static Optional<String> getAccountId(String url) {
+    if (url == null) {
+      return Optional.empty();
+    }
+    url = url.replace(HTTP_SCHEMA, "").replace(HTTPS_SCHEMA, "");
+    if (isValidSqsUrl(url)) {
+      String[] splitUrl = url.split("/");
+      return Optional.of(splitUrl[1]);
+    }
+    return Optional.empty();
+  }
+
+  public static Optional<String> getRegion(String url) {
+    if (url == null) {
+      return Optional.empty();
+    }
+    url = url.replace(HTTP_SCHEMA, "").replace(HTTPS_SCHEMA, "");
+    if (isValidSqsUrl(url)) {
+      String[] splitUrl = url.split("/");
+      String domain = splitUrl[0];
+      String[] domainParts = domain.split("\\.");
+      if (domainParts.length == 4) {
+        return Optional.of(domainParts[1]);
+      }
+    }
+    return Optional.empty();
+  }
+
+  private static boolean isValidSqsUrl(String url) {
+    String[] splitUrl = url.split("/");
+    return splitUrl.length == 3
+        && splitUrl[0].startsWith("sqs")
+        && isAccountId(splitUrl[1])
+        && isValidQueueName(splitUrl[2]);
+  }
+
   private static boolean isAccountId(String input) {
     if (input == null || input.length() != 12) {
       return false;