Feat: Migrate EC2 Plugin Resource Detector from IMDSv1 to IMDSv2 #1408
Conversation
Codecov Report
@@ Coverage Diff @@
## master #1408 +/- ##
==========================================
+ Coverage 94.11% 94.24% +0.13%
==========================================
Files 142 144 +2
Lines 4280 4346 +66
Branches 873 879 +6
==========================================
+ Hits 4028 4096 +68
+ Misses 252 250 -2
|
EdZou
requested review from
dyladan,
legendecas,
markwolff,
mayurkale22,
mwear,
naseemkullah,
obecny,
OlivierAlbertini and
vmarchaud
as code owners
| return new Resource({ | ||
| [CLOUD_RESOURCE.PROVIDER]: 'aws', | ||
| [CLOUD_RESOURCE.ACCOUNT_ID]: accountId, | ||
| [CLOUD_RESOURCE.REGION]: region, | ||
| [CLOUD_RESOURCE.ZONE]: availabilityZone, | ||
| [HOST_RESOURCE.ID]: instanceId, | ||
| [HOST_RESOURCE.TYPE]: instanceType, | ||
| [HOST_RESOURCE.NAME]: hostname, |
There was a problem hiding this comment.
Name and hostname are the same?
There was a problem hiding this comment.
Yes, at least in Java implementation they take Name and hostname as the same: https://github.com/open-telemetry/opentelemetry-java/blob/master/sdk_extensions/aws_v1_support/src/main/java/io/opentelemetry/sdk/extensions/trace/aws/resource/Ec2Resource.java#L192
There was a problem hiding this comment.
The main reason for this is not knowing how to populate this :) I filed an issue to ask about why there are two similar fields
| * If the application is running on an EC2 instance, we should be able | ||
| * to get back a valid JSON document. Parses that document and stores | ||
| * the identity properties in a local map. | ||
| */ | ||
| private async _awsMetadataAccessor<T>(): Promise<T> { | ||
| private async _fetchString(options: Record<string, any>): Promise<string> { |
There was a problem hiding this comment.
Is there a more descriptive type we can use than Record<string, any>? Looks like HttpRequestOptions might be a good fit.
There was a problem hiding this comment.
Sounds great! Let me do it!
| readonly AWS_INSTANCE_IDENTITY_DOCUMENT_URI = | ||
| 'http://169.254.169.254/latest/dynamic/instance-identity/document'; | ||
| readonly AWS_INSTANCE_TOKEN_DOCUMENT_URI = |
There was a problem hiding this comment.
Yes, will delete this part, thank you for pointing out!
| readonly AWS_INSTANCE_IDENTITY_DOCUMENT_URI = | ||
| 'http://169.254.169.254/latest/dynamic/instance-identity/document'; | ||
| readonly AWS_INSTANCE_TOKEN_DOCUMENT_URI = | ||
| 'http://169.254.169.254/latest/api/token'; | ||
| readonly AWS_INSTANCE_HOST_DOCUMENT_URI = |
| @@ -30,8 +30,18 @@ class AwsEc2Detector implements Detector { | |||
| * See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html | |||
| * for documentation about the AWS instance identity document endpoint. | |||
| */ | |||
| readonly HTTP_HEADER = 'http://'; | |||
| readonly AWS_IDMS_ENDPOINT = '169.254.169.254'; | |||
There was a problem hiding this comment.
Maybe AWS_IDMS_HOST_ADDRESS?
There was a problem hiding this comment.
Nice suggestion!
But because we have another path called HOST_DOCUMENT. To avoid confusion, I suppose this kind of naming is also acceptable
There was a problem hiding this comment.
It's IMDS (Instance Metadata Service) ;)
There was a problem hiding this comment.
Thank you for pointing out! Will modify this
| const options = { | ||
| host: this.AWS_IDMS_ENDPOINT, | ||
| path: this.AWS_INSTANCE_TOKEN_DOCUMENT_PATH, | ||
| method: 'PUT', |
There was a problem hiding this comment.
Why is this PUT instead of GET?
There was a problem hiding this comment.
This is part of AWS IDMSv2 standard, we need to do PUT first to obtain TOKEN. You can refer to https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html
packages/opentelemetry-resources/src/platform/node/detectors/AwsEc2Detector.ts
Outdated
Show resolved
Hide resolved
packages/opentelemetry-resources/src/platform/node/detectors/AwsEc2Detector.ts
Outdated
Show resolved
Hide resolved
packages/opentelemetry-resources/src/platform/node/detectors/AwsEc2Detector.ts
Outdated
Show resolved
Hide resolved
packages/opentelemetry-resources/test/detectors/AwsEc2Detector.test.ts
Outdated
Show resolved
Hide resolved
packages/opentelemetry-resources/test/detectors/AwsEc2Detector.test.ts
Outdated
Show resolved
Hide resolved
packages/opentelemetry-resources/test/detectors/AwsEc2Detector.test.ts
Outdated
Show resolved
Hide resolved
packages/opentelemetry-resources/test/detectors/AwsEc2Detector.test.ts
Outdated
Show resolved
Hide resolved
packages/opentelemetry-resources/test/detectors/AwsEc2Detector.test.ts
Outdated
Show resolved
Hide resolved
| */ | ||
| readonly AWS_INSTANCE_IDENTITY_DOCUMENT_URI = | ||
| 'http://169.254.169.254/latest/dynamic/instance-identity/document'; | ||
| readonly HTTP_HEADER = 'http://'; |
There was a problem hiding this comment.
This is probably not a great name since HTTP Header already has its own meaning. It looks like you're looking for the URL Scheme.
It looks like this is also only used in tests, so why is it defined here?
There was a problem hiding this comment.
Oh here is a historical problem. Initially we use Url in order to connect with AWS identity document. And current version we use host and path separately.
I will move this constant to test code, thank you for pointing out!
packages/opentelemetry-resources/src/platform/node/detectors/AwsEc2Detector.ts
Outdated
Show resolved
Hide resolved
EdZou
changed the title
Which problem is this PR solving?
Since currently, the most updated version of Instance Metadata Service is already v2 and the previous implementation follows the IMDSv1 standard. We migrate it to follow IMDSv2 standard in this PR.
For more details, refer to AWS EC2 Instance Metadata Service
Short description of the changes
If you would like to review @dyladan @anuraaga
Really appreciate it!
Additional Question:
When implementing this part, I notice that detect-resources take use of all the detectors components, should I also add Beanstalk and ECS detector to this part of code and make new PR?