Add role_arn as a config option

open-telemetry · Mar 12, 2021 · 3cf3439 · 3cf3439
1 parent 7c28ef1
commit 3cf3439
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 5 deletions.
diff --git a/exporter/awsprometheusremotewriteexporter/auth.go b/exporter/awsprometheusremotewriteexporter/auth.go
@@ -20,10 +20,13 @@ import (
 	"errors"
 	"io/ioutil"
 	"net/http"
+	"os"
+	"strconv"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
 	"github.com/aws/aws-sdk-go/aws/session"
 	v4 "github.com/aws/aws-sdk-go/aws/signer/v4"
 )
@@ -70,20 +73,29 @@ func (si *signingRoundTripper) RoundTrip(req *http.Request) (*http.Response, err
 }
 
 func newSigningRoundTripper(auth AuthConfig, next http.RoundTripper) (http.RoundTripper, error) {
+
 	sess, err := session.NewSession(&aws.Config{
 		Region: aws.String(auth.Region)},
 	)
+
 	if err != nil {
 		return nil, err
 	}
 
-	if _, err = sess.Config.Credentials.Get(); err != nil {
-		return nil, err
+	var creds *credentials.Credentials
+	if auth.RoleArn  != "" {
+		// Get credentials from an assumeRole API call
+		creds = stscreds.NewCredentials(sess, auth.RoleArn, func(p *stscreds.AssumeRoleProvider) {
+		    p.RoleSessionName = getRoleSessionName()
+	    })
+	}else{
+		if _, err = sess.Config.Credentials.Get(); err != nil {
+			return nil, err
+		}
+		// Get Credentials, either from ./aws or from environmental variables
+		creds = sess.Config.Credentials
 	}
 
-	// Get Credentials, either from ./aws or from environmental variables
-	creds := sess.Config.Credentials
-
 	return createSigningRoundTripperWithCredentials(auth, creds, next)
 }
 
@@ -124,3 +136,14 @@ func cloneRequest(r *http.Request) *http.Request {
 	}
 	return r2
 }
+
+func getRoleSessionName() string {
+	suffix, err := os.Hostname()
+
+	if err != nil {
+		now := time.Now().Unix()
+		suffix = strconv.FormatInt(now, 10)
+	}
+
+	return "aws-otel-collector-" + suffix
+}
diff --git a/exporter/awsprometheusremotewriteexporter/config.go b/exporter/awsprometheusremotewriteexporter/config.go
@@ -34,4 +34,6 @@ type AuthConfig struct {
 	Region string `mapstructure:"region"`
 	// Service is the service name for AWS Sig v4
 	Service string `mapstructure:"service"`
+	// Amazon Resource Name (ARN) of a role to assume
+	RoleArn string `mapstructure:"role_arn"`
 }
diff --git a/exporter/awsprometheusremotewriteexporter/factory.go b/exporter/awsprometheusremotewriteexporter/factory.go
@@ -51,6 +51,7 @@ func (af *awsFactory) CreateDefaultConfig() configmodels.Exporter {
 		AuthConfig: AuthConfig{
 			Region:  "",
 			Service: "",
+			RoleArn: "",
 		},
 	}