From 3cf3439259e7681418ae362140cb27752af8501b Mon Sep 17 00:00:00 2001 From: Rodrigue Koffi Date: Fri, 12 Mar 2021 17:25:22 +0000 Subject: [PATCH 1/7] Add role_arn as a config option --- .../awsprometheusremotewriteexporter/auth.go | 33 ++++++++++++++++--- .../config.go | 2 ++ .../factory.go | 1 + 3 files changed, 31 insertions(+), 5 deletions(-) diff --git a/exporter/awsprometheusremotewriteexporter/auth.go b/exporter/awsprometheusremotewriteexporter/auth.go index f1d8092d9555..44318006f4d2 100644 --- a/exporter/awsprometheusremotewriteexporter/auth.go +++ b/exporter/awsprometheusremotewriteexporter/auth.go @@ -20,10 +20,13 @@ import ( "errors" "io/ioutil" "net/http" + "os" + "strconv" "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/aws/credentials/stscreds" "github.com/aws/aws-sdk-go/aws/session" v4 "github.com/aws/aws-sdk-go/aws/signer/v4" ) @@ -70,20 +73,29 @@ func (si *signingRoundTripper) RoundTrip(req *http.Request) (*http.Response, err } func newSigningRoundTripper(auth AuthConfig, next http.RoundTripper) (http.RoundTripper, error) { + sess, err := session.NewSession(&aws.Config{ Region: aws.String(auth.Region)}, ) + if err != nil { return nil, err } - if _, err = sess.Config.Credentials.Get(); err != nil { - return nil, err + var creds *credentials.Credentials + if auth.RoleArn != "" { + // Get credentials from an assumeRole API call + creds = stscreds.NewCredentials(sess, auth.RoleArn, func(p *stscreds.AssumeRoleProvider) { + p.RoleSessionName = getRoleSessionName() + }) + }else{ + if _, err = sess.Config.Credentials.Get(); err != nil { + return nil, err + } + // Get Credentials, either from ./aws or from environmental variables + creds = sess.Config.Credentials } - // Get Credentials, either from ./aws or from environmental variables - creds := sess.Config.Credentials - return createSigningRoundTripperWithCredentials(auth, creds, next) } @@ -124,3 +136,14 @@ func cloneRequest(r *http.Request) *http.Request { } return r2 } + +func getRoleSessionName() string { + suffix, err := os.Hostname() + + if err != nil { + now := time.Now().Unix() + suffix = strconv.FormatInt(now, 10) + } + + return "aws-otel-collector-" + suffix +} diff --git a/exporter/awsprometheusremotewriteexporter/config.go b/exporter/awsprometheusremotewriteexporter/config.go index 59b31b507983..945c3a56cf1d 100644 --- a/exporter/awsprometheusremotewriteexporter/config.go +++ b/exporter/awsprometheusremotewriteexporter/config.go @@ -34,4 +34,6 @@ type AuthConfig struct { Region string `mapstructure:"region"` // Service is the service name for AWS Sig v4 Service string `mapstructure:"service"` + // Amazon Resource Name (ARN) of a role to assume + RoleArn string `mapstructure:"role_arn"` } diff --git a/exporter/awsprometheusremotewriteexporter/factory.go b/exporter/awsprometheusremotewriteexporter/factory.go index 969798c005f3..61f0332dd21b 100644 --- a/exporter/awsprometheusremotewriteexporter/factory.go +++ b/exporter/awsprometheusremotewriteexporter/factory.go @@ -51,6 +51,7 @@ func (af *awsFactory) CreateDefaultConfig() configmodels.Exporter { AuthConfig: AuthConfig{ Region: "", Service: "", + RoleArn: "", }, } From 5059b564cfeb5870ca364e0bb68a8bd46e949c10 Mon Sep 17 00:00:00 2001 From: Rodrigue Koffi Date: Fri, 12 Mar 2021 17:26:27 +0000 Subject: [PATCH 2/7] Add tests for role_arn --- .../auth_test.go | 64 +++++++++++-------- .../config_test.go | 1 + .../testdata/config.yaml | 9 +-- 3 files changed, 45 insertions(+), 29 deletions(-) diff --git a/exporter/awsprometheusremotewriteexporter/auth_test.go b/exporter/awsprometheusremotewriteexporter/auth_test.go index e93c617fbff2..d3b4d8df5bb9 100644 --- a/exporter/awsprometheusremotewriteexporter/auth_test.go +++ b/exporter/awsprometheusremotewriteexporter/auth_test.go @@ -31,37 +31,51 @@ import ( ) func TestRequestSignature(t *testing.T) { - // Some form of AWS credentials must be set up for tests to succeed - awsCreds := fetchMockCredentials() - authConfig := AuthConfig{Region: "region", Service: "service"} - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - _, err := v4.GetSignedRequestSignature(r) - assert.NoError(t, err) - w.WriteHeader(200) - })) - defer server.Close() + tests := []struct { + authConfig AuthConfig + }{ + { + AuthConfig{Region: "region", Service: "service"}, + }, + { + AuthConfig{Region: "region", Service: "service", RoleArn: "arn:aws:iam::123456789012:role/IAMRole"}, + }, + } - serverURL, err := url.Parse(server.URL) - assert.NoError(t, err) + for _, tt := range tests { + // Some form of AWS credentials must be set up for tests to succeed + awsCreds := fetchMockCredentials() + authConfig := tt.authConfig + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + _, err := v4.GetSignedRequestSignature(r) + assert.NoError(t, err) + w.WriteHeader(200) + })) + defer server.Close() - setting := confighttp.HTTPClientSettings{ - Endpoint: serverURL.String(), - TLSSetting: configtls.TLSClientSetting{}, - ReadBufferSize: 0, - WriteBufferSize: 0, - Timeout: 0, - CustomRoundTripper: func(next http.RoundTripper) (http.RoundTripper, error) { - return createSigningRoundTripperWithCredentials(authConfig, awsCreds, next) - }, + serverURL, err := url.Parse(server.URL) + assert.NoError(t, err) + + setting := confighttp.HTTPClientSettings{ + Endpoint: serverURL.String(), + TLSSetting: configtls.TLSClientSetting{}, + ReadBufferSize: 0, + WriteBufferSize: 0, + Timeout: 0, + CustomRoundTripper: func(next http.RoundTripper) (http.RoundTripper, error) { + return createSigningRoundTripperWithCredentials(authConfig, awsCreds, next) + }, + } + client, _ := setting.ToClient() + req, err := http.NewRequest("POST", setting.Endpoint, strings.NewReader("a=1&b=2")) + assert.NoError(t, err) + _, err = client.Do(req) + assert.NoError(t, err) } - client, _ := setting.ToClient() - req, err := http.NewRequest("POST", setting.Endpoint, strings.NewReader("a=1&b=2")) - assert.NoError(t, err) - _, err = client.Do(req) - assert.NoError(t, err) } + type ErrorRoundTripper struct{} func (ert *ErrorRoundTripper) RoundTrip(r *http.Request) (*http.Response, error) { diff --git a/exporter/awsprometheusremotewriteexporter/config_test.go b/exporter/awsprometheusremotewriteexporter/config_test.go index 329e9a048033..7f2ab2ad428a 100644 --- a/exporter/awsprometheusremotewriteexporter/config_test.go +++ b/exporter/awsprometheusremotewriteexporter/config_test.go @@ -95,6 +95,7 @@ func TestLoadConfig(t *testing.T) { AuthConfig: AuthConfig{ Region: "us-west-2", Service: "service-name", + RoleArn: "arn:aws:iam::123456789012:role/IAMRole", }, } // testing function equality is not supported in Go hence these will be ignored for this test diff --git a/exporter/awsprometheusremotewriteexporter/testdata/config.yaml b/exporter/awsprometheusremotewriteexporter/testdata/config.yaml index ce46a7a89df7..2193f61567f5 100644 --- a/exporter/awsprometheusremotewriteexporter/testdata/config.yaml +++ b/exporter/awsprometheusremotewriteexporter/testdata/config.yaml @@ -1,9 +1,9 @@ receivers: nop: - + processors: nop: - + exporters: awsprometheusremotewrite: awsprometheusremotewrite/2: @@ -26,6 +26,7 @@ exporters: aws_auth: region: "us-west-2" service: "service-name" + role_arn: "arn:aws:iam::123456789012:role/IAMRole" external_labels: key1: value1 key2: value2 @@ -35,5 +36,5 @@ service: receivers: [nop] processors: [nop] exporters: [awsprometheusremotewrite] - - + + From 62ca64e1602daa70bb513b4506b91df3b95bfb86 Mon Sep 17 00:00:00 2001 From: Rodrigue Koffi Date: Fri, 12 Mar 2021 17:27:20 +0000 Subject: [PATCH 3/7] update doc for role_arn --- exporter/awsprometheusremotewriteexporter/README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/exporter/awsprometheusremotewriteexporter/README.md b/exporter/awsprometheusremotewriteexporter/README.md index d08a921a74b3..47f762dd34ef 100644 --- a/exporter/awsprometheusremotewriteexporter/README.md +++ b/exporter/awsprometheusremotewriteexporter/README.md @@ -8,7 +8,7 @@ of the AWS SDK for Go. Note: this exporter imports and uses the [Prometheus remote write exporter](https://github.com/open-telemetry/opentelemetry-collector/tree/main/exporter/prometheusremotewriteexporter) from upstream, and simply wraps it in Sigv4 authentication logic -Same as the Prometheus remote write exporter, this exporter checks the temporality and the type of each incoming metric +Same as the Prometheus remote write exporter, this exporter checks the temporality and the type of each incoming metric and only exports the following combination: - Int64 or Double type with any temporality @@ -16,7 +16,7 @@ and only exports the following combination: ## Configuration The following settings are required: -- `endpoint`: protocol:host:port to which the exporter is going to send traces or metrics, using the HTTP/HTTPS protocol. +- `endpoint`: protocol:host:port to which the exporter is going to send traces or metrics, using the HTTP/HTTPS protocol. The following settings can be optionally configured: - `namespace`: prefix attached to each exported metric name. @@ -31,8 +31,9 @@ The following settings can be optionally configured: - `aws_auth`: specify if each request should be signed with AWS Sig v4. The following settings must be configured: - `region`: region of the AWS service being exported to. - `service`: AWS service being exported to. - - + - `role_arn`: Amazon Resource Name of the role to assume. + + #### Examples: Simplest configuration: From f200bba1fcddeda323671a7973ccc5d2b9521ebc Mon Sep 17 00:00:00 2001 From: Rodrigue Koffi Date: Fri, 12 Mar 2021 19:31:27 +0000 Subject: [PATCH 4/7] Fix tests --- .../awsprometheusremotewriteexporter/auth.go | 8 ++++---- .../auth_test.go | 16 +++++++++++++--- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/exporter/awsprometheusremotewriteexporter/auth.go b/exporter/awsprometheusremotewriteexporter/auth.go index 44318006f4d2..b1c41757dd0b 100644 --- a/exporter/awsprometheusremotewriteexporter/auth.go +++ b/exporter/awsprometheusremotewriteexporter/auth.go @@ -83,12 +83,12 @@ func newSigningRoundTripper(auth AuthConfig, next http.RoundTripper) (http.Round } var creds *credentials.Credentials - if auth.RoleArn != "" { + if auth.RoleArn != "" { // Get credentials from an assumeRole API call creds = stscreds.NewCredentials(sess, auth.RoleArn, func(p *stscreds.AssumeRoleProvider) { - p.RoleSessionName = getRoleSessionName() - }) - }else{ + p.RoleSessionName = getRoleSessionName() + }) + } else { if _, err = sess.Config.Credentials.Get(); err != nil { return nil, err } diff --git a/exporter/awsprometheusremotewriteexporter/auth_test.go b/exporter/awsprometheusremotewriteexporter/auth_test.go index d3b4d8df5bb9..5e4348aec950 100644 --- a/exporter/awsprometheusremotewriteexporter/auth_test.go +++ b/exporter/awsprometheusremotewriteexporter/auth_test.go @@ -20,12 +20,14 @@ import ( "net/http" "net/http/httptest" "net/url" + "os" "strings" "testing" "github.com/aws/aws-sdk-go/aws/credentials" v4 "github.com/aws/aws-sdk-go/aws/signer/v4" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "go.opentelemetry.io/collector/config/confighttp" "go.opentelemetry.io/collector/config/configtls" ) @@ -46,7 +48,6 @@ func TestRequestSignature(t *testing.T) { for _, tt := range tests { // Some form of AWS credentials must be set up for tests to succeed awsCreds := fetchMockCredentials() - authConfig := tt.authConfig server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { _, err := v4.GetSignedRequestSignature(r) assert.NoError(t, err) @@ -64,7 +65,7 @@ func TestRequestSignature(t *testing.T) { WriteBufferSize: 0, Timeout: 0, CustomRoundTripper: func(next http.RoundTripper) (http.RoundTripper, error) { - return createSigningRoundTripperWithCredentials(authConfig, awsCreds, next) + return createSigningRoundTripperWithCredentials(tt.authConfig, awsCreds, next) }, } client, _ := setting.ToClient() @@ -75,7 +76,6 @@ func TestRequestSignature(t *testing.T) { } } - type ErrorRoundTripper struct{} func (ert *ErrorRoundTripper) RoundTrip(r *http.Request) (*http.Response, error) { @@ -225,6 +225,16 @@ func TestCloneRequest(t *testing.T) { } } +func TestGetRoleSessionName(t *testing.T) { + + sessionName := getRoleSessionName() + require.NotNil(t, sessionName) + + osHostname, err := os.Hostname() + require.NoError(t, err) + assert.Contains(t, sessionName, osHostname) +} + func fetchMockCredentials() *credentials.Credentials { return credentials.NewStaticCredentials("MOCK_AWS_ACCESS_KEY", "MOCK_AWS_SECRET_ACCESS_KEY", From 7aa3059631120caee61bdb889ce78baad10bc61c Mon Sep 17 00:00:00 2001 From: Rodrigue Koffi Date: Sat, 13 Mar 2021 11:05:11 +0000 Subject: [PATCH 5/7] Add tests for roles scenarios --- .../awsprometheusremotewriteexporter/auth.go | 23 +++--- .../auth_test.go | 81 ++++++++++++------- 2 files changed, 65 insertions(+), 39 deletions(-) diff --git a/exporter/awsprometheusremotewriteexporter/auth.go b/exporter/awsprometheusremotewriteexporter/auth.go index b1c41757dd0b..1413d91fa2ba 100644 --- a/exporter/awsprometheusremotewriteexporter/auth.go +++ b/exporter/awsprometheusremotewriteexporter/auth.go @@ -74,6 +74,15 @@ func (si *signingRoundTripper) RoundTrip(req *http.Request) (*http.Response, err func newSigningRoundTripper(auth AuthConfig, next http.RoundTripper) (http.RoundTripper, error) { + creds, err := getCredsFromConfig(auth) + if err != nil { + return nil, err + } + + return createSigningRoundTripperWithCredentials(auth, creds, next) +} + +func getCredsFromConfig(auth AuthConfig) (*credentials.Credentials, error) { sess, err := session.NewSession(&aws.Config{ Region: aws.String(auth.Region)}, ) @@ -89,14 +98,10 @@ func newSigningRoundTripper(auth AuthConfig, next http.RoundTripper) (http.Round p.RoleSessionName = getRoleSessionName() }) } else { - if _, err = sess.Config.Credentials.Get(); err != nil { - return nil, err - } // Get Credentials, either from ./aws or from environmental variables creds = sess.Config.Credentials } - - return createSigningRoundTripperWithCredentials(auth, creds, next) + return creds, nil } func createSigningRoundTripperWithCredentials(auth AuthConfig, creds *credentials.Credentials, next http.RoundTripper) (http.RoundTripper, error) { @@ -138,12 +143,10 @@ func cloneRequest(r *http.Request) *http.Request { } func getRoleSessionName() string { - suffix, err := os.Hostname() - if err != nil { - now := time.Now().Unix() - suffix = strconv.FormatInt(now, 10) + if suffix, err := os.Hostname(); err == nil { + return "aws-otel-collector-" + suffix } - return "aws-otel-collector-" + suffix + return "aws-otel-collector-" + strconv.FormatInt(time.Now().Unix(), 10) } diff --git a/exporter/awsprometheusremotewriteexporter/auth_test.go b/exporter/awsprometheusremotewriteexporter/auth_test.go index 5e4348aec950..57e97ba9ae5c 100644 --- a/exporter/awsprometheusremotewriteexporter/auth_test.go +++ b/exporter/awsprometheusremotewriteexporter/auth_test.go @@ -33,47 +33,67 @@ import ( ) func TestRequestSignature(t *testing.T) { + // Some form of AWS credentials must be set up for tests to succeed + awsCreds := fetchMockCredentials() + authConfig := AuthConfig{Region: "region", Service: "service"} + + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + _, err := v4.GetSignedRequestSignature(r) + assert.NoError(t, err) + w.WriteHeader(200) + })) + defer server.Close() + + serverURL, err := url.Parse(server.URL) + assert.NoError(t, err) + + setting := confighttp.HTTPClientSettings{ + Endpoint: serverURL.String(), + TLSSetting: configtls.TLSClientSetting{}, + ReadBufferSize: 0, + WriteBufferSize: 0, + Timeout: 0, + CustomRoundTripper: func(next http.RoundTripper) (http.RoundTripper, error) { + return createSigningRoundTripperWithCredentials(authConfig, awsCreds, next) + }, + } + client, _ := setting.ToClient() + req, err := http.NewRequest("POST", setting.Endpoint, strings.NewReader("a=1&b=2")) + assert.NoError(t, err) + _, err = client.Do(req) + assert.NoError(t, err) +} + +func TestGetCredsFromConfig(t *testing.T) { tests := []struct { - authConfig AuthConfig + name string + authConfig AuthConfig + returnError bool }{ { + "success_case_without_role", AuthConfig{Region: "region", Service: "service"}, + false, }, { + "success_case_without_role", AuthConfig{Region: "region", Service: "service", RoleArn: "arn:aws:iam::123456789012:role/IAMRole"}, + false, }, } - + // run tests for _, tt := range tests { - // Some form of AWS credentials must be set up for tests to succeed - awsCreds := fetchMockCredentials() - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - _, err := v4.GetSignedRequestSignature(r) - assert.NoError(t, err) - w.WriteHeader(200) - })) - defer server.Close() - - serverURL, err := url.Parse(server.URL) - assert.NoError(t, err) - - setting := confighttp.HTTPClientSettings{ - Endpoint: serverURL.String(), - TLSSetting: configtls.TLSClientSetting{}, - ReadBufferSize: 0, - WriteBufferSize: 0, - Timeout: 0, - CustomRoundTripper: func(next http.RoundTripper) (http.RoundTripper, error) { - return createSigningRoundTripperWithCredentials(tt.authConfig, awsCreds, next) - }, - } - client, _ := setting.ToClient() - req, err := http.NewRequest("POST", setting.Endpoint, strings.NewReader("a=1&b=2")) - assert.NoError(t, err) - _, err = client.Do(req) - assert.NoError(t, err) + t.Run(tt.name, func(t *testing.T) { + creds, err := getCredsFromConfig(tt.authConfig) + require.NotNil(t, creds) + if tt.returnError { + assert.Error(t, err) + return + } + }) } + } type ErrorRoundTripper struct{} @@ -93,16 +113,19 @@ func TestRoundTrip(t *testing.T) { name string rt http.RoundTripper shouldError bool + authConfig AuthConfig }{ { "valid_round_tripper", defaultRoundTripper, false, + AuthConfig{Region: "region", Service: "service"}, }, { "round_tripper_error", errorRoundTripper, true, + AuthConfig{Region: "region", Service: "service", RoleArn: "arn:aws:iam::123456789012:role/IAMRole"}, }, } From bab7746a72dc7df6418fe3df65aad797bfe04b7f Mon Sep 17 00:00:00 2001 From: Rodrigue Koffi Date: Sat, 13 Mar 2021 13:05:47 +0000 Subject: [PATCH 6/7] Modify AWS session authentication --- .../README.md | 1 - .../awsprometheusremotewriteexporter/auth.go | 20 +++++++------------ .../auth_test.go | 17 +++++----------- .../testdata/config.yaml | 2 -- 4 files changed, 12 insertions(+), 28 deletions(-) diff --git a/exporter/awsprometheusremotewriteexporter/README.md b/exporter/awsprometheusremotewriteexporter/README.md index 47f762dd34ef..b33c0030809d 100644 --- a/exporter/awsprometheusremotewriteexporter/README.md +++ b/exporter/awsprometheusremotewriteexporter/README.md @@ -33,7 +33,6 @@ The following settings can be optionally configured: - `service`: AWS service being exported to. - `role_arn`: Amazon Resource Name of the role to assume. - #### Examples: Simplest configuration: diff --git a/exporter/awsprometheusremotewriteexporter/auth.go b/exporter/awsprometheusremotewriteexporter/auth.go index 1413d91fa2ba..f2edf32cd4f5 100644 --- a/exporter/awsprometheusremotewriteexporter/auth.go +++ b/exporter/awsprometheusremotewriteexporter/auth.go @@ -74,22 +74,16 @@ func (si *signingRoundTripper) RoundTrip(req *http.Request) (*http.Response, err func newSigningRoundTripper(auth AuthConfig, next http.RoundTripper) (http.RoundTripper, error) { - creds, err := getCredsFromConfig(auth) - if err != nil { - return nil, err - } - + creds := getCredsFromConfig(auth) return createSigningRoundTripperWithCredentials(auth, creds, next) } -func getCredsFromConfig(auth AuthConfig) (*credentials.Credentials, error) { - sess, err := session.NewSession(&aws.Config{ - Region: aws.String(auth.Region)}, - ) +func getCredsFromConfig(auth AuthConfig) *credentials.Credentials { - if err != nil { - return nil, err - } + // Session Must ensure the Session is valid + sess := session.Must(session.NewSessionWithOptions(session.Options{ + Config: aws.Config{Region: aws.String(auth.Region)}, + })) var creds *credentials.Credentials if auth.RoleArn != "" { @@ -101,7 +95,7 @@ func getCredsFromConfig(auth AuthConfig) (*credentials.Credentials, error) { // Get Credentials, either from ./aws or from environmental variables creds = sess.Config.Credentials } - return creds, nil + return creds } func createSigningRoundTripperWithCredentials(auth AuthConfig, creds *credentials.Credentials, next http.RoundTripper) (http.RoundTripper, error) { diff --git a/exporter/awsprometheusremotewriteexporter/auth_test.go b/exporter/awsprometheusremotewriteexporter/auth_test.go index 57e97ba9ae5c..a79f95ee6540 100644 --- a/exporter/awsprometheusremotewriteexporter/auth_test.go +++ b/exporter/awsprometheusremotewriteexporter/auth_test.go @@ -67,33 +67,26 @@ func TestRequestSignature(t *testing.T) { func TestGetCredsFromConfig(t *testing.T) { tests := []struct { - name string - authConfig AuthConfig - returnError bool + name string + authConfig AuthConfig }{ { "success_case_without_role", AuthConfig{Region: "region", Service: "service"}, - false, }, { - "success_case_without_role", + "success_case_with_role", AuthConfig{Region: "region", Service: "service", RoleArn: "arn:aws:iam::123456789012:role/IAMRole"}, - false, }, } // run tests for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - creds, err := getCredsFromConfig(tt.authConfig) + creds := getCredsFromConfig(tt.authConfig) require.NotNil(t, creds) - if tt.returnError { - assert.Error(t, err) - return - } + }) } - } type ErrorRoundTripper struct{} diff --git a/exporter/awsprometheusremotewriteexporter/testdata/config.yaml b/exporter/awsprometheusremotewriteexporter/testdata/config.yaml index 2193f61567f5..4c62799e957d 100644 --- a/exporter/awsprometheusremotewriteexporter/testdata/config.yaml +++ b/exporter/awsprometheusremotewriteexporter/testdata/config.yaml @@ -36,5 +36,3 @@ service: receivers: [nop] processors: [nop] exporters: [awsprometheusremotewrite] - - From 46449213456d4e5ff33087b667381137712871d2 Mon Sep 17 00:00:00 2001 From: Rodrigue Koffi Date: Sun, 14 Mar 2021 12:03:08 +0000 Subject: [PATCH 7/7] Update role session identifier --- exporter/awsprometheusremotewriteexporter/auth.go | 12 +----------- .../awsprometheusremotewriteexporter/auth_test.go | 11 ----------- 2 files changed, 1 insertion(+), 22 deletions(-) diff --git a/exporter/awsprometheusremotewriteexporter/auth.go b/exporter/awsprometheusremotewriteexporter/auth.go index f2edf32cd4f5..70535708abcb 100644 --- a/exporter/awsprometheusremotewriteexporter/auth.go +++ b/exporter/awsprometheusremotewriteexporter/auth.go @@ -20,7 +20,6 @@ import ( "errors" "io/ioutil" "net/http" - "os" "strconv" "time" @@ -89,7 +88,7 @@ func getCredsFromConfig(auth AuthConfig) *credentials.Credentials { if auth.RoleArn != "" { // Get credentials from an assumeRole API call creds = stscreds.NewCredentials(sess, auth.RoleArn, func(p *stscreds.AssumeRoleProvider) { - p.RoleSessionName = getRoleSessionName() + p.RoleSessionName = "aws-otel-collector-" + strconv.FormatInt(time.Now().Unix(), 10) }) } else { // Get Credentials, either from ./aws or from environmental variables @@ -135,12 +134,3 @@ func cloneRequest(r *http.Request) *http.Request { } return r2 } - -func getRoleSessionName() string { - - if suffix, err := os.Hostname(); err == nil { - return "aws-otel-collector-" + suffix - } - - return "aws-otel-collector-" + strconv.FormatInt(time.Now().Unix(), 10) -} diff --git a/exporter/awsprometheusremotewriteexporter/auth_test.go b/exporter/awsprometheusremotewriteexporter/auth_test.go index a79f95ee6540..7a0c7ca5f7af 100644 --- a/exporter/awsprometheusremotewriteexporter/auth_test.go +++ b/exporter/awsprometheusremotewriteexporter/auth_test.go @@ -20,7 +20,6 @@ import ( "net/http" "net/http/httptest" "net/url" - "os" "strings" "testing" @@ -241,16 +240,6 @@ func TestCloneRequest(t *testing.T) { } } -func TestGetRoleSessionName(t *testing.T) { - - sessionName := getRoleSessionName() - require.NotNil(t, sessionName) - - osHostname, err := os.Hostname() - require.NoError(t, err) - assert.Contains(t, sessionName, osHostname) -} - func fetchMockCredentials() *credentials.Credentials { return credentials.NewStaticCredentials("MOCK_AWS_ACCESS_KEY", "MOCK_AWS_SECRET_ACCESS_KEY",