aws-observability
diff --git a/‎awsagentprovider/build.gradle.kts‎
Lines changed: 4 additions & 0 deletions b/‎awsagentprovider/build.gradle.kts‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎awsagentprovider/src/main/java/software/amazon/opentelemetry/javaagent/providers/AwsApplicationSignalsCustomizerProvider.java‎
Lines changed: 52 additions & 0 deletions b/‎awsagentprovider/src/main/java/software/amazon/opentelemetry/javaagent/providers/AwsApplicationSignalsCustomizerProvider.java‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎awsagentprovider/src/main/java/software/amazon/opentelemetry/javaagent/providers/OtlpAwsSpanExporter.java‎
Lines changed: 149 additions & 0 deletions b/‎awsagentprovider/src/main/java/software/amazon/opentelemetry/javaagent/providers/OtlpAwsSpanExporter.java‎
Lines changed: 149 additions & 0 deletions
diff --git a/‎awsagentprovider/src/main/java/software/amazon/opentelemetry/javaagent/providers/OtlpAwsSpanExporter/test.java‎ b/‎awsagentprovider/src/main/java/software/amazon/opentelemetry/javaagent/providers/OtlpAwsSpanExporter/test.java‎
@@ -45,6 +45,10 @@ dependencies {
   // For Udp emitter
   compileOnly("io.opentelemetry:opentelemetry-exporter-otlp-common")
 
+  // For OtlpAwsSpanExporter SigV4 Authentication
+  implementation("software.amazon.awssdk:auth")
+  implementation("software.amazon.awssdk:http-auth-aws")
+
   testImplementation("io.opentelemetry:opentelemetry-sdk-extension-autoconfigure")
   testImplementation("io.opentelemetry:opentelemetry-sdk-testing")
   testImplementation("io.opentelemetry:opentelemetry-extension-aws")
 
@@ -51,6 +51,7 @@
 import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import java.util.regex.Pattern;
 
 /**
  * This customizer performs the following customizations:
@@ -70,6 +71,8 @@
 public class AwsApplicationSignalsCustomizerProvider
     implements AutoConfigurationCustomizerProvider {
   static final String AWS_LAMBDA_FUNCTION_NAME_CONFIG = "AWS_LAMBDA_FUNCTION_NAME";
+  private static final String XRAY_OTLP_ENDPOINT_PATTERN =
+      "^https://xray\\.([a-z0-9-]+)\\.amazonaws\\.com/v1/traces$";
 
   private static final Duration DEFAULT_METRIC_EXPORT_INTERVAL = Duration.ofMinutes(1);
   private static final Logger logger =
@@ -95,6 +98,9 @@ public class AwsApplicationSignalsCustomizerProvider
   private static final String OTEL_JMX_TARGET_SYSTEM_CONFIG = "otel.jmx.target.system";
   private static final String OTEL_EXPORTER_OTLP_TRACES_ENDPOINT_CONFIG =
       "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT";
+  private static final String OTEL_EXPORTER_HTTP_PROTOBUF_PROTOCOL = "http/protobuf";
+  private static final String OTEL_EXPORTER_OTLP_TRACES_PROTOCOL_CONFIG =
+      "OTEL_EXPORTER_OTLP_TRACES_PROTOCOL";
   private static final String AWS_XRAY_DAEMON_ADDRESS_CONFIG = "AWS_XRAY_DAEMON_ADDRESS";
   private static final String DEFAULT_UDP_ENDPOINT = "127.0.0.1:2000";
   private static final String OTEL_DISABLED_RESOURCE_PROVIDERS_CONFIG =
@@ -106,6 +112,8 @@ public class AwsApplicationSignalsCustomizerProvider
   // This is a bit of a magic number, as there is no simple way to tell how many spans can make a
   // 64KB batch since spans can vary in size.
   private static final int LAMBDA_SPAN_EXPORT_BATCH_SIZE = 10;
+  private static final boolean isSigV4Enabled =
+      AwsApplicationSignalsCustomizerProvider.isSigV4Enabled();
 
   public void customize(AutoConfigurationCustomizer autoConfiguration) {
     autoConfiguration.addPropertiesCustomizer(this::customizeProperties);
@@ -121,6 +129,37 @@ static boolean isLambdaEnvironment() {
     return System.getenv(AWS_LAMBDA_FUNCTION_NAME_CONFIG) != null;
   }
 
+  static boolean isSigV4Enabled() {
+    String otlpEndpoint = System.getenv(OTEL_EXPORTER_OTLP_TRACES_ENDPOINT_CONFIG);
+    boolean isXrayOtlpEndpoint =
+        otlpEndpoint != null
+            && Pattern.compile(XRAY_OTLP_ENDPOINT_PATTERN)
+                .matcher(otlpEndpoint.toLowerCase())
+                .matches();
+
+    if (isXrayOtlpEndpoint) {
+      logger.log(Level.INFO, "Detected using AWS OTLP XRay Endpoint.");
+
+      String otlpTracesProtocol = System.getenv(OTEL_EXPORTER_OTLP_TRACES_PROTOCOL_CONFIG);
+
+      if (otlpTracesProtocol == null
+          || !otlpTracesProtocol.equals(OTEL_EXPORTER_HTTP_PROTOBUF_PROTOCOL)) {
+        logger.info(
+            String.format(
+                "Improper configuration: Please configure your environment variables and export/set %s=%s",
+                OTEL_EXPORTER_OTLP_TRACES_PROTOCOL_CONFIG, OTEL_EXPORTER_HTTP_PROTOBUF_PROTOCOL));
+        return false;
+      }
+
+      logger.info(
+          String.format(
+              "Proper configuration detected: Now exporting trace span data to %s", otlpEndpoint));
+      return true;
+    }
+
+    return false;
+  }
+
   private boolean isApplicationSignalsEnabled(ConfigProperties configProps) {
     return configProps.getBoolean(
         APPLICATION_SIGNALS_ENABLED_CONFIG,
@@ -221,6 +260,10 @@ private SdkTracerProviderBuilder customizeTracerProviderBuilder(
         return tracerProviderBuilder;
       }
 
+      if (isSigV4Enabled) {
+        return tracerProviderBuilder;
+      }
+
       // Construct meterProvider
       MetricExporter metricsExporter =
           ApplicationSignalsExporterProvider.INSTANCE.createExporter(configProps);
@@ -287,6 +330,15 @@ private SpanExporter customizeSpanExporter(
       }
     }
 
+    // When running OTLP endpoint for X-Ray backend, use custom exporter for SigV4 authentication.
+    if (isSigV4Enabled) {
+      return new OtlpAwsSpanExporter(
+          (OtlpHttpSpanExporter)
+              spanExporter, // can cast here since we've checked that the environment variable is
+          // set to http/protobuf
+          System.getenv(OTEL_EXPORTER_OTLP_TRACES_ENDPOINT_CONFIG));
+    }
+
     if (isApplicationSignalsEnabled(configProps)) {
       return AwsMetricAttributesSpanExporterBuilder.create(
               spanExporter, ResourceHolder.getResource())
 
@@ -0,0 +1,149 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.opentelemetry.javaagent.providers;
+
+import io.opentelemetry.exporter.internal.otlp.traces.TraceRequestMarshaler;
+import io.opentelemetry.exporter.otlp.http.trace.OtlpHttpSpanExporter;
+import io.opentelemetry.sdk.common.CompletableResultCode;
+import io.opentelemetry.sdk.common.export.MemoryMode;
+import io.opentelemetry.sdk.trace.data.SpanData;
+import io.opentelemetry.sdk.trace.export.SpanExporter;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.function.Supplier;
+import javax.annotation.concurrent.Immutable;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
+import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
+import software.amazon.awssdk.http.SdkHttpFullRequest;
+import software.amazon.awssdk.http.SdkHttpMethod;
+import software.amazon.awssdk.http.SdkHttpRequest;
+import software.amazon.awssdk.http.auth.aws.signer.AwsV4HttpSigner;
+import software.amazon.awssdk.http.auth.spi.signer.SignedRequest;
+
+/**
+ * This exporter extends the functionality of the OtlpHttpSpanExporter to allow spans to be exported
+ * to the XRay OTLP endpoint https://xray.[AWSRegion].amazonaws.com/v1/traces. Utilizes the AWSSDK
+ * library to sign and directly inject SigV4 Authentication to the exported request's headers. <a
+ * href="https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-OTLPEndpoint.html">...</a>
+ */
+@Immutable
+public class OtlpAwsSpanExporter implements SpanExporter {
+  private static final String SERVICE_NAME = "xray";
+  private static final Logger logger = LoggerFactory.getLogger(OtlpAwsSpanExporter.class);
+
+  private final SpanExporter parentExporter;
+  private final String awsRegion;
+  private final String endpoint;
+  private Collection<SpanData> spanData;
+
+  public OtlpAwsSpanExporter(OtlpHttpSpanExporter parentExporter, String endpoint) {
+    this.parentExporter =
+        parentExporter.toBuilder()
+            .setMemoryMode(MemoryMode.IMMUTABLE_DATA)
+            .setEndpoint(endpoint)
+            .setHeaders(new SigV4AuthHeaderSupplier())
+            .build();
+
+    this.awsRegion = endpoint.split("\\.")[1];
+    this.endpoint = endpoint;
+    this.spanData = new ArrayList<>();
+  }
+
+  /**
+   * Overrides the upstream implementation of export. All behaviors are the same except if the
+   * endpoint is an XRay OTLP endpoint, we will sign the request with SigV4 in headers before
+   * sending it to the endpoint. Otherwise, we will skip signing.
+   */
+  @Override
+  public CompletableResultCode export(Collection<SpanData> spans) {
+    this.spanData = spans;
+    return this.parentExporter.export(spans);
+  }
+
+  @Override
+  public CompletableResultCode flush() {
+    return this.parentExporter.flush();
+  }
+
+  @Override
+  public CompletableResultCode shutdown() {
+    return this.parentExporter.shutdown();
+  }
+
+  @Override
+  public String toString() {
+    return this.parentExporter.toString();
+  }
+
+  private final class SigV4AuthHeaderSupplier implements Supplier<Map<String, String>> {
+
+    @Override
+    public Map<String, String> get() {
+      try {
+        ByteArrayOutputStream encodedSpans = new ByteArrayOutputStream();
+        TraceRequestMarshaler.create(OtlpAwsSpanExporter.this.spanData).writeBinaryTo(encodedSpans);
+
+        SdkHttpRequest httpRequest =
+            SdkHttpFullRequest.builder()
+                .uri(URI.create(OtlpAwsSpanExporter.this.endpoint))
+                .method(SdkHttpMethod.POST)
+                .putHeader("Content-Type", "application/x-protobuf")
+                .contentStreamProvider(() -> new ByteArrayInputStream(encodedSpans.toByteArray()))
+                .build();
+
+        AwsCredentials credentials = DefaultCredentialsProvider.create().resolveCredentials();
+
+        SignedRequest signedRequest =
+            AwsV4HttpSigner.create()
+                .sign(
+                    b ->
+                        b.identity(credentials)
+                            .request(httpRequest)
+                            .putProperty(AwsV4HttpSigner.SERVICE_SIGNING_NAME, SERVICE_NAME)
+                            .putProperty(
+                                AwsV4HttpSigner.REGION_NAME, OtlpAwsSpanExporter.this.awsRegion)
+                            .payload(() -> new ByteArrayInputStream(encodedSpans.toByteArray())));
+
+        Map<String, String> result = new HashMap<>();
+
+        Map<String, List<String>> headers = signedRequest.request().headers();
+        headers.forEach(
+            (key, values) -> {
+              if (!values.isEmpty()) {
+                result.put(key, values.get(0));
+              }
+            });
+
+        return result;
+
+      } catch (Exception e) {
+        logger.error(
+            "Failed to sign/authenticate the given exported Span request to OTLP CloudWatch endpoint with error: {}",
+            e.getMessage());
+
+        return new HashMap<>();
+      }
+    }
+  }
+}