|
| 1 | +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. |
| 2 | +// SPDX-License-Identifier: Apache-2.0 |
| 3 | +import { OTLPTraceExporter as OTLPProtoTraceExporter } from '@opentelemetry/exporter-trace-otlp-proto'; |
| 4 | +import { diag } from '@opentelemetry/api'; |
| 5 | +import { OTLPExporterNodeConfigBase } from '@opentelemetry/otlp-exporter-base'; |
| 6 | +import { ExportResult } from '@opentelemetry/core'; |
| 7 | +import { defaultProvider } from '@aws-sdk/credential-provider-node'; |
| 8 | +import { Sha256 } from '@aws-crypto/sha256-js'; |
| 9 | +import { ReadableSpan } from '@opentelemetry/sdk-trace-base'; |
| 10 | +import { SignatureV4 } from '@smithy/signature-v4'; |
| 11 | +import { ProtobufTraceSerializer } from '@opentelemetry/otlp-transformer'; |
| 12 | +import { HttpRequest } from '@smithy/protocol-http'; |
| 13 | + |
| 14 | +const SERVICE_NAME = 'xray'; |
| 15 | + |
| 16 | +/** |
| 17 | + * This exporter extends the functionality of the OTLPProtoTraceExporter to allow spans to be exported |
| 18 | + * to the XRay OTLP endpoint https://xray.[AWSRegion].amazonaws.com/v1/traces. Utilizes the aws-sdk |
| 19 | + * library to sign and directly inject SigV4 Authentication to the exported request's headers. <a |
| 20 | + * href="https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-OTLPEndpoint.html">...</a> |
| 21 | + */ |
| 22 | +export class OTLPAwsSpanExporter extends OTLPProtoTraceExporter { |
| 23 | + private endpoint: string; |
| 24 | + private region: string; |
| 25 | + |
| 26 | + constructor(endpoint: string, config?: OTLPExporterNodeConfigBase) { |
| 27 | + super(config); |
| 28 | + this.region = endpoint.split('.')[1]; |
| 29 | + this.endpoint = endpoint; |
| 30 | + } |
| 31 | + |
| 32 | + /** |
| 33 | + * Overrides the upstream implementation of export. All behaviors are the same except if the |
| 34 | + * endpoint is an XRay OTLP endpoint, we will sign the request with SigV4 in headers before |
| 35 | + * sending it to the endpoint. Otherwise, we will skip signing. |
| 36 | + */ |
| 37 | + public override async export(items: ReadableSpan[], resultCallback: (result: ExportResult) => void): Promise<void> { |
| 38 | + const url = new URL(this.endpoint); |
| 39 | + const serializedSpans: Uint8Array | undefined = ProtobufTraceSerializer.serializeRequest(items); |
| 40 | + |
| 41 | + if (serializedSpans === undefined) { |
| 42 | + return; |
| 43 | + } |
| 44 | + |
| 45 | + /* |
| 46 | + This is bad practice but there is no other way to access and inject SigV4 headers |
| 47 | + into the request headers before the traces get exported. |
| 48 | + */ |
| 49 | + const oldHeaders = (this as any)._transport._transport._parameters.headers; |
| 50 | + |
| 51 | + const request = new HttpRequest({ |
| 52 | + method: 'POST', |
| 53 | + protocol: 'https', |
| 54 | + hostname: url.hostname, |
| 55 | + path: url.pathname, |
| 56 | + body: serializedSpans, |
| 57 | + headers: { |
| 58 | + ...oldHeaders, |
| 59 | + host: url.hostname, |
| 60 | + }, |
| 61 | + }); |
| 62 | + |
| 63 | + try { |
| 64 | + const signer = new SignatureV4({ |
| 65 | + credentials: defaultProvider(), |
| 66 | + region: this.region, |
| 67 | + service: SERVICE_NAME, |
| 68 | + sha256: Sha256, |
| 69 | + }); |
| 70 | + |
| 71 | + const signedRequest = await signer.sign(request); |
| 72 | + |
| 73 | + (this as any)._transport._transport._parameters.headers = signedRequest.headers; |
| 74 | + } catch (exception) { |
| 75 | + diag.debug( |
| 76 | + `Failed to sign/authenticate the given exported Span request to OTLP XRay endpoint with error: ${exception}` |
| 77 | + ); |
| 78 | + } |
| 79 | + |
| 80 | + await super.export(items, resultCallback); |
| 81 | + } |
| 82 | +} |
0 commit comments