added unit testing, made dependencies optional

Author: liustve

aws-distro-opentelemetry-node-autoinstrumentation/package.json

@@ -83,11 +83,13 @@
     "@smithy/signature-v4": "^5.0.1",
     "@types/mocha": "7.0.2",
     "@types/node": "18.6.5",
+    "@types/proxyquire": "^1.3.31",
     "@types/sinon": "10.0.18",
     "expect": "29.2.0",
     "mocha": "7.2.0",
     "nock": "13.2.1",
     "nyc": "15.1.0",
+    "proxyquire": "^2.1.3",
     "rimraf": "5.0.5",
     "sinon": "15.2.0",
     "ts-mocha": "10.0.0",

aws-distro-opentelemetry-node-autoinstrumentation/src/aws-opentelemetry-configurator.ts

@@ -62,7 +62,7 @@ import { AwsXRayRemoteSampler } from './sampler/aws-xray-remote-sampler';
 // This file is generated via `npm run compile`
 import { LIB_VERSION } from './version';
 
-const XRAY_OTLP_ENDPOINT_PATTERN = '^https://xray\.([a-z0-9-]+)\.amazonaws\.com/v1/traces$';
+const XRAY_OTLP_ENDPOINT_PATTERN = '^https://xray\\.([a-z0-9-]+)\\.amazonaws\\.com/v1/traces$';
 
 const APPLICATION_SIGNALS_ENABLED_CONFIG: string = 'OTEL_AWS_APPLICATION_SIGNALS_ENABLED';
 const APPLICATION_SIGNALS_EXPORTER_ENDPOINT_CONFIG: string = 'OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT';

aws-distro-opentelemetry-node-autoinstrumentation/src/otlp-aws-span-exporter.ts

@@ -3,15 +3,9 @@
 import { OTLPTraceExporter as OTLPProtoTraceExporter } from '@opentelemetry/exporter-trace-otlp-proto';
 import { diag } from '@opentelemetry/api';
 import { OTLPExporterNodeConfigBase } from '@opentelemetry/otlp-exporter-base';
-import { ExportResult } from '@opentelemetry/core';
-import { defaultProvider } from '@aws-sdk/credential-provider-node';
-import { Sha256 } from '@aws-crypto/sha256-js';
-import { ReadableSpan } from '@opentelemetry/sdk-trace-base';
-import { SignatureV4 } from '@smithy/signature-v4';
 import { ProtobufTraceSerializer } from '@opentelemetry/otlp-transformer';
-import { HttpRequest } from '@smithy/protocol-http';
-
-const SERVICE_NAME = 'xray';
+import { ReadableSpan } from '@opentelemetry/sdk-trace-base';
+import { ExportResult } from '@opentelemetry/core';
 
 /**
  * This exporter extends the functionality of the OTLPProtoTraceExporter to allow spans to be exported
@@ -20,11 +14,22 @@ const SERVICE_NAME = 'xray';
  * href="https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-OTLPEndpoint.html">...</a>
  */
 export class OTLPAwsSpanExporter extends OTLPProtoTraceExporter {
+  private static readonly SERVICE_NAME: string = 'xray';
   private endpoint: string;
   private region: string;
 
+  // Holds the dependencies needed to sign the SigV4 headers
+  private defaultProvider: any;
+  private sha256: any;
+  private signatureV4: any;
+  private httpRequest: any;
+
+  // If there are required dependencies then we enable SigV4 signing. Otherwise skip it
+  private hasRequiredDependencies: boolean = false;
+
   constructor(endpoint: string, config?: OTLPExporterNodeConfigBase) {
-    super(config);
+    super(OTLPAwsSpanExporter.changeUrlConfig(endpoint, config));
+    this.initDependencies();
     this.region = endpoint.split('.')[1];
     this.endpoint = endpoint;
   }
@@ -35,48 +40,82 @@ export class OTLPAwsSpanExporter extends OTLPProtoTraceExporter {
    * sending it to the endpoint. Otherwise, we will skip signing.
    */
   public override async export(items: ReadableSpan[], resultCallback: (result: ExportResult) => void): Promise<void> {
-    const url = new URL(this.endpoint);
-    const serializedSpans: Uint8Array | undefined = ProtobufTraceSerializer.serializeRequest(items);
+    // Only do SigV4 Signing if the required dependencies are installed. Otherwise default to the regular http/protobuf exporter.
+    if (this.hasRequiredDependencies) {
+      const url = new URL(this.endpoint);
+      const serializedSpans: Uint8Array | undefined = ProtobufTraceSerializer.serializeRequest(items);
+
+      if (serializedSpans === undefined) {
+        return;
+      }
+
+      /*
+        This is bad practice but there is no other way to access and inject SigV4 headers
+        into the request headers before the traces get exported.
+      */
+      const oldHeaders = (this as any)._transport?._transport?._parameters?.headers;
 
-    if (serializedSpans === undefined) {
-      return;
+      if (oldHeaders) {
+        const request = new this.httpRequest({
+          method: 'POST',
+          protocol: 'https',
+          hostname: url.hostname,
+          path: url.pathname,
+          body: serializedSpans,
+          headers: {
+            ...oldHeaders,
+            host: url.hostname,
+          },
+        });
+
+        try {
+          const signer = new this.signatureV4({
+            credentials: this.defaultProvider(),
+            region: this.region,
+            service: OTLPAwsSpanExporter.SERVICE_NAME,
+            sha256: this.sha256,
+          });
+
+          const signedRequest = await signer.sign(request);
+
+          (this as any)._transport._transport._parameters.headers = signedRequest.headers;
+        } catch (exception) {
+          diag.debug(
+            `Failed to sign/authenticate the given exported Span request to OTLP XRay endpoint with error: ${exception}`
+          );
+        }
+      }
     }
 
-    /*
-      This is bad practice but there is no other way to access and inject SigV4 headers
-      into the request headers before the traces get exported.
-    */
-    const oldHeaders = (this as any)._transport._transport._parameters.headers;
-
-    const request = new HttpRequest({
-      method: 'POST',
-      protocol: 'https',
-      hostname: url.hostname,
-      path: url.pathname,
-      body: serializedSpans,
-      headers: {
-        ...oldHeaders,
-        host: url.hostname,
-      },
-    });
+    await super.export(items, resultCallback);
+  }
 
+  private initDependencies(): any {
     try {
-      const signer = new SignatureV4({
-        credentials: defaultProvider(),
-        region: this.region,
-        service: SERVICE_NAME,
-        sha256: Sha256,
-      });
-
-      const signedRequest = await signer.sign(request);
-
-      (this as any)._transport._transport._parameters.headers = signedRequest.headers;
-    } catch (exception) {
-      diag.debug(
-        `Failed to sign/authenticate the given exported Span request to OTLP XRay endpoint with error: ${exception}`
-      );
+      const awsSdkModule = require('@aws-sdk/credential-provider-node');
+      const awsCryptoModule = require('@aws-crypto/sha256-js');
+      const signatureModule = require('@smithy/signature-v4');
+      const httpModule = require('@smithy/protocol-http');
+
+      (this.defaultProvider = awsSdkModule.defaultProvider),
+        (this.sha256 = awsCryptoModule.Sha256),
+        (this.signatureV4 = signatureModule.SignatureV4),
+        (this.httpRequest = httpModule.HttpRequest);
+      this.hasRequiredDependencies = true;
+    } catch (error) {
+      diag.error(`Failed to load required AWS dependency for SigV4 Signing: ${error}`);
     }
+  }
 
-    await super.export(items, resultCallback);
+  private static changeUrlConfig(endpoint: string, config?: OTLPExporterNodeConfigBase) {
+    const newConfig =
+      config === undefined
+        ? { url: endpoint }
+        : {
+            ...config,
+            url: endpoint,
+          };
+
+    return newConfig;
   }
 }

aws-distro-opentelemetry-node-autoinstrumentation/test/otlp-aws-span-exporter.test.ts

@@ -0,0 +1,164 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+import expect from 'expect';
+import { OTLPAwsSpanExporter } from '../src/otlp-aws-span-exporter';
+import * as sinon from 'sinon';
+import * as proxyquire from 'proxyquire';
+import nock = require('nock');
+
+const XRAY_OTLP_ENDPOINT = 'https://xray.us-east-1.amazonaws.com';
+const AUTHORIZATION_HEADER = 'Authorization';
+const X_AMZ_DATE_HEADER = 'X-Amz-Date';
+const X_AMZ_SECURITY_TOKEN_HEADER = 'X-Amz-Security-Token';
+
+const EXPECTED_AUTH_HEADER = 'AWS4-HMAC-SHA256 Credential=test_key/some_date/us-east-1/xray/aws4_request';
+const EXPECTED_AUTH_X_AMZ_DATE = 'some_date';
+const EXPECTED_AUTH_SECURITY_TOKEN = 'test_token';
+
+describe('OTLPAwsSpanExporter', () => {
+  let sandbox: sinon.SinonSandbox;
+  let scope: nock.Scope;
+  let mockModule: any;
+
+  beforeEach(() => {
+    scope = nock(XRAY_OTLP_ENDPOINT)
+      .post('/v1/traces')
+      .reply((uri: any, requestBody: any) => {
+        return [200, ''];
+      });
+
+    sandbox = sinon.createSandbox();
+    mockModule = proxyquire('../src/otlp-aws-span-exporter', {
+      '@smithy/signature-v4': {
+        SignatureV4: class MockSignatureV4 {
+          sign(req: any) {
+            req.headers = {
+              ...req.headers,
+              [AUTHORIZATION_HEADER]: EXPECTED_AUTH_HEADER,
+              [X_AMZ_DATE_HEADER]: EXPECTED_AUTH_X_AMZ_DATE,
+              [X_AMZ_SECURITY_TOKEN_HEADER]: EXPECTED_AUTH_SECURITY_TOKEN,
+            };
+
+            return req;
+          }
+        },
+      },
+      '@aws-sdk/credential-provider-node': {
+        defaultProvider: () => async () => {
+          return {
+            accessKeyId: 'test_access_key',
+            secretAccessKey: 'test_secret_key',
+          };
+        },
+      },
+    });
+  });
+
+  afterEach(() => {
+    sandbox.restore();
+  });
+
+  it('Should inject SigV4 Headers successfully', () => {
+    const exporter = new mockModule.OTLPAwsSpanExporter(XRAY_OTLP_ENDPOINT + '/v1/traces');
+
+    scope.on('request', (req, interceptor, body) => {
+      const headers = req.headers;
+      expect(headers).toHaveProperty(AUTHORIZATION_HEADER.toLowerCase());
+      expect(headers).toHaveProperty(X_AMZ_SECURITY_TOKEN_HEADER.toLowerCase());
+      expect(headers).toHaveProperty(X_AMZ_DATE_HEADER.toLowerCase());
+
+      expect(headers[AUTHORIZATION_HEADER.toLowerCase()]).toBe(EXPECTED_AUTH_HEADER);
+      expect(headers[X_AMZ_SECURITY_TOKEN_HEADER.toLowerCase()]).toBe(EXPECTED_AUTH_SECURITY_TOKEN);
+      expect(headers[X_AMZ_DATE_HEADER.toLowerCase()]).toBe(EXPECTED_AUTH_X_AMZ_DATE);
+
+      expect(headers['content-type']).toBe('application/x-protobuf');
+      expect(headers['user-agent']).toMatch(/^OTel-OTLP-Exporter-JavaScript\/\d+\.\d+\.\d+$/);
+    });
+
+    exporter.export([], () => {});
+  });
+  
+  describe('Should not inject SigV4 headers if dependencies are missing', () => {
+    const dependencies = [
+      '@aws-sdk/credential-provider-node',
+      '@aws-crypto/sha256-js',
+      '@smithy/signature-v4',
+      '@smithy/protocol-http',
+    ];
+
+    dependencies.forEach(dependency => {
+      it(`should not sign headers if missing dependency: ${dependency}`, () => {
+        const exporter = new OTLPAwsSpanExporter(XRAY_OTLP_ENDPOINT + '/v1/traces');
+
+        scope.on('request', (req, interceptor, body) => {
+          const headers = req.headers;
+          expect(headers).not.toHaveProperty(AUTHORIZATION_HEADER);
+          expect(headers).not.toHaveProperty(X_AMZ_DATE_HEADER);
+          expect(headers).not.toHaveProperty(X_AMZ_SECURITY_TOKEN_HEADER);
+
+          expect(headers['content-type']).toBe('application/x-protobuf');
+          expect(headers['user-agent']).toMatch(/^OTel-OTLP-Exporter-JavaScript\/\d+\.\d+\.\d+$/);
+        });
+
+        Object.keys(require.cache).forEach(key => {
+          delete require.cache[key];
+        });
+        const requireStub = sandbox.stub(require('module'), '_load');
+        requireStub.withArgs(dependency).throws(new Error(`Cannot find module '${dependency}'`));
+        requireStub.callThrough();
+
+        exporter.export([], () => {});
+      });
+    });
+  });
+
+  it('should not inject SigV4 headers if failure to sign headers', async () => {
+    scope.on('request', (req, interceptor, body) => {
+      const headers = req.headers;
+      expect(headers).not.toHaveProperty(AUTHORIZATION_HEADER);
+      expect(headers).not.toHaveProperty(X_AMZ_DATE_HEADER);
+      expect(headers).not.toHaveProperty(X_AMZ_SECURITY_TOKEN_HEADER);
+
+      expect(headers['content-type']).toBe('application/x-protobuf');
+      expect(headers['user-agent']).toMatch(/^OTel-OTLP-Exporter-JavaScript\/\d+\.\d+\.\d+$/);
+    });
+
+    const stubbedModule = proxyquire('../src/otlp-aws-span-exporter', {
+      '@smithy/signature-v4': {
+        SignatureV4: class MockSignatureV4 {
+          sign() {
+            throw new Error('signing error');
+          }
+        },
+      },
+    });
+
+    const exporter = new stubbedModule.OTLPAwsSpanExporter(XRAY_OTLP_ENDPOINT);
+
+    exporter.export([], () => {});
+  });
+
+  it('should not inject SigV4 headers if failure to retrieve credentials', async () => {
+    scope.on('request', (req, interceptor, body) => {
+      const headers = req.headers;
+      expect(headers).not.toHaveProperty(AUTHORIZATION_HEADER);
+      expect(headers).not.toHaveProperty(X_AMZ_DATE_HEADER);
+      expect(headers).not.toHaveProperty(X_AMZ_SECURITY_TOKEN_HEADER);
+
+      expect(headers['content-type']).toBe('application/x-protobuf');
+      expect(headers['user-agent']).toMatch(/^OTel-OTLP-Exporter-JavaScript\/\d+\.\d+\.\d+$/);
+    });
+
+    const stubbedModule = proxyquire('../src/otlp-aws-span-exporter', {
+      '@aws-sdk/credential-provider-node': {
+        defaultProvider: () => async () => {
+          throw new Error('credentials error');
+        },
+      },
+    });
+
+    const exporter = new stubbedModule.OTLPAwsSpanExporter(XRAY_OTLP_ENDPOINT);
+
+    exporter.export([], () => {});
+  });
+});