made botocore an optional dependency if not using otlp cw endpoint

Author: liustve

aws-opentelemetry-distro/src/amazon/opentelemetry/distro/_utils.py

@@ -0,0 +1,14 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+import re
+
+
+def is_otlp_endpoint_cloudwatch(otlp_endpoint=None):
+    # Detects if it's the OTLP endpoint in CloudWatchs
+    if not otlp_endpoint:
+        return False
+
+    pattern = r"https://xray\.([a-z0-9-]+)\.amazonaws\.com/v1/traces$"
+
+    return bool(re.match(pattern, otlp_endpoint.lower()))

aws-opentelemetry-distro/src/amazon/opentelemetry/distro/aws_opentelemetry_configurator.py

@@ -11,6 +11,7 @@
 
 from amazon.opentelemetry.distro._aws_attribute_keys import AWS_LOCAL_SERVICE
 from amazon.opentelemetry.distro._aws_resource_attribute_configurator import get_service_attribute
+from amazon.opentelemetry.distro._utils import is_otlp_endpoint_cloudwatch
 from amazon.opentelemetry.distro.always_record_sampler import AlwaysRecordSampler
 from amazon.opentelemetry.distro.attribute_propagating_span_processor_builder import (
     AttributePropagatingSpanProcessorBuilder,
@@ -317,7 +318,7 @@ def _customize_exporter(span_exporter: SpanExporter, resource: Resource) -> Span
             traces_endpoint = os.environ.get(AWS_XRAY_DAEMON_ADDRESS_CONFIG, "127.0.0.1:2000")
             span_exporter = OTLPUdpSpanExporter(endpoint=traces_endpoint)
 
-    if _is_otlp_endpoint_cloudwatch():
+    if is_otlp_endpoint_cloudwatch(os.environ.get(OTEL_EXPORTER_OTLP_TRACES_ENDPOINT)):
         span_exporter = OTLPAwsSigV4Exporter(endpoint=os.getenv(OTEL_EXPORTER_OTLP_TRACES_ENDPOINT))
 
     if not _is_application_signals_enabled():
@@ -334,7 +335,7 @@ def _customize_span_processors(provider: TracerProvider, resource: Resource) ->
     provider.add_span_processor(AttributePropagatingSpanProcessorBuilder().build())
 
     # Do not export metrics if it's CloudWatch OTLP endpoint
-    if _is_otlp_endpoint_cloudwatch():
+    if is_otlp_endpoint_cloudwatch():
         return
 
     # Export 100% spans and not export Application-Signals metrics if on Lambda.
@@ -446,16 +447,6 @@ def _is_lambda_environment():
     return AWS_LAMBDA_FUNCTION_NAME_CONFIG in os.environ
 
 
-def _is_otlp_endpoint_cloudwatch():
-    # Detects if it's the OTLP endpoint in CloudWatchs
-    otlp_endpoint = os.environ.get(OTEL_EXPORTER_OTLP_TRACES_ENDPOINT)
-    if not otlp_endpoint:
-        return False
-    pattern = r"xray\.([a-z0-9-]+)\.amazonaws\.com"
-
-    return bool(re.match(pattern, otlp_endpoint.lower()))
-
-
 def _get_metric_export_interval():
     export_interval_millis = float(os.environ.get(METRIC_EXPORT_INTERVAL_CONFIG, DEFAULT_METRIC_EXPORT_INTERVAL))
     _logger.debug("Span Metrics export interval: %s", export_interval_millis)

aws-opentelemetry-distro/src/amazon/opentelemetry/distro/otlp_sigv4_exporter.py

@@ -5,15 +5,12 @@
 from typing import Dict, Optional
 
 import requests
-from botocore import session
-from botocore.auth import NoCredentialsError, SigV4Auth
-from botocore.awsrequest import AWSRequest
 from grpc import Compression
 
+from amazon.opentelemetry.distro._utils import is_otlp_endpoint_cloudwatch
 from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter
 
 AWS_SERVICE = "xray"
-
 _logger = logging.getLogger(__name__)
 
 
@@ -31,7 +28,33 @@ def __init__(
         rsession: Optional[requests.Session] = None,
     ):
 
-        self._aws_region = self._validate_exporter_endpoint(endpoint)
+        self._aws_region = None
+
+        if endpoint and is_otlp_endpoint_cloudwatch(endpoint):
+            try:
+                from botocore import auth, awsrequest, session
+
+                self.boto_auth = auth
+                self.boto_aws_request = awsrequest
+                self.boto_session = session.Session()
+
+                self._aws_region = self._validate_exporter_endpoint(endpoint)
+
+            except ImportError:
+                _logger.error(
+                    "botocore is required to export traces to %s. " "Please install it using `pip install botocore`",
+                    endpoint,
+                )
+
+        else:
+            _logger.error(
+                "Invalid XRay traces endpoint: %s. Resolving to OTLPSpanExporter to handle exporting. "
+                "The traces endpoint follows the pattern https://xray.[AWSRegion].amazonaws.com/v1/traces. "
+                "For example, for the US West (Oregon) (us-west-2) Region, the endpoint will be "
+                "https://xray.us-west-2.amazonaws.com/v1/traces.",
+                endpoint,
+            )
+
         super().__init__(
             endpoint=endpoint,
             certificate_file=certificate_file,
@@ -45,54 +68,43 @@ def __init__(
 
     def _export(self, serialized_data: bytes):
         if self._aws_region:
-            request = AWSRequest(
+            request = self.boto_aws_request.AWSRequest(
                 method="POST",
                 url=self._endpoint,
                 data=serialized_data,
                 headers={"Content-Type": "application/x-protobuf"},
             )
 
-            botocore_session = session.Session()
-            credentials = botocore_session.get_credentials()
+            credentials = self.boto_session.get_credentials()
+
             if credentials is not None:
-                signer = SigV4Auth(credentials, AWS_SERVICE, self._aws_region)
+                signer = self.boto_auth.SigV4Auth(credentials, AWS_SERVICE, self._aws_region)
 
                 try:
                     signer.add_auth(request)
                     self._session.headers.update(dict(request.headers))
 
-                except NoCredentialsError as signing_error:
+                except self.boto_auth.NoCredentialsError as signing_error:
                     _logger.error("Failed to sign request: %s", signing_error)
 
             else:
                 _logger.error("Failed to get credentials to export span to OTLP CloudWatch endpoint")
 
         return super()._export(serialized_data)
 
-    @staticmethod
-    def _validate_exporter_endpoint(endpoint: str) -> Optional[str]:
+    def _validate_exporter_endpoint(self, endpoint: str) -> Optional[str]:
         if not endpoint:
             return None
 
-        match = re.search(rf"{AWS_SERVICE}\.([a-z0-9-]+)\.amazonaws\.com", endpoint)
+        region = endpoint.split(".")[1]
+        xray_regions = self.boto_session.get_available_regions(AWS_SERVICE)
 
-        if match:
-            region = match.group(1)
-            xray_regions = session.Session().get_available_regions(AWS_SERVICE)
-            if region in xray_regions:
-                return region
+        if region not in xray_regions:
 
             _logger.error(
                 "Invalid AWS region: %s. Valid regions are %s. Resolving to default endpoint.", region, xray_regions
             )
-            return None
 
-        _logger.error(
-            "Invalid XRay traces endpoint: %s. Resolving to default endpoint. "
-            "The traces endpoint follows the pattern https://xray.[AWSRegion].amazonaws.com/v1/traces. "
-            "For example, for the US West (Oregon) (us-west-2) Region, the endpoint will be "
-            "https://xray.us-west-2.amazonaws.com/v1/traces.",
-            endpoint,
-        )
+            return None
 
-        return None
+        return region

aws-opentelemetry-distro/tests/amazon/opentelemetry/distro/test_otlp_sigv4_exporter.py

@@ -13,6 +13,7 @@
     DEFAULT_ENDPOINT,
     DEFAULT_TIMEOUT,
     DEFAULT_TRACES_EXPORT_PATH,
+    OTLPSpanExporter,
 )
 from opentelemetry.exporter.otlp.proto.http.version import __version__
 from opentelemetry.sdk.environment_variables import OTEL_EXPORTER_OTLP_TRACES_ENDPOINT
@@ -42,24 +43,29 @@ def setUp(self):
             "https://xray.us-east-1.amaz.com/v1/traces",
             "https://logs.us-east-1.amazonaws.com/v1/logs",
             "https://test-endpoint123.com/test",
+            "xray.us-east-1.amazonaws.com/v1/traces",
+            "https://test-endpoint123.com/test https://xray.us-east-1.amazonaws.com/v1/traces",
+            "https://xray.us-east-1.amazonaws.com/v1/tracesssda",
         ]
 
         self.expected_auth_header = "AWS4-HMAC-SHA256 Credential=test_key/some_date/us-east-1/xray/aws4_request"
         self.expected_auth_x_amz_date = "some_date"
         self.expected_auth_security_token = "test_token"
 
-    # Tests that the default exporter is OTLP protobuf/http Span Exporter if no endpoint is set
     @patch.dict(os.environ, {}, clear=True)
     def test_sigv4_exporter_init_default(self):
+        """Tests that the default exporter is OTLP protobuf/http Span Exporter if no endpoint is set"""
+
         exporter = OTLPAwsSigV4Exporter()
         self.validate_exporter_extends_http_span_exporter(exporter, DEFAULT_ENDPOINT + DEFAULT_TRACES_EXPORT_PATH)
         self.assertIsInstance(exporter._session, requests.Session)
 
-    # Tests that the endpoint is validated and sets the aws_region but still uses the OTLP protobuf/http
-    # Span Exporter exporter constructor behavior if a valid OTLP CloudWatch endpoint is set
     @patch.dict(os.environ, {OTEL_EXPORTER_OTLP_TRACES_ENDPOINT: OTLP_CW_ENDPOINT}, clear=True)
     @patch("botocore.session.Session")
     def test_sigv4_exporter_init_valid_cw_otlp_endpoint(self, session_mock):
+        """Tests that the endpoint is validated and sets the aws_region but still uses the OTLP protobuf/http
+        Span Exporter exporter constructor behavior if a valid OTLP CloudWatch endpoint is set."""
+
         mock_session = MagicMock()
         session_mock.return_value = mock_session
 
@@ -71,12 +77,18 @@ def test_sigv4_exporter_init_valid_cw_otlp_endpoint(self, session_mock):
 
         mock_session.get_available_regions.assert_called_once_with("xray")
 
-    # Tests that the exporter constructor behavior
-    # is set by OTLP protobuf/http Span Exporter
-    # if an invalid OTLP CloudWatch endpoint is set
+    @patch.dict("sys.modules", {"botocore": None})
+    def test_no_botocore_valid_xray_endpoint(self):
+        """Test that exporter defaults when using OTLP CW endpoint without botocore"""
+
+        exporter = OTLPAwsSigV4Exporter(endpoint=OTLP_CW_ENDPOINT)
+
+        self.assertIsNone(exporter._aws_region)
+
     @patch("botocore.session.Session")
     def test_sigv4_exporter_init_invalid_cw_otlp_endpoint(self, botocore_mock):
-
+        """Tests that the exporter constructor behavior is set by OTLP protobuf/http Span Exporter
+        if an invalid OTLP CloudWatch endpoint is set"""
         for bad_endpoint in self.invalid_cw_otlp_tracing_endpoints:
             with self.subTest(endpoint=bad_endpoint):
                 with patch.dict(os.environ, {OTEL_EXPORTER_OTLP_TRACES_ENDPOINT: bad_endpoint}):
@@ -90,15 +102,15 @@ def test_sigv4_exporter_init_invalid_cw_otlp_endpoint(self, botocore_mock):
 
                     self.assertIsNone(exporter._aws_region)
 
-    # Tests that if the OTLP endpoint is not a valid CW endpoint but the credentials are valid,
-    # SigV4 authentication method is NOT called and is
-    # NOT injected into the existing Session headers.
     @patch("botocore.session.Session.get_available_regions")
     @patch("requests.Session.post")
     @patch("botocore.auth.SigV4Auth.add_auth")
     def test_sigv4_exporter_export_does_not_add_sigv4_if_not_valid_cw_endpoint(
         self, mock_sigv4_auth, requests_mock, botocore_mock
     ):
+        """Tests that if the OTLP endpoint is not a valid CW endpoint but the credentials are valid,
+        SigV4 authentication method is NOT called and is NOT injected into the existing Session headers."""
+
         # Setting the exporter response
         mock_response = MagicMock()
         mock_response.status_code = 200
@@ -155,17 +167,16 @@ def test_sigv4_exporter_export_does_not_add_sigv4_if_not_valid_cw_endpoint(
                         cert=ANY,
                     )
 
-    # Tests that if the OTLP endpoint is a valid CW endpoint but no credentials are returned,
-    # SigV4 authentication method is NOT called and is NOT
-    # injected into the existing Session headers.
     @patch("botocore.session.Session")
     @patch("requests.Session")
     @patch("botocore.auth.SigV4Auth.add_auth")
     @patch.dict(os.environ, {OTEL_EXPORTER_OTLP_TRACES_ENDPOINT: OTLP_CW_ENDPOINT})
     def test_sigv4_exporter_export_does_not_add_sigv4_if_not_valid_credentials(
         self, mock_sigv4_auth, requests_posts_mock, botocore_mock
     ):
-
+        """Tests that if the OTLP endpoint is a valid CW endpoint but no credentials are returned,
+        SigV4 authentication method is NOT called and is NOT injected into the existing
+        Session headers."""
         # Setting the exporter response
         mock_response = MagicMock()
         mock_response.status_code = 200
@@ -201,16 +212,16 @@ def test_sigv4_exporter_export_does_not_add_sigv4_if_not_valid_credentials(
         self.assertNotIn(X_AMZ_DATE_HEADER, actual_headers)
         self.assertNotIn(X_AMZ_SECURITY_TOKEN_HEADER, actual_headers)
 
-    # Tests that if the OTLP endpoint is valid and credentials are valid,
-    # SigV4 authentication method is called and is
-    # injected into the existing Session headers.
     @patch("botocore.session.Session")
     @patch("requests.Session")
     @patch("botocore.auth.SigV4Auth.add_auth")
     @patch.dict(os.environ, {OTEL_EXPORTER_OTLP_TRACES_ENDPOINT: OTLP_CW_ENDPOINT})
     def test_sigv4_exporter_export_adds_sigv4_authentication_if_valid_cw_endpoint(
         self, mock_sigv4_auth, requests_posts_mock, botocore_mock
     ):
+        """Tests that if the OTLP endpoint is valid and credentials are valid,
+        SigV4 authentication method is called and is
+        injected into the existing Session headers."""
 
         # Setting the exporter response
         mock_response = MagicMock()
@@ -251,6 +262,7 @@ def test_sigv4_exporter_export_adds_sigv4_authentication_if_valid_cw_endpoint(
         self.assertEqual(actual_headers[X_AMZ_SECURITY_TOKEN_HEADER], self.expected_auth_security_token)
 
     def validate_exporter_extends_http_span_exporter(self, exporter, endpoint):
+        self.assertIsInstance(exporter, OTLPSpanExporter)
         self.assertEqual(exporter._endpoint, endpoint)
         self.assertEqual(exporter._certificate_file, True)
         self.assertEqual(exporter._client_certificate_file, None)