feat: AWS SDK v2 Secrets Manager auto-instrumentation support

This PR adds auto-instrumentation support for the following AWS resource:

Secrets Manager

Tests Run:
./gradlew spotlessCheck
./gradlew clean assemble
./gradlew instrumentation:check
./gradlew :smoke-tests:test

No regression issues found. All newly added tests pass.

Backward Compatibility:
There is no risk of breaking existing functionality. This change only adds instrumentation for additional AWS resources without modifying the existing behavior of the auto-instrumentation library.

Author: lukeina2z

instrumentation/aws-sdk/aws-sdk-2.2/javaagent/build.gradle.kts

@@ -121,9 +121,10 @@ dependencies {
   testLibrary("software.amazon.awssdk:lambda:2.2.0")
   testLibrary("software.amazon.awssdk:rds:2.2.0")
   testLibrary("software.amazon.awssdk:s3:2.2.0")
-  testLibrary("software.amazon.awssdk:sqs:2.2.0")
-  testLibrary("software.amazon.awssdk:sns:2.2.0")
   testLibrary("software.amazon.awssdk:ses:2.2.0")
+  testLibrary("software.amazon.awssdk:secretsmanager:2.2.0")
+  testLibrary("software.amazon.awssdk:sns:2.2.0")
+  testLibrary("software.amazon.awssdk:sqs:2.2.0")
 }
 
 val latestDepTest = findProperty("testLatestDeps") as Boolean

instrumentation/aws-sdk/aws-sdk-2.2/library-autoconfigure/build.gradle.kts

@@ -18,8 +18,9 @@ dependencies {
   testLibrary("software.amazon.awssdk:lambda:2.2.0")
   testLibrary("software.amazon.awssdk:rds:2.2.0")
   testLibrary("software.amazon.awssdk:s3:2.2.0")
-  testLibrary("software.amazon.awssdk:sqs:2.2.0")
+  testLibrary("software.amazon.awssdk:secretsmanager:2.2.0")
   testLibrary("software.amazon.awssdk:sns:2.2.0")
+  testLibrary("software.amazon.awssdk:sqs:2.2.0")
 }
 
 tasks {

instrumentation/aws-sdk/aws-sdk-2.2/library/build.gradle.kts

@@ -26,6 +26,7 @@ dependencies {
   testLibrary("software.amazon.awssdk:kinesis:2.2.0")
   testLibrary("software.amazon.awssdk:rds:2.2.0")
   testLibrary("software.amazon.awssdk:s3:2.2.0")
+  testLibrary("software.amazon.awssdk:secretsmanager:2.2.0")
   testLibrary("software.amazon.awssdk:ses:2.2.0")
 }
 

instrumentation/aws-sdk/aws-sdk-2.2/library/src/main/java/io/opentelemetry/instrumentation/awssdk/v2_2/internal/AwsExperimentalAttributes.java

@@ -0,0 +1,21 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.instrumentation.awssdk.v2_2.internal;
+
+import static io.opentelemetry.api.common.AttributeKey.stringKey;
+
+import io.opentelemetry.api.common.AttributeKey;
+
+final class AwsExperimentalAttributes {
+  static final AttributeKey<String> AWS_BUCKET_NAME = stringKey("aws.bucket.name");
+  static final AttributeKey<String> AWS_QUEUE_URL = stringKey("aws.queue.url");
+  static final AttributeKey<String> AWS_QUEUE_NAME = stringKey("aws.queue.name");
+  static final AttributeKey<String> AWS_SECRET_ARN = stringKey("aws.secretsmanager.secret.arn");
+  static final AttributeKey<String> AWS_STREAM_NAME = stringKey("aws.stream.name");
+  static final AttributeKey<String> AWS_TABLE_NAME = stringKey("aws.table.name");
+
+  private AwsExperimentalAttributes() {}
+}

instrumentation/aws-sdk/aws-sdk-2.2/library/src/main/java/io/opentelemetry/instrumentation/awssdk/v2_2/internal/AwsSdkRequest.java

@@ -9,6 +9,7 @@
 import static io.opentelemetry.instrumentation.awssdk.v2_2.internal.AwsSdkRequestType.DYNAMODB;
 import static io.opentelemetry.instrumentation.awssdk.v2_2.internal.AwsSdkRequestType.KINESIS;
 import static io.opentelemetry.instrumentation.awssdk.v2_2.internal.AwsSdkRequestType.S3;
+import static io.opentelemetry.instrumentation.awssdk.v2_2.internal.AwsSdkRequestType.SECRETSMANAGER;
 import static io.opentelemetry.instrumentation.awssdk.v2_2.internal.AwsSdkRequestType.SNS;
 import static io.opentelemetry.instrumentation.awssdk.v2_2.internal.AwsSdkRequestType.SQS;
 import static io.opentelemetry.instrumentation.awssdk.v2_2.internal.FieldMapping.request;
@@ -35,6 +36,7 @@ enum AwsSdkRequest {
   SnsRequest(SNS, "SnsRequest"),
   SqsRequest(SQS, "SqsRequest"),
   KinesisRequest(KINESIS, "KinesisRequest"),
+  SecretsManagerRequest(SECRETSMANAGER, "SecretsManagerRequest"),
   // specific requests
   BatchGetItem(
       DYNAMODB,

instrumentation/aws-sdk/aws-sdk-2.2/library/src/main/java/io/opentelemetry/instrumentation/awssdk/v2_2/internal/AwsSdkRequestType.java

@@ -5,19 +5,27 @@
 
 package io.opentelemetry.instrumentation.awssdk.v2_2.internal;
 
+import static io.opentelemetry.instrumentation.awssdk.v2_2.internal.AwsExperimentalAttributes.AWS_BUCKET_NAME;
+import static io.opentelemetry.instrumentation.awssdk.v2_2.internal.AwsExperimentalAttributes.AWS_QUEUE_NAME;
+import static io.opentelemetry.instrumentation.awssdk.v2_2.internal.AwsExperimentalAttributes.AWS_QUEUE_URL;
+import static io.opentelemetry.instrumentation.awssdk.v2_2.internal.AwsExperimentalAttributes.AWS_SECRET_ARN;
+import static io.opentelemetry.instrumentation.awssdk.v2_2.internal.AwsExperimentalAttributes.AWS_STREAM_NAME;
+import static io.opentelemetry.instrumentation.awssdk.v2_2.internal.AwsExperimentalAttributes.AWS_TABLE_NAME;
 import static io.opentelemetry.instrumentation.awssdk.v2_2.internal.FieldMapping.request;
+import static io.opentelemetry.instrumentation.awssdk.v2_2.internal.FieldMapping.response;
 
 import io.opentelemetry.api.common.AttributeKey;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 
 enum AwsSdkRequestType {
-  S3(request("aws.bucket.name", "Bucket")),
-  SQS(request("aws.queue.url", "QueueUrl"), request("aws.queue.name", "QueueName")),
-  KINESIS(request("aws.stream.name", "StreamName")),
-  DYNAMODB(request("aws.table.name", "TableName")),
+  S3(request(AWS_BUCKET_NAME.getKey(), "Bucket")),
+  SQS(request(AWS_QUEUE_URL.getKey(), "QueueUrl"), request(AWS_QUEUE_NAME.getKey(), "QueueName")),
+  KINESIS(request(AWS_STREAM_NAME.getKey(), "StreamName")),
+  DYNAMODB(request(AWS_TABLE_NAME.getKey(), "TableName")),
   BEDROCK_RUNTIME(),
+  SECRETSMANAGER(response(AWS_SECRET_ARN.getKey(), "ARN")),
   SNS(
       /*
        * Only one of TopicArn and TargetArn are permitted on an SNS request.

instrumentation/aws-sdk/aws-sdk-2.2/testing/build.gradle.kts

@@ -18,9 +18,10 @@ dependencies {
   compileOnly("software.amazon.awssdk:lambda:2.2.0")
   compileOnly("software.amazon.awssdk:rds:2.2.0")
   compileOnly("software.amazon.awssdk:s3:2.2.0")
-  compileOnly("software.amazon.awssdk:sqs:2.2.0")
-  compileOnly("software.amazon.awssdk:sns:2.2.0")
+  compileOnly("software.amazon.awssdk:secretsmanager:2.2.0")
   compileOnly("software.amazon.awssdk:ses:2.2.0")
+  compileOnly("software.amazon.awssdk:sns:2.2.0")
+  compileOnly("software.amazon.awssdk:sqs:2.2.0")
 
   // needed for SQS - using emq directly as localstack references emq v0.15.7 ie WITHOUT AWS trace header propagation
   implementation("org.elasticmq:elasticmq-rest-sqs_2.13")

instrumentation/aws-sdk/aws-sdk-2.2/testing/src/main/java/io/opentelemetry/instrumentation/awssdk/v2_2/AbstractAws2ClientTest.java

@@ -79,6 +79,12 @@
 import software.amazon.awssdk.services.s3.S3ClientBuilder;
 import software.amazon.awssdk.services.s3.model.CreateBucketRequest;
 import software.amazon.awssdk.services.s3.model.GetObjectRequest;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerAsyncClient;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerAsyncClientBuilder;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerClientBuilder;
+import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
+import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
 import software.amazon.awssdk.services.sns.SnsAsyncClient;
 import software.amazon.awssdk.services.sns.SnsAsyncClientBuilder;
 import software.amazon.awssdk.services.sns.SnsClient;
@@ -112,6 +118,18 @@ public abstract class AbstractAws2ClientTest extends AbstractAws2ClientCoreTest
           + " <ResponseMetadata><RequestId>0ac9cda2-bbf4-11d3-f92b-31fa5e8dbc99</RequestId></ResponseMetadata>"
           + "</DeleteOptionGroupResponse>";
 
+  private static final String secretsManagerBodyContent =
+      "{"
+          + "    \"ARN\": \"arn:aws:secretsmanager:us-east-1:123456789012:secret:MySecretFromCLI-sNkBwD\","
+          + "    \"Name\": \"MySecretFromCLI\","
+          + "    \"VersionId\": \"9959b95b-1234-5678-a19b-a4b0315ca5aa\","
+          + "    \"SecretString\": \"super-secret-value\","
+          + "    \"VersionStages\": ["
+          + "        \"AWSCURRENT\""
+          + "    ],"
+          + "    \"CreatedDate\": \"1.523477145713E9\""
+          + "}";
+
   private static void assumeSupportedConfig(String operation) {
     Assumptions.assumeFalse(
         operation.equals("SendMessage") && isSqsAttributeInjectionEnabled(),
@@ -214,6 +232,13 @@ private void clientAssertions(
                   equalTo(MESSAGING_SYSTEM, AWS_SQS))));
     }
 
+    if (service.equals("SecretsManager")) {
+      attributes.add(
+          equalTo(
+              stringKey("aws.secretsmanager.secret.arn"),
+              "arn:aws:secretsmanager:us-east-1:123456789012:secret:MySecretFromCLI-sNkBwD"));
+    }
+
     String evaluatedOperation;
     SpanKind operationKind;
     if (operation.equals("SendMessage")) {
@@ -722,4 +747,44 @@ void testS3ListNullBucket() {
 
     assertThat(Context.current()).isEqualTo(Context.root());
   }
+
+  @Test
+  void testSecretsManagerSendOperationRequestWithBuilder() {
+    SecretsManagerClientBuilder builder = SecretsManagerClient.builder();
+    configureSdkClient(builder);
+    SecretsManagerClient client =
+        builder
+            .endpointOverride(clientUri)
+            .region(Region.AP_NORTHEAST_1)
+            .credentialsProvider(CREDENTIALS_PROVIDER)
+            .build();
+
+    server.enqueue(
+        HttpResponse.of(HttpStatus.OK, MediaType.PLAIN_TEXT_UTF_8, secretsManagerBodyContent));
+    Object response =
+        client.getSecretValue(GetSecretValueRequest.builder().secretId("MySecretFromCLI").build());
+    assertThat(response.getClass().getSimpleName())
+        .satisfies(
+            v -> assertThat(v).isEqualTo("GetSecretValueResponse"),
+            v -> assertThat(response).isInstanceOf(GetSecretValueResponse.class));
+    clientAssertions("SecretsManager", "GetSecretValue", "POST", response, "UNKNOWN");
+  }
+
+  @Test
+  void testSecretsManagerAsyncSendOperationRequestWithBuilder() {
+    SecretsManagerAsyncClientBuilder builder = SecretsManagerAsyncClient.builder();
+    configureSdkClient(builder);
+    SecretsManagerAsyncClient client =
+        builder
+            .endpointOverride(clientUri)
+            .region(Region.AP_NORTHEAST_1)
+            .credentialsProvider(CREDENTIALS_PROVIDER)
+            .build();
+
+    server.enqueue(
+        HttpResponse.of(HttpStatus.OK, MediaType.PLAIN_TEXT_UTF_8, secretsManagerBodyContent));
+    Object response =
+        client.getSecretValue(GetSecretValueRequest.builder().secretId("MySecretFromCLI").build());
+    clientAssertions("SecretsManager", "GetSecretValue", "POST", response, "UNKNOWN");
+  }
 }