misc: credentials business metrics #1442
Conversation
0marperez
added
the
no-changelog
|
A new generated diff is ready to view. |
|
A new generated diff is ready to view. |
|
A new generated diff is ready to view. |
| @@ -7,7 +7,8 @@ | |||
| "secret_access_key": "secretkeycorrect", | |||
| "session_token": "tokencorrect", | |||
| "expiry": 1632249686, | |||
| "accountId": "130633740322" | |||
| "accountId": "130633740322", | |||
| "business_metrics": ["p","0", "i"] | |||
There was a problem hiding this comment.
If this is just meant to resolve credentials from IMDS, why are there three credentials provider metrics emitted?
There was a problem hiding this comment.
The test actually uses this config file. So p is for the named provider, 0 is for IMDS, and i is for the assume role call with the credentials resolved from IMDS. I think it might be a good idea to change the docs for this test because I made the same assumption when I first added the business metrics.
| /** | ||
| * The source used to create the [RoleArn] | ||
| */ | ||
| val roleArnSource: RoleArnSource? = null, |
There was a problem hiding this comment.
naming: source makes this more readable, roleArn.source vs. roleArn.roleArnSource
| @@ -318,4 +326,286 @@ class ProfileCredentialsProviderTest { | |||
| val expected = credentials("AKID-Default", "Default-Secret", accountId = "12345") | |||
| assertEquals(expected, actual) | |||
| } | |||
|
|
|||
| @Test | |||
| fun staticCredentialsBusinessMetrics() = runTest { | |||
| override val name: String = "credentialsOverrideBusinessMetricsMiddleware" | ||
| override fun render(ctx: ProtocolGenerator.GenerationContext, op: OperationShape, writer: KotlinWriter) { | ||
| writer.withBlock( | ||
| "if (config.credentialsProvider.#T != #S ) {", |
There was a problem hiding this comment.
Compare classes directly rather than their simple names, if (config.credentialsProvider !is ManagedCredentialsProvider)
| "ManagedCredentialsProvider", | ||
| ) { | ||
| write( | ||
| "op.context.#T(#T.Credentials.CREDENTIALS_CODE)", |
There was a problem hiding this comment.
This middleware will emit CREDENTIALS_CODE any time a custom credentials provider is configured and used. I thought that this metric referred to using the StaticCredentialsProvider.
If someone configures a custom ProfileCredentialsProvider, should we really not be emitting the CREDENTIALS_PROFILE metric?
There was a problem hiding this comment.
CREDENTIALS_CODE is meant for when there's any code to setup credentials, so configuring a custom / non-default credentials provider, the StaticCredentialsProvider, session objects for boto, etc. We don't have a business metric for StaticCredentialsProvider but it falls under CREDENTIALS_CODE. We could get more specific in the future though, we would just have to discuss adding a metric for something like the StaticCredentialsProvider that all SDKs share.
CREDENTIALS_PROFILE is confusing, it's meant for static credentials in a profile. It was called something else but I think the name changed during review. Same as StaticCredentialsProvider, we don't have a metric for ProfileCredentialsProvider. The focus for the initial metrics was more on the default credentials provider chain related metrics not all credentials providers but we can go back and add more metrics soon because I think they would be very useful.
We still capture most of what's going on, e.g. If a user sets the ProfileCredentialsProvider we would see that they set a non-default credentials provider, and then we could see where in the profile the credentials are resolved from because every profile option is captured in the metrics.
There was a problem hiding this comment.
CREDENTIALS_CODE is now mapped to StaticCredentialsProvider. It's not in the provider itself because it's an implementation detail for other providers.
| /** | ||
| * Indicates if the class was created using [fromEnvironment] | ||
| */ | ||
| private var createdFromEnvironment: Boolean = false |
There was a problem hiding this comment.
I understand why you needed to add this but it seems a little hacky.
We only call StsWebIdentityCredentialsProvider.fromEnvironment in one spot, the default chain, can the metrics emission for that be lifted to that point and then we can remove this createdFromEnvironment here?
There was a problem hiding this comment.
I originally had it in the default credentials provider chain but it wasn't working correctly so I moved it here. The default credentials provider chain doesn't have attributes so I was creating some and then merging them with the ones from the resolve call, but something about that wasn't working correctly. I can try again for a bit and see if I can make it work.
…der is configured by user
…f StsWebIdentityCredentialsProvider
|
|
A new generated diff is ready to view. |
Issue #
Description of changes
-Emitting credentials related business metrics
-Tests for credentials related business metrics
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.