fix: Uses botocore ssl context for telemetry requests #253
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
marofke
force-pushed
the
marofke/telemetry-ssl-fix-botocore
branch
from
6edc6fe
to
42b9063
Compare
Signed-off-by: Caden Marofke <marofke@amazon.com>
marofke
force-pushed
the
marofke/telemetry-ssl-fix-botocore
branch
from
42b9063
to
5f6bbe9
Compare
ddneilson
approved these changes
Mar 27, 2024
edwards-aws
approved these changes
Mar 27, 2024
lucaseck
approved these changes
Mar 27, 2024
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What was the problem/requirement? (What/Why)
In #230 I added a workaround for telemetry requests that were hitting SSL issues. Turns out some contexts don't have access to SSL at all, which was causing failures in some integrated submitters.
What was the solution? (How)
Steal more stuff from botocore! I just grabbed the create_urllib3_context function, and set the cert path using the corresponding botocore function. This uses all of the vendored ssl stuff from botocore, so we shouldn't hit any more SSL issues when sending telemetry. Regardless, any SSL failures should happen when we try to send the telemetry, which is in a background thread, so it at least won't interrupt user behaviour.
What is the impact of this change?
Fix crashes for environments without SSL.
How was this change tested?
Submitted a job with telemetry enabled, confirmed that it was sent successfully. Without setting the cert path, I confirmed that I was getting SSL errors attempting to send telemetry, and adding in the cert path allowed requests to go through.
Was this change documented?
N/A
Is this a breaking change?
No