You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a requirement for instrumenting a python application (specifically, an AWS Glue ETL application) using AWS X-Ray SDK but cannot have the X-Ray daemon running. Consequently, I must provide a custom emitter that can stand in place of the default UDPEmitter. I can go into more details of the implementation as required, the gist is that the implementation works as intended until patch_all method is called. The patcher will patch up the botocore and other lower level libraries, more pertinently httplib.
After having run the patcher, when PutTraceSegments API call is attempted, the application goes into infinite loop when SSO is enabled. The infinity manifests more specifically after having made a call to GetRoleCredentials API. Although not tested, I suspect this condition will occur even if SSO is not enabled and other types of credentials are used.
Goes something like below (my emitter is called HttpEmitter):
Referencing the patcher module for botocore at aws_xray_sdk/ext/botocore/patch.py, the issue is resolved by excluding GetRoleCredentials from tracing. In other words, if GetRoleCredentials is excluded from patching, the custom emitter based on boto3 works as expected.
However, I am not certain if this is in fact the correct solution or symptomatic of a more fundamental problem elsewhere, hence the ticket. I say this because the infinite loop can be made to appear just by patching httplib alone but it may well be for the same reason as above. In order to move forward, I have, for the moment, replaced the patcher for botocore with a custom implementation that includes the shown exclusion.
Further guidance is appreciated.
The text was updated successfully, but these errors were encountered:
Hi @nsp-aws
I think your solution to exclude the GetRoleCredentials is correct in this case. From the SDK side itself, it may be difficult to identify all the possible AWS operations that may be called in a custom emitter. One solution that can possibly work is to let users provide a set of operations they want to ignore when botocore is patched. Similar to what has been done for the httplib patch.
Also, not sure how feasible it would be for you to use OpenTelemetry, but you can try writing your own SpanExporter (refer to the ConsoleSpanExporter) if that works for you.
Appreciate the response. Yes, having the ability to configure the operations that should be excluded would be adequate. OpenTelemetry is not being used on the current project so writing a custom exporter is not quite feasible. The core idea here was not have an external compute that would host either the collector or the X-RAY daemon. We needed to run the entire tracing system in-process.
Are you willing to accept a PR for configuring the operations for exclusion when patching boto?
Hello,
I have a requirement for instrumenting a python application (specifically, an AWS Glue ETL application) using AWS X-Ray SDK but cannot have the X-Ray daemon running. Consequently, I must provide a custom emitter that can stand in place of the default
UDPEmitter
. I can go into more details of the implementation as required, the gist is that the implementation works as intended untilpatch_all
method is called. The patcher will patch up the botocore and other lower level libraries, more pertinentlyhttplib
.After having run the patcher, when
PutTraceSegments
API call is attempted, the application goes into infinite loop when SSO is enabled. The infinity manifests more specifically after having made a call toGetRoleCredentials
API. Although not tested, I suspect this condition will occur even if SSO is not enabled and other types of credentials are used.Goes something like below (my emitter is called HttpEmitter):
Referencing the patcher module for botocore at
aws_xray_sdk/ext/botocore/patch.py
, the issue is resolved by excludingGetRoleCredentials
from tracing. In other words, ifGetRoleCredentials
is excluded from patching, the custom emitter based on boto3 works as expected.Specifcally, this
if
is added:However, I am not certain if this is in fact the correct solution or symptomatic of a more fundamental problem elsewhere, hence the ticket. I say this because the infinite loop can be made to appear just by patching
httplib
alone but it may well be for the same reason as above. In order to move forward, I have, for the moment, replaced the patcher for botocore with a custom implementation that includes the shown exclusion.Further guidance is appreciated.
The text was updated successfully, but these errors were encountered: