Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add experimental S2A integration in client libraries grpc transport #3326

Merged
merged 59 commits into from
Nov 14, 2024

Conversation

rmehta19
Copy link
Contributor

@rmehta19 rmehta19 commented Oct 29, 2024

Modify the Client Libraries gRPC Channel builder to use mTLS via S2A if the experimental environment variable is set, S2A is available (We check this by using utility added in googleapis/google-auth-library-java#1400), and a few more conditions (see shouldUseS2A).

Following https://google.aip.dev/auth/4115, Only attempt to use S2A after DirectPath and DCA (https://google.aip.dev/auth/4114) are ruled out as options. If conditions to use S2A are not met (env variable not set, or S2A is not running in environment, etc (shouldUseS2A returns false)), fall back to default TLS connection.

When we are creating S2A-enabled Grpc Channel Credentials, we first try to secure the connection between the client and the S2A via MTLS, using MTLS-MDS credentials. If MTLS-MDS credentials can't be loaded, then we fallback to a plaintext connection between the client and S2A.

The parallel go implementation : googleapis/google-api-go-client#1874 (now lives here: https://github.com/googleapis/google-cloud-go/blob/main/auth/internal/transport/cba.go)

S2A Java client: https://github.com/grpc/grpc-java/tree/master/s2a

Resolving b/376258193 means that S2A.java is no longer experimental

Copy link

conventional-commit-lint-gcf bot commented Oct 29, 2024

🤖 I detect that the PR title and the commit message differ and there's only one commit. To use the PR title for the commit history, you can use Github's automerge feature with squashing, or use automerge label. Good luck human!

-- conventional-commit-lint bot
https://conventionalcommits.org/

@product-auto-label product-auto-label bot added the size: xs Pull request size is extra small. label Oct 29, 2024
@rmehta19 rmehta19 changed the title Implement AIP#4114 Implement AIP#4115: create mTLS connection using S2A Oct 29, 2024
@rmehta19 rmehta19 marked this pull request as draft October 29, 2024 23:29
Copy link

Copy link

Quality Gate Passed Quality Gate passed for 'java_showcase_integration_tests'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@product-auto-label product-auto-label bot added size: l Pull request size is large. and removed size: xs Pull request size is extra small. labels Oct 31, 2024
@rmehta19 rmehta19 force-pushed the grpc-channel-using-s2a branch from d6ba979 to 68d0c14 Compare November 1, 2024 14:39
@rmehta19 rmehta19 force-pushed the grpc-channel-using-s2a branch from 68d0c14 to 3510643 Compare November 1, 2024 14:59
@rmehta19 rmehta19 marked this pull request as ready for review November 4, 2024 13:27
@lqiu96 lqiu96 requested review from zhumin8, blakeli0 and lqiu96 November 4, 2024 15:42
@lqiu96
Copy link
Contributor

lqiu96 commented Nov 4, 2024

Thanks @rmehta19, can we do a few things to help clean up the PR for reviews:

  1. Can you add a conventional commit style title to the PR? I think something like feat: {...} would help us and users understand the changes that went in the PR/ release
  2. Can we split the deps upgrades into separate PRs? We typically use renovate-bot to merge deps and I believe we just merged. the ones you are looking for.

// Try to load MTLS-MDS creds.
File rootFile = new File(MTLS_MDS_ROOT);
File certKeyFile = new File(MTLS_MDS_CERT_CHAIN_AND_KEY);
if (!rootFile.isFile() || !certKeyFile.isFile()) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be if (rootFile.isFile() && certKeyFile.isFile())? Or refactor this to

if (!rootFile.isFile() || !certKeyFile.isFile()) {
  return createPlaintextToS2AChannelCredentials(plaintextAddress);
}

to reduce indentation?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry this is my bad! Changed to if (rootFile.isFile() && certKeyFile.isFile()). Thanks for catching! 1ff7a92

Copy link
Collaborator

@blakeli0 blakeli0 Nov 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I think that means we don't have any test coverage for createS2ASecuredChannelCredentials() though, and to some extend, also no test coverage for the logics in createSingleChannel().

It's probably hard to test the channels created from createSingleChannel() since there are no getters in ManagedChannel for us to verify it, and that's probably we don't have much test for it in the past either. For the new method createS2ASecuredChannelCredentials(), we could probably extract the file path as parameters of this method so that we can unit test it properly.

@@ -99,6 +103,13 @@ public final class InstantiatingGrpcChannelProvider implements TransportChannelP
@VisibleForTesting
static final String DIRECT_PATH_ENV_ENABLE_XDS = "GOOGLE_CLOUD_ENABLE_DIRECT_PATH_XDS";

// The public portion of the mTLS MDS root certificate is stored for performing
// cert verification when establishing an mTLS connection with the MDS.
private static final String MTLS_MDS_ROOT = "/run/google-mds-mtls/root.crt";
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess these are well-known locations on GCE? Do we have any public or internal docs for these locations? If not, where do we get these? What I'm worried is that how do we get notified if they change?

Copy link
Contributor Author

@rmehta19 rmehta19 Nov 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess these are well-known locations on GCE?

Yes

Do we have any public or internal docs for these locations?

I included a link down below in the logic, I've moved it up here as well: https://cloud.google.com/compute/docs/metadata/overview#https-mds. Specifically https://cloud.google.com/compute/docs/metadata/overview#https-mds-root-certs and https://cloud.google.com/compute/docs/metadata/overview#https-mds-client-certs

2958fb4

Copy link
Collaborator

@blakeli0 blakeli0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. There is a CI checking failing though, we might need to update some dependencies for self-service, @lqiu96 can you please take a look?

@lqiu96
Copy link
Contributor

lqiu96 commented Nov 14, 2024

/gcbrun

Comment on lines +528 to +534
} else {
// Fallback to plaintext-to-S2A connection if MTLS-MDS creds do not exist.
LOG.log(
Level.INFO,
"Cannot establish an mTLS connection to S2A because MTLS to MDS credentials do not exist on filesystem, falling back to plaintext connection to S2A");
return createPlaintextToS2AChannelCredentials(plaintextAddress);
}
Copy link
Contributor

@lqiu96 lqiu96 Nov 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Perhaps this else block could be an early return instead
i.e.

if (!rootFile.isFile() || !certKeyFile.isFile()) {
...
}
{Logic to create s2a}

would reduce the nesting. Ignore this comment if this was already discussed.

PR LGTM

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, I also suggested it in #3326 (comment), but it does not have to block this PR.

@blakeli0 blakeli0 merged commit 1138ca6 into googleapis:main Nov 14, 2024
46 of 51 checks passed
jinseopkim0 pushed a commit that referenced this pull request Nov 14, 2024
🤖 I have created a release *beep* *boop*
---


<details><summary>2.50.0</summary>

##
[2.50.0](v2.49.0...v2.50.0)
(2024-11-14)


### Features

* Add experimental S2A integration in client libraries grpc transport
([#3326](#3326))
([1138ca6](1138ca6))
* enable selective generation based on service config include list
([#3323](#3323))
([0cddadb](0cddadb))
* introduce `java.time` to java-core
([#3330](#3330))
([f202c3b](f202c3b))
* Update Gapic-Generator to generate libraries using `java.time` methods
([#3321](#3321))
([b21c9a4](b21c9a4))


### Bug Fixes

* Fix flaky test
ScheduledRetryingExecutorTest.testCancelOuterFutureAfterStart
([#3335](#3335))
([e73740d](e73740d))
* httpjson callables to trace attempts (started, failed)
([#3300](#3300))
([15a64ee](15a64ee))
* instantiate GaxProperties at build time to ensure we get the protobuf
version
([#3365](#3365))
([bb2a3be](bb2a3be))
* protobuf version not always getting set in headers
([#3322](#3322))
([7f6e470](7f6e470))
* use BuildKit instead of legacy builder to build the Hermetic Build
images
([#3338](#3338))
([222fb45](222fb45))


### Dependencies

* update google auth library dependencies to v1.30.0
([#3367](#3367))
([a31c682](a31c682))
* update grpc dependencies to v1.68.1
([#3240](#3240))
([c8e3941](c8e3941))


### Documentation

* fix list num
([#3356](#3356))
([b7d6296](b7d6296))
* **hermetic-build:** indicate usage of Docker Buildkit in development
guide
([#3337](#3337))
([01e742d](01e742d))
* modify hermetic build docs
([#3331](#3331))
([25023af](25023af))
</details>

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
@ejona86
Copy link

ejona86 commented Nov 22, 2024

This mustn't depend on io.grpc.s2a.S2AChannelCredentials because it is @ExperimentalApi. Libraries can't choose the versions of the libraries they use. We'd need to stabilize the API for use here.

lqiu96 added a commit that referenced this pull request Dec 2, 2024
…pc transport" (#3400)

Reverts #3326

Context:
#3326 (comment)

s2a-gRPC is an Experimental library and shouldn't be added until it's
stabilized.
lqiu96 added a commit that referenced this pull request Dec 3, 2024
…pc transport" (#3400)

Reverts #3326

Context:
#3326 (comment)

s2a-gRPC is an Experimental library and shouldn't be added until it's
stabilized.
lqiu96 added a commit that referenced this pull request Dec 3, 2024
…pc transport" (#3400)

Reverts #3326

Context:
#3326 (comment)

s2a-gRPC is an Experimental library and shouldn't be added until it's
stabilized.
svc-squareup-copybara pushed a commit to cashapp/misk that referenced this pull request Dec 16, 2024
| Package | Type | Package file | Manager | Update | Change |
|---|---|---|---|---|---|
|
[com.google.api.grpc:proto-google-common-protos](https://github.com/googleapis/sdk-platform-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`2.49.0` -> `2.50.0` |
|
[com.google.cloud:google-cloud-core-http](https://github.com/googleapis/sdk-platform-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`2.48.0` -> `2.49.0` |
|
[com.google.cloud:google-cloud-spanner](https://github.com/googleapis/java-spanner)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`6.82.0` -> `6.83.0` |
|
[com.google.cloud:google-cloud-logging](https://github.com/googleapis/java-logging)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`3.20.7` -> `3.21.0` |
|
[com.google.cloud:google-cloud-datastore](https://github.com/googleapis/java-datastore)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`2.24.3` -> `2.25.1` |
|
[com.google.cloud:google-cloud-core](https://github.com/googleapis/sdk-platform-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`2.48.0` -> `2.49.0` |
| [com.google.api:gax](https://github.com/googleapis/sdk-platform-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`2.58.0` -> `2.59.0` |
|
[com.autonomousapps.dependency-analysis](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin)
| plugin | misk/gradle/libs.versions.toml | gradle | patch | `2.6.0` ->
`2.6.1` |
| [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`1.43.0` -> `1.44.1` |
| [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`1.43.0` -> `1.44.1` |
| [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.29.32` -> `2.29.34` |
|
[software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava)
| dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.29.32` -> `2.29.34` |
| [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.29.32` -> `2.29.34` |
| [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.29.32` -> `2.29.34` |
| [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.29.32` -> `2.29.34` |
| [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.29.32` -> `2.29.34` |
| [com.amazonaws:aws-java-sdk-sqs](https://aws.amazon.com/sdkforjava)
([source](https://github.com/aws/aws-sdk-java)) | dependencies |
misk/gradle/libs.versions.toml | gradle | patch | `1.12.779` ->
`1.12.780` |
| [com.amazonaws:aws-java-sdk-s3](https://aws.amazon.com/sdkforjava)
([source](https://github.com/aws/aws-sdk-java)) | dependencies |
misk/gradle/libs.versions.toml | gradle | patch | `1.12.779` ->
`1.12.780` |
|
[com.amazonaws:aws-java-sdk-dynamodb](https://aws.amazon.com/sdkforjava)
([source](https://github.com/aws/aws-sdk-java)) | dependencies |
misk/gradle/libs.versions.toml | gradle | patch | `1.12.779` ->
`1.12.780` |
| [com.amazonaws:aws-java-sdk-core](https://aws.amazon.com/sdkforjava)
([source](https://github.com/aws/aws-sdk-java)) | dependencies |
misk/gradle/libs.versions.toml | gradle | patch | `1.12.779` ->
`1.12.780` |

---

### Release Notes

<details>
<summary>googleapis/sdk-platform-java
(com.google.api.grpc:proto-google-common-protos)</summary>

###
[`v2.50.0`](https://github.com/googleapis/sdk-platform-java/blob/HEAD/CHANGELOG.md#2500-2024-11-14)

##### Features

- Add experimental S2A integration in client libraries grpc transport
([#&#8203;3326](googleapis/sdk-platform-java#3326))
([1138ca6](googleapis/sdk-platform-java@1138ca6))
- enable selective generation based on service config include list
([#&#8203;3323](googleapis/sdk-platform-java#3323))
([0cddadb](googleapis/sdk-platform-java@0cddadb))
- introduce `java.time` to java-core
([#&#8203;3330](googleapis/sdk-platform-java#3330))
([f202c3b](googleapis/sdk-platform-java@f202c3b))
- Update Gapic-Generator to generate libraries using `java.time` methods
([#&#8203;3321](googleapis/sdk-platform-java#3321))
([b21c9a4](googleapis/sdk-platform-java@b21c9a4))

##### Bug Fixes

- Fix flaky test
ScheduledRetryingExecutorTest.testCancelOuterFutureAfterStart
([#&#8203;3335](googleapis/sdk-platform-java#3335))
([e73740d](googleapis/sdk-platform-java@e73740d))
- httpjson callables to trace attempts (started, failed)
([#&#8203;3300](googleapis/sdk-platform-java#3300))
([15a64ee](googleapis/sdk-platform-java@15a64ee))
- instantiate GaxProperties at build time to ensure we get the protobuf
version
([#&#8203;3365](googleapis/sdk-platform-java#3365))
([bb2a3be](googleapis/sdk-platform-java@bb2a3be))
- protobuf version not always getting set in headers
([#&#8203;3322](googleapis/sdk-platform-java#3322))
([7f6e470](googleapis/sdk-platform-java@7f6e470))
- use BuildKit instead of legacy builder to build the Hermetic Build
images
([#&#8203;3338](googleapis/sdk-platform-java#3338))
([222fb45](googleapis/sdk-platform-java@222fb45))

##### Dependencies

- update google auth library dependencies to v1.30.0
([#&#8203;3367](googleapis/sdk-platform-java#3367))
([a31c682](googleapis/sdk-platform-java@a31c682))
- update grpc dependencies to v1.68.1
([#&#8203;3240](googleapis/sdk-platform-java#3240))
([c8e3941](googleapis/sdk-platform-java@c8e3941))

##### Documentation

- fix list num
([#&#8203;3356](googleapis/sdk-platform-java#3356))
([b7d6296](googleapis/sdk-platform-java@b7d6296))
- **hermetic-build:** indicate usage of Docker Buildkit in development
guide
([#&#8203;3337](googleapis/sdk-platform-java#3337))
([01e742d](googleapis/sdk-platform-java@01e742d))
- modify hermetic build docs
([#&#8203;3331](googleapis/sdk-platform-java#3331))
([25023af](googleapis/sdk-platform-java@25023af))

</details>

<details>
<summary>googleapis/java-spanner
(com.google.cloud:google-cloud-spanner)</summary>

###
[`v6.83.0`](https://github.com/googleapis/java-spanner/blob/HEAD/CHANGELOG.md#6830-2024-12-13)

##### Features

- Add Metrics host for built in metrics
([#&#8203;3519](googleapis/java-spanner#3519))
([4ed455a](googleapis/java-spanner@4ed455a))
- Add opt-in for using multiplexed sessions for blind writes
([#&#8203;3540](googleapis/java-spanner#3540))
([216f53e](googleapis/java-spanner@216f53e))
- Add UUID in Spanner TypeCode enum
([41f83dc](googleapis/java-spanner@41f83dc))
- Introduce java.time variables and methods
([#&#8203;3495](googleapis/java-spanner#3495))
([8a7d533](googleapis/java-spanner@8a7d533))
- **spanner:** Support multiplexed session for Partitioned operations
([#&#8203;3231](googleapis/java-spanner#3231))
([4501a3e](googleapis/java-spanner@4501a3e))
- Support 'set local' for retry_aborts_internally
([#&#8203;3532](googleapis/java-spanner#3532))
([331942f](googleapis/java-spanner@331942f))

##### Bug Fixes

- **deps:** Update the Java code generator (gapic-generator-java) to
2.51.0
([41f83dc](googleapis/java-spanner@41f83dc))

##### Dependencies

- Update sdk platform java dependencies
([#&#8203;3549](googleapis/java-spanner#3549))
([6235f0f](googleapis/java-spanner@6235f0f))

</details>

<details>
<summary>googleapis/java-logging
(com.google.cloud:google-cloud-logging)</summary>

###
[`v3.21.0`](https://github.com/googleapis/java-logging/blob/HEAD/CHANGELOG.md#3210-2024-12-13)

##### Features

- Introduce `java.time` methods
([#&#8203;1729](googleapis/java-logging#1729))
([323eb33](googleapis/java-logging@323eb33))

##### Bug Fixes

- **deps:** Update the Java code generator (gapic-generator-java) to
2.51.0
([04d8868](googleapis/java-logging@04d8868))

##### Dependencies

- Update dependency io.opentelemetry:opentelemetry-bom to v1.45.0
([#&#8203;1638](googleapis/java-logging#1638))
([7e007d4](googleapis/java-logging@7e007d4))
- Update sdk platform java dependencies
([#&#8203;1736](googleapis/java-logging#1736))
([88b4cdf](googleapis/java-logging@88b4cdf))

</details>

<details>
<summary>googleapis/java-datastore
(com.google.cloud:google-cloud-datastore)</summary>

###
[`v2.25.1`](https://github.com/googleapis/java-datastore/blob/HEAD/CHANGELOG.md#2251-2024-12-13)

##### Bug Fixes

- **deps:** Update the Java code generator (gapic-generator-java) to
2.51.0
([106ee4d](googleapis/java-datastore@106ee4d))

##### Dependencies

- Update sdk platform java dependencies
([#&#8203;1685](googleapis/java-datastore#1685))
([4372350](googleapis/java-datastore@4372350))

###
[`v2.25.0`](https://github.com/googleapis/java-datastore/blob/HEAD/CHANGELOG.md#2250-2024-12-11)

##### Features

- Introduce `java.time` methods and variables
([#&#8203;1671](googleapis/java-datastore#1671))
([5a78a80](googleapis/java-datastore@5a78a80))

##### Dependencies

- Update dependency com.google.cloud:gapic-libraries-bom to v1.48.0
([#&#8203;1605](googleapis/java-datastore#1605))
([5c6a678](googleapis/java-datastore@5c6a678))

##### Documentation

- Update gapic upgrade installation instructions
([#&#8203;1677](googleapis/java-datastore#1677))
([b3fbfcc](googleapis/java-datastore@b3fbfcc))

</details>

<details>
<summary>autonomousapps/dependency-analysis-android-gradle-plugin
(com.autonomousapps.dependency-analysis)</summary>

###
[`v2.6.1`](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin/blob/HEAD/CHANGELOG.md#Version-261)

-   \[Fix]: `superClassName` can be null (Object has no superclass).

</details>

<details>
<summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary>

###
[`v1.44.1`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.44.1):
1.44.1

##### Components

##### Continuous Integration Visibility

- 🐛 Fix tracing JUnit5 tests in Maven projects with multiple forks
([#&#8203;8089](DataDog/dd-trace-java#8089) -
[@&#8203;nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog))

###
[`v1.44.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.44.0):
1.44.0

##### Known Issues

> \[!WARNING]\
> This release contains a known issue that causes failures when using
Test Optimization to trace JUnit 5 tests in a Maven project where Maven
Surefire is configured with `forkCount` > 1.
> The issue is fixed in v1.44.1

##### Breaking Changes

> \[!WARNING]\
> Support for `X-Forwarded` header is dropped from default client IP
resolution.
> It can still be re-activated using the
`dd.trace.client-ip-header=x-forwarded` system property, or the
`DD_TRACE_CLIENT_IP_HEADER=x-forwarded` environment variable. See
[#&#8203;7946](DataDog/dd-trace-java#7946).

##### Components

##### Application Security Management (IAST)

- ✨ Set unexpected IAST exceptions to debug log level
([#&#8203;8044](DataDog/dd-trace-java#8044) -
[@&#8203;smola](https://github.com/smola))
- ✨ Increase IAST propagation to StringBuffer subSequence
([#&#8203;8038](DataDog/dd-trace-java#8038) -
[@&#8203;Mariovido](https://github.com/Mariovido))
- ✨ Increase IAST propagation to StringBuilder subSequence
([#&#8203;8026](DataDog/dd-trace-java#8026) -
[@&#8203;Mariovido](https://github.com/Mariovido))
- ✨ Add IAST propagation to String valueOf
([#&#8203;8013](DataDog/dd-trace-java#8013) -
[@&#8203;Mariovido](https://github.com/Mariovido))
- ✨ Increase IAST propagation to StringBuilder append
([#&#8203;8010](DataDog/dd-trace-java#8010) -
[@&#8203;Mariovido](https://github.com/Mariovido))
- ✨ Expand SSRF support in IAST to apache-httpclient-5 and
apache-httpasyncclient-4
([#&#8203;7920](DataDog/dd-trace-java#7920) -
[@&#8203;Mariovido](https://github.com/Mariovido))

##### Build & Tooling

- ✨ Generate Muzzle classes for Groovy instrumentations
([#&#8203;8004](DataDog/dd-trace-java#8004) -
[@&#8203;nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog))

##### Continuous Integration Visibility

- ✨ Support distributed traces in tests
([#&#8203;8078](DataDog/dd-trace-java#8078) -
[@&#8203;nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog))
- ✨ Implement fail-fast tests ordering for JUnit 5
([#&#8203;8055](DataDog/dd-trace-java#8055) -
[@&#8203;nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog))
- ✨ Mark JUnit 5 setup and teardown action spans as failed if
there is an error
([#&#8203;8033](DataDog/dd-trace-java#8033) -
[@&#8203;nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog))
- ✨ Add tracing of setup and teardown actions in JUnit 4
([#&#8203;8030](DataDog/dd-trace-java#8030) -
[@&#8203;daniel-mohedano](https://github.com/daniel-mohedano))

##### Crash tracking

- ✨ Improve crash tracking install logging
([#&#8203;8045](DataDog/dd-trace-java#8045) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer))

##### Data Streams Monitoring

- 🐛 Add Data Streams support in AWS SQS without raw message delivery
([#&#8203;8071](DataDog/dd-trace-java#8071) -
[@&#8203;piochelepiotr](https://github.com/piochelepiotr))
- ✨ Add new tag for enabled products / features to DSM
checkpoints
([#&#8203;8051](DataDog/dd-trace-java#8051) -
[@&#8203;kr-igor](https://github.com/kr-igor))
- 💡 Instrument self hosted Kafka connectors
([#&#8203;7959](DataDog/dd-trace-java#7959) -
[@&#8203;piochelepiotr](https://github.com/piochelepiotr))

##### Dynamic Instrumentation

- ✨ Add Micronaut 4 support for code origin for spans
([#&#8203;8039](DataDog/dd-trace-java#8039) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ Refactor probe matching for methods
([#&#8203;8021](DataDog/dd-trace-java#8021) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ Update the CodeOriginProbe fingerprint to not rely on a
stack walk
([#&#8203;8016](DataDog/dd-trace-java#8016) -
[@&#8203;evanchooly](https://github.com/evanchooly))
- ✨ Implement code origin support for grpc server entry spans
([#&#8203;7942](DataDog/dd-trace-java#7942) -
[@&#8203;evanchooly](https://github.com/evanchooly))

##### GraalVM native-image

- 🐛 Update Graal build-time instrumentation config for
TracePropagationStyle
([#&#8203;8065](DataDog/dd-trace-java#8065) -
[@&#8203;MattAlp](https://github.com/MattAlp))
- 🐛 Fix NoClassDefFoundError: Could not initialize class
DDSpanLink$EncoderHolder in Graal native-image
([#&#8203;8036](DataDog/dd-trace-java#8036) -
[@&#8203;mcculls](https://github.com/mcculls))
- 🐛🧹 Fix native-image generation of reactive applications
([#&#8203;8012](DataDog/dd-trace-java#8012) -
[@&#8203;mcculls](https://github.com/mcculls))

##### OpenTracing

- 🧹 Custom ScopeManagers are deprecated and will be removed in a
future release of dd-trace-ot
([#&#8203;8058](DataDog/dd-trace-java#8058) -
[@&#8203;mcculls](https://github.com/mcculls))

##### Tracer core

- ✨🧪 Service naming: split by jee deployment
([#&#8203;8064](DataDog/dd-trace-java#8064) -
[@&#8203;amarziali](https://github.com/amarziali))
- ✨ Exclude jboss mdb proxies from instrumenting
([#&#8203;8061](DataDog/dd-trace-java#8061) -
[@&#8203;amarziali](https://github.com/amarziali))
- ✨ Add a built-in trace interceptor for keeping traces
depending of their latency
([#&#8203;8040](DataDog/dd-trace-java#8040) -
[@&#8203;cecile75](https://github.com/cecile75))
- 💡 Introduce marker mechanism for eagerly initializing helpers
([#&#8203;8028](DataDog/dd-trace-java#8028) -
[@&#8203;mcculls](https://github.com/mcculls))
- 💡 Add JSON component
([#&#8203;7973](DataDog/dd-trace-java#7973) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer))
- ✨⚠️ Remove support for X-Forwarded in client IP
resolution
([#&#8203;7946](DataDog/dd-trace-java#7946) -
[@&#8203;smola](https://github.com/smola))

##### Instrumentations

##### Apache HttpComponents

- ✨ Expand SSRF support in IAST to apache-httpclient-5 and
apache-httpasyncclient-4
([#&#8203;7920](DataDog/dd-trace-java#7920) -
[@&#8203;Mariovido](https://github.com/Mariovido))

##### gRPC instrumentation

- 🐛 Use lower priorities for grpc server errors
([#&#8203;8043](DataDog/dd-trace-java#8043) -
[@&#8203;amarziali](https://github.com/amarziali))

##### JDBC instrumentation

- ✨ Add trace injection for prepared statements in Postgres
([#&#8203;7940](DataDog/dd-trace-java#7940) -
[@&#8203;nenadnoveljic](https://github.com/nenadnoveljic))

##### JMS instrumentation

- 🐛 Protect mdb from instrumenting multiple time the same event
([#&#8203;8062](DataDog/dd-trace-java#8062) -
[@&#8203;amarziali](https://github.com/amarziali))

##### Kafka instrumentation

- 💡 Instrument self hosted Kafka connectors
([#&#8203;7959](DataDog/dd-trace-java#7959) -
[@&#8203;piochelepiotr](https://github.com/piochelepiotr))

##### OpenTelemetry instrumentation

- 🐛 Support using OpenTelemetry Event API inside `@WithSpan`
annotated method
([#&#8203;8019](DataDog/dd-trace-java#8019) -
[@&#8203;mcculls](https://github.com/mcculls))

##### Reactor instrumentation

- 🐛🧹 Fix native-image generation of reactive applications
([#&#8203;8012](DataDog/dd-trace-java#8012) -
[@&#8203;mcculls](https://github.com/mcculls))

##### Spring instrumentation

- 🐛 Avoid double instrumenting lambdas on latest spring scheduling
([#&#8203;8005](DataDog/dd-trace-java#8005) -
[@&#8203;amarziali](https://github.com/amarziali))

##### All other instrumentations

- 🐛 Twilio: allow service name flattening
([#&#8203;8025](DataDog/dd-trace-java#8025) -
[@&#8203;amarziali](https://github.com/amarziali))
- ✨ Instrument Mulesoft 4.5.0+
([#&#8203;7981](DataDog/dd-trace-java#7981) -
[@&#8203;amarziali](https://github.com/amarziali))

</details>

<details>
<summary>aws/aws-sdk-java (com.amazonaws:aws-java-sdk-sqs)</summary>

###
[`v1.12.780`](https://github.com/aws/aws-sdk-java/blob/HEAD/CHANGELOG.md#112780-2024-12-11)

[Compare
Source](aws/aws-sdk-java@1.12.779...1.12.780)

#### **Amazon Simple Storage Service**

-   ### Bugfixes
- AWS SDK for Java 1.x now includes additional validation for Amazon S3
client APIs to handle scenarios where an empty string ('') is passed as
the key argument to the following operations: PutObject, DeleteObject,
ListObjects, GetObjectMetaData, ListObjectsV2, SetObjectTagging,
GetObjectTagging, SetObjectAcl, GetObjectAcl, SetObjectLegalHold,
GetObjectLegalHold, CopyObject, CopyPart, SelectObjectContent,
SetObjectRetention, GetObjectRetention, AbortMultipartUpload,
CompleteMultipartUpload, InitiateMultipartUpload, ListParts, UploadPart,
RestoreObjectV2, and RestoreObject. The SDK will validate the key
argument and throw an exception if it is an empty string, ensuring
correct and expected behavior.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am
every weekday" in timezone Australia/Melbourne, Automerge - At any time
(no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://github.com/renovatebot/renovate).

GitOrigin-RevId: 69831bc62ea4d80cdcd42cef2aa9bd8eda28ae8c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
size: l Pull request size is large.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants