-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deps: upgrade aws-sdk-go from v1 to v2 #24720
base: main
Are you sure you want to change the base?
Conversation
@mismithhisler can you check the impact of this change on binary size? In #24701 I noted that updating this library doesn't update the dependencies that have it as a transient dependency for v1, and so we'll be carrying around both versions. |
@tgross I saw that and using It looks like it added 2.7MB to the binary size. |
Eh, ok. That stinks but not worth delaying the fix for. It'd be nice if we could nudge along the other HashiCorp libraries that are pulling this in. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
client/fingerprint/env_aws.go
Outdated
ctx, cancel := context.WithTimeout(context.TODO(), timeout) | ||
defer cancel() | ||
|
||
imdsClient, err := imdsClient(ctx, f.endpoint) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where does f.endpoint
actually get set if we're no longer configuring it in the constructor? It looks like there's possibly fallback behavior if it's empty (maybe the client library reads the env var if set?), but are we ever using the endpoint
field if we're falling back to that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was actually meaning to leave a comment around this. I took it out here because from what I can tell, AWS makes no mention of AWS_ENV_URL
, and I don't think you can specify custom IMDS endpoints. So that really just leaves overriding the endpoint for testing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 on some comments here; took a moment of digging around to see what was happening, otherwise it looks a bit suspect on the surface.
@@ -4,14 +4,15 @@ | |||
package remotetasks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we just remove these tests and the related ECS infra? Let's see what @schmichael thinks. (But probably in a separate PR anyways.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 as the feature is deprecated unless we want to keep this in for future reference of potential.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please remove. We removed RTD from the docs and archived the repo. Not a bad idea, but incomplete and lacking in demand.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for doing this @mismithhisler! I've added a couple of inline comments/questions which would be good to resolve before merging but looks and works great.
I ran this locally on macOS and everything looked OK, with the correct message showing up in the logs:
client.fingerprint_mgr.env_aws: error querying AWS IDMS URL, skipping
I then ran this PR on an AWS cluster and the node attributes looked how I would expect:
$ nomad node status -verbose bd306835 |grep aws
kernel.version = 6.8.0-1009-aws
platform.aws.ami-id = ami-0474244c88b835731
platform.aws.instance-life-cycle = on-demand
platform.aws.instance-type = m5.xlarge
platform.aws.placement.availability-zone = eu-west-2a
unique.platform.aws.hostname = ip-10-0-1-15.eu-west-2.compute.internal
unique.platform.aws.instance-id = i-0765dd85a71bc86bb
unique.platform.aws.local-hostname = ip-10-0-1-15.eu-west-2.compute.internal
unique.platform.aws.local-ipv4 = 10.0.1.15
unique.platform.aws.mac = 06:72:45:96:05:15
unique.platform.aws.public-ipv4 = xx.xxx.xxx.xxx
The output from the same Nomad client running the official v1.9.4 release:
$ nomad node status -verbose bd306835 |grep aws
kernel.version = 6.8.0-1009-aws
platform.aws.ami-id = ami-0474244c88b835731
platform.aws.instance-life-cycle = on-demand
platform.aws.instance-type = m5.xlarge
platform.aws.placement.availability-zone = eu-west-2a
unique.platform.aws.hostname = ip-10-0-1-15.eu-west-2.compute.internal
unique.platform.aws.instance-id = i-0765dd85a71bc86bb
unique.platform.aws.local-hostname = ip-10-0-1-15.eu-west-2.compute.internal
unique.platform.aws.local-ipv4 = 10.0.1.15
unique.platform.aws.mac = 06:72:45:96:05:15
unique.platform.aws.public-ipv4 = xx.xxx.xxx.xxx
@@ -4,14 +4,15 @@ | |||
package remotetasks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 as the feature is deprecated unless we want to keep this in for future reference of potential.
// See https://aws.github.io/aws-sdk-go-v2/docs/handling-errors for | ||
// recommended error handling with aws-sdk-go-v2. | ||
// See also: https://github.com/aws/aws-sdk-go-v2/issues/1306 | ||
func (f *EnvAWSFingerprint) handleImdsError(err error, attr string) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mind adding a small table driven unit test to cover this functionality?
client/fingerprint/env_aws.go
Outdated
ctx, cancel := context.WithTimeout(context.TODO(), timeout) | ||
defer cancel() | ||
|
||
imdsClient, err := imdsClient(ctx, f.endpoint) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 on some comments here; took a moment of digging around to see what was happening, otherwise it looks a bit suspect on the surface.
client/fingerprint/env_aws.go
Outdated
return nil | ||
} | ||
} | ||
defer resp.Content.Close() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This defer is inside a loop, so won't get executed until the iteration finishes and we reach the function end; is this OK? If we wanted to change this, we could move the loop body into it's own function.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great catch! I'll get this updated.
client/fingerprint/env_aws.go
Outdated
v := strings.TrimSpace(string(bytes)) | ||
if v == "" { | ||
f.logger.Debug("read an empty value", "attribute", k) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want a continue statement after the log line here which will match the existing behaviour and mean we do not have empty string attributes in node data? It would also be nice if we do need this continue to craft a test to catch this in the future, although I don't know if that is possible or feasible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a test that mimics empty response data, so I've updated it to make sure the corresponding key is not in the node attributes. I didn't see IMDS respond with empty values, but instead it removes the endpoint available, resulting in a 404. It's probably good to handle this just in case though.
continue | ||
} else if awsErr, ok := err.(awserr.RequestFailure); ok { | ||
f.logger.Debug("could not read attribute value", "attribute", k, "error", awsErr) | ||
resp, err := imdsClient.GetMetadata(ctx, &imds.GetMetadataInput{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Outside the scope for this PR but I wonder if there would be any benefit in the future from not passing individual keys to the metadata call, and rather get the whole response and process that. The benefit would be a single API call at the cost of more complex response processing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would be nice, but I'm not sure it's possible with the current IMDS. If you pass in an empty path, you just get a list of available paths, not all the instance metadata.
@@ -175,6 +179,16 @@ require ( | |||
github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect | |||
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect | |||
github.com/armon/go-radix v1.0.0 // indirect | |||
github.com/aws/aws-sdk-go v1.55.5 // indirect |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why do we still need this? Is it a go mod tidy
snafu or something actually pulls it as a dependency?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is go-discover
et al.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also go-getter
, I opened an issue to see if we can get the AWS SDK updated in that repo. Would be nice to get this dependency removed.
Description
Upgrades aws-sdk-go from v1 to v2 as the v1 library is in maintenance mode.
Closes GH #24680
Testing & Reproduction steps
Links
Contributor Checklist
changelog entry using the
make cl
command.ensure regressions will be caught.
and job configuration, please update the Nomad website documentation to reflect this. Refer to
the website README for docs guidelines. Please also consider whether the
change requires notes within the upgrade guide.
Reviewer Checklist
backporting document.
in the majority of situations. The main exceptions are long-lived feature branches or merges where
history should be preserved.
within the public repository.