Tsv*_*nov 5 amazon-web-services node.js aws-sdk-js open-telemetry
在 NodeJS 应用程序中一起使用@opentelemetry/plugin-https和时aws-sdk,opentelemetry 插件会将traceparent标头添加到每个 AWS 请求中。如果不需要在aws-sdk. 当 aws-sdk 重试请求时,可能会发生以下错误:
InvalidSignatureException: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your key and signing method.第一个 AWS 请求包含以下标头:
traceparent: '00-32c9b7adee1da37fad593ee38e9e479b-875169606368a166-01'Authorization: 'AWS4-HMAC-SHA256 Credential=<credential>, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token;x-amz-target, Signature=<signature>'请注意,SignedHeaders 不包括traceparent.
重试的请求包含以下标头:
traceparent: '00-c573e391a455a207469ffa4fb75b3cab-6f20c315628cfcc0-01'Authorization: AWS4-HMAC-SHA256 Credential=<credential>, SignedHeaders=host;traceparent;x-amz-content-sha256;x-amz-date;x-amz-security-token;x-amz-target, Signature=<signature>请注意,SignedHeaders 确实包括traceparent.
在发送重试请求之前,会@opentelemetry/plugin-https设置新的traceparent标头,这会使 AWS 请求的签名无效。
以下是重现该问题的代码(您可能需要在达到导致重试的速率限制之前运行脚本几次):
const opentelemetry = require("@opentelemetry/api");
const { NodeTracerProvider } = require("@opentelemetry/node");
const { SimpleSpanProcessor } = require("@opentelemetry/tracing");
const { JaegerExporter } = require("@opentelemetry/exporter-jaeger");
const provider = new NodeTracerProvider({
plugins: {
https: {
enabled: true,
path: "@opentelemetry/plugin-https"
}
}
});
const exporter = new JaegerExporter({ serviceName: "test" });
provider.addSpanProcessor(new SimpleSpanProcessor(exporter));
provider.register();
const AWS = require("aws-sdk");
const main = async () => {
const cwl = new AWS.CloudWatchLogs({ region: "us-east-1" });
const promises = new Array(100).fill(true).map(() => new Promise((resolve, reject) => {
cwl.describeLogGroups(function (err, data) {
if (err) {
console.log(err.name);
console.log("Got error:", err.message);
console.log("ERROR Request Authorization:");
console.log(this.request.httpRequest.headers.Authorization);
console.log("ERROR Request traceparent:");
console.log(this.request.httpRequest.headers.traceparent);
console.log("Retry count:", this.retryCount);
reject(err);
return;
}
resolve(data);
});
}));
const result = await Promise.all(promises);
console.log(result.length);
};
main().catch(console.error);
可能的解决方案:
@opentelemetry/plugin-https。
traceparent将标题添加unsignableHeaders到aws-sdk-AWS.Signers.V4.prototype.unsignableHeaders.push("traceparent");
aws-sdk.是否有另一种解决方案可以让我保留 aws 请求的范围并保证所有 aws 请求的签名都是正确的?
更新(2020 年 12 月 16 日):
该问题似乎已在aws sdk v3中修复
以下代码抛出正确的错误 (ThrotdlingException):
const opentelemetry = require("@opentelemetry/api");
const { NodeTracerProvider } = require("@opentelemetry/node");
const { SimpleSpanProcessor } = require("@opentelemetry/tracing");
const { JaegerExporter } = require("@opentelemetry/exporter-jaeger");
const { CloudWatchLogs } = require("@aws-sdk/client-cloudwatch-logs");
const provider = new NodeTracerProvider({
plugins: {
https: {
enabled: true,
path: "@opentelemetry/plugin-https"
}
}
});
const exporter = new JaegerExporter({ serviceName: "test" });
provider.addSpanProcessor(new SimpleSpanProcessor(exporter));
provider.register();
const main = async () => {
const cwl = new CloudWatchLogs({ region: "us-east-1" });
const promises = new Array(100).fill(true).map(() => new Promise((resolve, reject) => {
cwl.describeLogGroups({ limit: 50 })
.then(resolve)
.catch((err) => {
console.log(err.name);
console.log("Got error:", err.message);
reject(err);
});
}));
const result = await Promise.all(promises);
console.log(result.length);
};
main().catch(console.error);
| 归档时间: |
|
| 查看次数: |
1070 次 |
| 最近记录: |