X-RAY creates new session with hardcoded region #167
Comments
polamayster
changed the title
|
Hey polamayster, The X-Ray client here is only used to obtain the Sampling Rules and Targets for centralized sampling. It communicates with the local X-Ray Daemon in order to fetch this, rather than the actual service endpoint itself (the Daemon is responsible for fetching this data). The region here should not affect communications with the Daemon, so we should safely be able to remove the hard coded region without any issues. As for the session, I do believe that the call to get_session() actually returns a new instance of a session and the credentials are re-fetched in each instantiation. Are you experiencing any specific issues related to this? Here is the code to the new session instantiation in Botocore. |
|
Hi chanchiem! Thanks for a response. Yes we are experiencing a specific issue related to credentials retrieval (throttling) associated with new session instantiation each time. def _create_xray_client(self, ip='127.0.0.1', port='2000'):
session = botocore.session.get_session()
url = 'http://%s:%s' % (ip, port)
return session.create_client('xray', endpoint_url=url,
region_name='us-west-2',
config=Config(signature_version=UNSIGNED)
)be changed to: def _create_xray_client(self, ip='127.0.0.1', port='2000', region='us-west-2'):
url = 'http://%s:%s' % (ip, port)
return boto3.client('xray', endpoint_url=url,
region_name=region,
config=Config(signature_version=UNSIGNED)
)explanation: Just wondering why x-ray client needs separate session, why can't it reuse existing session by calling credentials_provider = ContainerProvider()
session = get_session()
session._credentials = credentials_provider.load() # RefreshableCredentials
boto3.setup_default_session(botocore_session=session)
# monkey patch botocore session to always return existing session with credentials and not new one each time (x-ray)
botocore.session.get_session = lambda: session |
|
Hey Polamayster, We don't see an issue with re-using a default session, but there is one issue. Our SDK uses Since the issue you're having is related to credential gathering, and our client doesn't use credentials (this part is handled by our Daemon), I wonder if a possible solution would be to predefine the credentials to a null value. Maybe something like this def _create_xray_client(self, ip='127.0.0.1', port='2000'):
session = botocore.session.get_session()
url = 'http://%s:%s' % (ip, port)
return session.create_client('xray', endpoint_url=url,
region_name='us-west-2',
config=Config(signature_version=UNSIGNED),
aws_access_key_id='', aws_secret_access_key=''
)Is it possible for you to test this in your configuration to see if it attempts to fetch credentials? I was able to test it on mine and it seems to have worked. |
|
Hi chanchiem, Thanks a lot for your comment! I will give your solution a try. Concern about |
|
Hi @chanchiem, Sorry for a long silence, I finally got a chance to test your solution with Thanks a lot once again! |
|
We would gladly accept PRs! Glad the solution worked out for you! Thanks, |
|
Side note: I was adding a fix and associated tests and turned out this issue is reproducible if Line 49 in ab1327e aws-xray-sdk-python clients with botocore version in this range.
So proposed fix if still relevant/appropriate regarding @chanchiem, @haotianw465(https://github.com/aws/aws-xray-sdk-python/blame/master/aws_xray_sdk/core/sampling/connector.py#L163) what do you think? |
|
So should fix still be implemented or issue closed with botocore version upgrade as a solution? |
|
I think since it's an issue that only exists in older versions of botocore, we should upgrade the supported version of botocore internally so long as it doesn't add any breaking changes for our current instrumentor. Were you able to find out why the particular version range fixes the issue? |
|
Let me reiterate, because looks like I wasn't clear in explanation: if config is not None and config.signature_version is UNSIGNED:
credentials = Noneand this it used in x-ray-sdk for client creation: def _create_xray_client(self, ip='127.0.0.1', port='2000', region='us-west-2'):
url = 'http://%s:%s' % (ip, port)
return boto3.client('xray', endpoint_url=url,
region_name=region,
config=Config(signature_version=UNSIGNED)
)but as |
|
Thanks for letting us know! I think since we want to be sure we accept the current version range and not constrain our customers to only use up to 1.12.67, we can use the solution of manually setting the credentials to an empty string: Can you confirm that it worked for versions less than as well as greater than and equal to |
|
Yes, credentials set to empty strings worked for |
|
tests fail due to #179 |
There is probably a reason why new session is created with specific region us-west-2 (is X-Ray available only in this region?):
but can it be changed to:
so existing default boto3 session could be reused under the hood?
Usecase: application using IAM role to not throttle on call to
/v2/credentials/in each process/worker when those credentials were already retrieved and stored in session?If so, I can create MR with a change.
The text was updated successfully, but these errors were encountered: