-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Keep the AWS/Azure/GCP SDK version up to date #39492
Comments
Pinging @elastic/obs-ds-hosted-services (Team:obs-ds-hosted-services) |
Here is how APM Server manages OTel dependencies: |
I'm creating the first PR to manage the Azure SDK to get feedback from the team responsible for Dependabot. |
If we notice the issue mentioned here, a sequential upgrade from working -> broken SDK (Nov '23 -> Feb'24) , it would have taken the application into a less desirable state. So, the scope may be extended or changed to qualifying the SDK version. Addressing dependencies, Testing & verification, addressing gaps in testing (if any) may be part of the qualification process. Once qualified, how soon should we consume the upgrade? |
@agithomas, what do you mean by "qualifying the SDK version"? Can you elaborate a little on this? |
To be clear, the goal of PRs like #39495 is not to avoid problems like "not found, ResolveEndpointV2" but to ensure Beats remains up to date with new features, possibly avoid support requests, or at least ship the fixes sooner. I agree that to avoid problems like "not found, ResolveEndpointV2" from happening we need a holistic strategy that includes:
|
My comment was more towards the holistic strategy. Thanks for adding the scope here. |
After the last fix #40125, the config is valid, but the current Dependabot config is still not okay. From https://github.com/elastic/beats/network/updates/852878485
|
Set up Dependabot to manage the AWS SDK version. With the current reactive and manual process, our dependencies are often outdated. To release a bugfix to a dependency, we need to wait for the following stack release instead of merging it shortly after it's available from AWS. See #39492 to learn more.
The scope of this issue was adopting Dependabot to manage the CSP SDKs dependencies. I am taking #39505 out for next iteration. |
Situation
All major CSPs provide SDKs for accessing their API. Beats use the cloud provider API to collect logs, metrics, and metadata.
Over time, CSPs release new versions of SDK. Most of the time, new versions are minor or patch releases. Major releases with breaking changes usually happen every few years.
Usually, we upgrade the cloud provider SDK in two circumstances:
That's only available in a new SDK version.
Our attitude is primarily reactive.
Problem statement
The current reactive posture has a few downsides:
Solutions
Manage AWS/Azure/GCP SDK version incrementally using Dependabot.
Pros:
Cons:
Tasks
allow
list #40150Related
Here are a few related issues and PRs:
The text was updated successfully, but these errors were encountered: