-
Notifications
You must be signed in to change notification settings - Fork 369
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent S3 URL presigning from generating a remote request span #1494
Conversation
@marcotc congrats on getting the AWS SDK updated as well, this looks great. We're fine with this solution, or one where a AWS SDK minimum version is required. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is good to go, one small nit in code comments, not blocking though.
It looks like your upstream PR got merged but aws doesn't cut a new release that frequently, however in the future we may want to revist this and rely on the upstream approach of checking context[:presigned_url]
for relevant versions.
Co-authored-by: Eric Mustin <eric.mustin@datadoghq.com>
It would be nice. I'll add a comment referencing the easier way to do it in the code. |
Fixes #922
This PR addresses
ddtrace
capturing a "fake" S3 request that the AWS S3 SDK reports when presigning a request URL.Presigned URLs give users a pre-authenticated URL to be used in the future to retrieve data from S3, but they do not preform any data retrieval to get created.
The Ruby S3 SDK performs a "fake" request internally to generated a presigned URL: it creates an S3
get_object
request, sends it through the regular request handler (one of which beingDatadog::Contrib::Aws::Handler
), but hijacks the "data send" step at the end by not actually sending the request.Unfortunately, there's no data we can use to differentiate between a real request and a fake request in our
ddtrace
handler. I've opened a PR with AWS to provide us with that information, so we can simplify the logic from this PR in the future: aws/aws-sdk-ruby#2513This PR effectively removes our request handler from these fake presign requests, the same approach taken internally by the S3 SDK for some of its own handlers that do not play nice with the fake presign request: https://github.com/aws/aws-sdk-ruby/blob/656691b470bb970627286cf1df2bd84049b6787d/gems/aws-sdk-s3/lib/aws-sdk-s3/presigner.rb#L194-L196