/
conn.go
187 lines (165 loc) · 5.59 KB
/
conn.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
// Copyright 2018-2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at
//
// http://aws.amazon.com/apache2.0/
//
// or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and limitations under the License.
package conn
import (
"crypto/tls"
"net/http"
"net/url"
"os"
"time"
"github.com/aws/aws-xray-daemon/daemon/cfg"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/ec2metadata"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/sts"
log "github.com/cihub/seelog"
"golang.org/x/net/http2"
)
type connAttr interface {
newAWSSession(roleArn string) *session.Session
getEC2Region(s *session.Session) (string, error)
}
// Conn implements connAttr interface.
type Conn struct{}
func (c *Conn) getEC2Region(s *session.Session) (string, error) {
return ec2metadata.New(s).Region()
}
// getNewHTTPClient returns new HTTP client instance with provided configuration.
func getNewHTTPClient(maxIdle int, requestTimeout int, noVerify bool, proxyAddress string) *http.Client {
log.Debugf("Using proxy address: %v", proxyAddress)
tls := &tls.Config{
InsecureSkipVerify: noVerify,
}
finalProxyAddress := getProxyAddress(proxyAddress)
proxyURL := getProxyURL(finalProxyAddress)
transport := &http.Transport{
MaxIdleConnsPerHost: maxIdle,
TLSClientConfig: tls,
Proxy: http.ProxyURL(proxyURL),
}
// is not enabled by default as we configure TLSClientConfig for supporting SSL to data plane.
// http2.ConfigureTransport will setup transport layer to use HTTP2
http2.ConfigureTransport(transport)
http := &http.Client{
Transport: transport,
Timeout: time.Second * time.Duration(requestTimeout),
}
return http
}
func getProxyAddress(proxyAddress string) string {
var finalProxyAddress string
if proxyAddress != "" {
finalProxyAddress = proxyAddress
} else if proxyAddress == "" && os.Getenv("HTTPS_PROXY") != "" {
finalProxyAddress = os.Getenv("HTTPS_PROXY")
} else {
finalProxyAddress = ""
}
return finalProxyAddress
}
func getProxyURL(finalProxyAddress string) *url.URL {
var proxyURL *url.URL
var err error
if finalProxyAddress != "" {
proxyURL, err = url.Parse(finalProxyAddress)
if err != nil {
log.Errorf("Bad proxy URL: %v", err)
os.Exit(1)
}
} else {
proxyURL = nil
}
return proxyURL
}
// GetAWSConfigSession returns AWS config and session instances.
func GetAWSConfigSession(cn connAttr, c *cfg.Config, roleArn string, region string, noMetadata bool) (*aws.Config, *session.Session) {
var s *session.Session
var err error
var awsRegion string
http := getNewHTTPClient(cfg.ParameterConfigValue.Processor.MaxIdleConnPerHost, cfg.ParameterConfigValue.Processor.RequestTimeout, *c.NoVerifySSL, c.ProxyAddress)
s = cn.newAWSSession(roleArn)
regionEnv := os.Getenv("AWS_REGION")
if region == "" && regionEnv != "" {
awsRegion = regionEnv
log.Debugf("Fetch region %v from environment variables", awsRegion)
} else if region != "" {
awsRegion = region
log.Debugf("Fetch region %v from commandline/config file", awsRegion)
} else if !noMetadata {
es := getDefaultSession()
awsRegion, err = cn.getEC2Region(es)
if err != nil {
log.Errorf("Unable to retrieve the region from the EC2 instance %v\n", err)
} else {
log.Debugf("Fetch region %v from ec2 metadata", awsRegion)
}
}
if awsRegion == "" {
log.Error("Cannot fetch region variable from config file, environment variables and ec2 metadata.")
os.Exit(1)
}
config := &aws.Config{
Region: aws.String(awsRegion),
DisableParamValidation: aws.Bool(true),
MaxRetries: aws.Int(2),
Endpoint: aws.String(c.Endpoint),
HTTPClient: http,
}
return config, s
}
// ProxyServerTransport configures HTTP transport for TCP Proxy Server.
func ProxyServerTransport(config *cfg.Config) *http.Transport {
tls := &tls.Config{
InsecureSkipVerify: *config.NoVerifySSL,
}
proxyAddr := getProxyAddress(config.ProxyAddress)
proxyURL := getProxyURL(proxyAddr)
// Connection timeout in seconds
idleConnTimeout := time.Duration(config.ProxyServer.IdleConnTimeout) * time.Second
transport := &http.Transport{
MaxIdleConns: config.ProxyServer.MaxIdleConns,
MaxIdleConnsPerHost: config.ProxyServer.MaxIdleConnsPerHost,
IdleConnTimeout: idleConnTimeout,
Proxy: http.ProxyURL(proxyURL),
TLSClientConfig: tls,
// If not disabled the transport will add a gzip encoding header
// to requests with no `accept-encoding` header value. The header
// is added after we sign the request which invalidates the
// signature.
DisableCompression: true,
}
return transport
}
func (c *Conn) newAWSSession(roleArn string) *session.Session {
var s *session.Session
var err error
if roleArn == "" {
s = getDefaultSession()
} else {
t := getDefaultSession()
sts := stscreds.NewCredentialsWithClient(sts.New(t), roleArn)
s, err = session.NewSession(&aws.Config{
Credentials: sts,
})
if err != nil {
log.Errorf("Error in creating session object : %v\n.", err)
os.Exit(1)
}
}
return s
}
func getDefaultSession() *session.Session {
result, serr := session.NewSession()
if serr != nil {
log.Errorf("Error in creating session object : %v\n.", serr)
os.Exit(1)
}
return result
}