Pass _X_AMZN_TRACE_ID environment variable through to X-Amzn-Trace-Id header for AWS services running on Lambda. (#3043)

Author: millems

core/aws-core/src/main/java/software/amazon/awssdk/awscore/client/builder/AwsDefaultClientBuilder.java

@@ -33,6 +33,7 @@
 import software.amazon.awssdk.awscore.endpoint.FipsEnabledProvider;
 import software.amazon.awssdk.awscore.eventstream.EventStreamInitialRequestInterceptor;
 import software.amazon.awssdk.awscore.interceptor.HelpfulUnknownHostExceptionInterceptor;
+import software.amazon.awssdk.awscore.interceptor.TraceIdExecutionInterceptor;
 import software.amazon.awssdk.awscore.internal.defaultsmode.AutoDefaultsModeDiscovery;
 import software.amazon.awssdk.awscore.internal.defaultsmode.DefaultsModeConfiguration;
 import software.amazon.awssdk.awscore.internal.defaultsmode.DefaultsModeResolver;
@@ -419,7 +420,8 @@ private List<ExecutionInterceptor> addAwsInterceptors(SdkClientConfiguration con
 
     private List<ExecutionInterceptor> awsInterceptors() {
         return Arrays.asList(new HelpfulUnknownHostExceptionInterceptor(),
-                             new EventStreamInitialRequestInterceptor());
+                             new EventStreamInitialRequestInterceptor(),
+                             new TraceIdExecutionInterceptor());
     }
 
     @Override

core/aws-core/src/main/java/software/amazon/awssdk/awscore/interceptor/TraceIdExecutionInterceptor.java

@@ -0,0 +1,66 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.awscore.interceptor;
+
+import java.util.Optional;
+import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.core.interceptor.Context;
+import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
+import software.amazon.awssdk.core.interceptor.ExecutionInterceptor;
+import software.amazon.awssdk.http.SdkHttpRequest;
+import software.amazon.awssdk.utils.SystemSetting;
+
+/**
+ * The {@code TraceIdExecutionInterceptor} copies the {@link #TRACE_ID_ENVIRONMENT_VARIABLE} value to the
+ * {@link #TRACE_ID_HEADER} header, assuming we seem to be running in a lambda environment.
+ */
+@SdkInternalApi
+public class TraceIdExecutionInterceptor implements ExecutionInterceptor {
+    private static final String TRACE_ID_HEADER = "X-Amzn-Trace-Id";
+    private static final String TRACE_ID_ENVIRONMENT_VARIABLE = "_X_AMZN_TRACE_ID";
+    private static final String LAMBDA_FUNCTION_NAME_ENVIRONMENT_VARIABLE = "AWS_LAMBDA_FUNCTION_NAME";
+
+    @Override
+    public SdkHttpRequest modifyHttpRequest(Context.ModifyHttpRequest context, ExecutionAttributes executionAttributes) {
+        Optional<String> traceIdHeader = traceIdHeader(context);
+        if (!traceIdHeader.isPresent()) {
+            Optional<String> lambdafunctionName = lambdaFunctionNameEnvironmentVariable();
+            Optional<String> traceId = traceIdEnvironmentVariable();
+
+            if (lambdafunctionName.isPresent() && traceId.isPresent()) {
+                return context.httpRequest().copy(r -> r.putHeader(TRACE_ID_HEADER, traceId.get()));
+            }
+        }
+
+        return context.httpRequest();
+    }
+
+    private Optional<String> traceIdHeader(Context.ModifyHttpRequest context) {
+        return context.httpRequest().firstMatchingHeader(TRACE_ID_HEADER);
+    }
+
+    private Optional<String> traceIdEnvironmentVariable() {
+        // CHECKSTYLE:OFF - This is not configured by the customer, so it should not be configurable by system property
+        return SystemSetting.getStringValueFromEnvironmentVariable(TRACE_ID_ENVIRONMENT_VARIABLE);
+        // CHECKSTYLE:ON
+    }
+
+    private Optional<String> lambdaFunctionNameEnvironmentVariable() {
+        // CHECKSTYLE:OFF - This is not configured by the customer, so it should not be configurable by system property
+        return SystemSetting.getStringValueFromEnvironmentVariable(LAMBDA_FUNCTION_NAME_ENVIRONMENT_VARIABLE);
+        // CHECKSTYLE:ON
+    }
+}

core/aws-core/src/test/java/software/amazon/awssdk/awscore/interceptor/TraceIdExecutionInterceptorTest.java

@@ -0,0 +1,110 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.awscore.interceptor;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.net.URI;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+import software.amazon.awssdk.core.SdkRequest;
+import software.amazon.awssdk.core.interceptor.Context;
+import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
+import software.amazon.awssdk.core.interceptor.InterceptorContext;
+import software.amazon.awssdk.http.SdkHttpMethod;
+import software.amazon.awssdk.http.SdkHttpRequest;
+import software.amazon.awssdk.testutils.EnvironmentVariableHelper;
+
+public class TraceIdExecutionInterceptorTest {
+    @Test
+    public void nothingDoneWithoutEnvSettings() {
+        EnvironmentVariableHelper.run(env -> {
+            resetRelevantEnvVars(env);
+            Context.ModifyHttpRequest context = context();
+            assertThat(modifyHttpRequest(context)).isSameAs(context.httpRequest());
+        });
+    }
+
+    @Test
+    public void headerAddedWithEnvSettings() {
+        EnvironmentVariableHelper.run(env -> {
+            resetRelevantEnvVars(env);
+            env.set("AWS_LAMBDA_FUNCTION_NAME", "foo");
+            env.set("_X_AMZN_TRACE_ID", "bar");
+            Context.ModifyHttpRequest context = context();
+            assertThat(modifyHttpRequest(context).firstMatchingHeader("X-Amzn-Trace-Id")).hasValue("bar");
+        });
+    }
+
+    @Test
+    public void headerNotAddedIfHeaderAlreadyExists() {
+        EnvironmentVariableHelper.run(env -> {
+            resetRelevantEnvVars(env);
+            env.set("AWS_LAMBDA_FUNCTION_NAME", "foo");
+            env.set("_X_AMZN_TRACE_ID", "bar");
+            Context.ModifyHttpRequest context = context(SdkHttpRequest.builder()
+                                                                      .uri(URI.create("https://localhost"))
+                                                                      .method(SdkHttpMethod.GET)
+                                                                      .putHeader("X-Amzn-Trace-Id", "existing")
+                                                                      .build());
+            assertThat(modifyHttpRequest(context)).isSameAs(context.httpRequest());
+        });
+    }
+
+    @Test
+    public void headerNotAddedIfNotInLambda() {
+        EnvironmentVariableHelper.run(env -> {
+            resetRelevantEnvVars(env);
+            env.set("_X_AMZN_TRACE_ID", "bar");
+            Context.ModifyHttpRequest context = context();
+            assertThat(modifyHttpRequest(context)).isSameAs(context.httpRequest());
+        });
+    }
+
+    @Test
+    public void headerNotAddedIfNoTraceIdEnvVar() {
+        EnvironmentVariableHelper.run(env -> {
+            resetRelevantEnvVars(env);
+            env.set("_X_AMZN_TRACE_ID", "bar");
+            Context.ModifyHttpRequest context = context();
+            assertThat(modifyHttpRequest(context)).isSameAs(context.httpRequest());
+        });
+    }
+
+    private Context.ModifyHttpRequest context() {
+        return context(SdkHttpRequest.builder()
+                                     .uri(URI.create("https://localhost"))
+                                     .method(SdkHttpMethod.GET)
+                                     .build());
+    }
+
+
+    private Context.ModifyHttpRequest context(SdkHttpRequest request) {
+        return InterceptorContext.builder()
+                                 .request(Mockito.mock(SdkRequest.class))
+                                 .httpRequest(request)
+                                 .build();
+    }
+
+    private SdkHttpRequest modifyHttpRequest(Context.ModifyHttpRequest context) {
+        return new TraceIdExecutionInterceptor().modifyHttpRequest(context, new ExecutionAttributes());
+    }
+
+    private void resetRelevantEnvVars(EnvironmentVariableHelper env) {
+        env.remove("AWS_LAMBDA_FUNCTION_NAME");
+        env.remove("_X_AMZN_TRACE_ID");
+    }
+}

test/codegen-generated-classes-test/src/test/java/software/amazon/awssdk/services/TraceIdTest.java

@@ -0,0 +1,59 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.services;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import org.junit.jupiter.api.Test;
+import software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider;
+import software.amazon.awssdk.awscore.interceptor.TraceIdExecutionInterceptor;
+import software.amazon.awssdk.http.AbortableInputStream;
+import software.amazon.awssdk.http.HttpExecuteResponse;
+import software.amazon.awssdk.http.SdkHttpResponse;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.protocolrestjson.ProtocolRestJsonClient;
+import software.amazon.awssdk.testutils.EnvironmentVariableHelper;
+import software.amazon.awssdk.testutils.service.http.MockSyncHttpClient;
+import software.amazon.awssdk.utils.StringInputStream;
+
+/**
+ * Verifies that the {@link TraceIdExecutionInterceptor} is actually wired up for AWS services.
+ */
+public class TraceIdTest {
+    @Test
+    public void traceIdInterceptorIsEnabled() {
+        EnvironmentVariableHelper.run(env -> {
+            env.set("AWS_LAMBDA_FUNCTION_NAME", "foo");
+            env.set("_X_AMZN_TRACE_ID", "bar");
+
+            try (MockSyncHttpClient mockHttpClient = new MockSyncHttpClient();
+                 ProtocolRestJsonClient client = ProtocolRestJsonClient.builder()
+                                                                       .region(Region.US_WEST_2)
+                                                                       .credentialsProvider(AnonymousCredentialsProvider.create())
+                                                                       .httpClient(mockHttpClient)
+                                                                       .build()) {
+                mockHttpClient.stubNextResponse(HttpExecuteResponse.builder()
+                                                                   .response(SdkHttpResponse.builder()
+                                                                                            .statusCode(200)
+                                                                                            .build())
+                                                                   .responseBody(AbortableInputStream.create(new StringInputStream("{}")))
+                                                                   .build());
+                client.allTypes();
+                assertThat(mockHttpClient.getLastRequest().firstMatchingHeader("X-Amzn-Trace-Id")).hasValue("bar");
+            }
+        });
+    }
+}

test/http-client-tests/src/main/java/software/amazon/awssdk/http/HttpTestUtils.java

@@ -76,8 +76,18 @@ public static CompletableFuture<byte[]> sendHeadRequest(int serverPort, SdkAsync
     }
 
     private static CompletableFuture<byte[]> sendRequest(int serverPort,
-                                                                  SdkAsyncHttpClient client,
-                                                                  SdkHttpMethod httpMethod) {
+                                                         SdkAsyncHttpClient client,
+                                                         SdkHttpMethod httpMethod) {
+        SdkHttpFullRequest request = SdkHttpFullRequest.builder()
+                                                       .method(httpMethod)
+                                                       .protocol("https")
+                                                       .host("127.0.0.1")
+                                                       .port(serverPort)
+                                                       .build();
+        return sendRequest(client, request);
+    }
+
+    public static CompletableFuture<byte[]> sendRequest(SdkAsyncHttpClient client, SdkHttpFullRequest request) {
         ByteArrayOutputStream responsePayload = new ByteArrayOutputStream();
         AtomicBoolean responsePayloadReceived = new AtomicBoolean(false);
         return client.execute(AsyncExecuteRequest.builder()
@@ -98,12 +108,7 @@ public void onStream(Publisher<ByteBuffer> stream) {
                                                          public void onError(Throwable error) {
                                                          }
                                                      })
-                                                 .request(SdkHttpFullRequest.builder()
-                                                                            .method(httpMethod)
-                                                                            .protocol("https")
-                                                                            .host("127.0.0.1")
-                                                                            .port(serverPort)
-                                                                            .build())
+                                                 .request(request)
                                                  .requestContentPublisher(new EmptyPublisher())
                                                  .build())
                      .thenApply(v -> responsePayloadReceived.get() ? responsePayload.toByteArray() : null);

test/http-client-tests/src/main/java/software/amazon/awssdk/http/SdkAsyncHttpClientH1TestSuite.java

@@ -22,6 +22,7 @@
 import static io.netty.handler.codec.http.HttpHeaderValues.TEXT_PLAIN;
 import static io.netty.handler.codec.http.HttpResponseStatus.INTERNAL_SERVER_ERROR;
 import static io.netty.handler.codec.http.HttpResponseStatus.OK;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
 import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
 
 import io.netty.bootstrap.ServerBootstrap;
@@ -45,6 +46,7 @@
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.handler.ssl.util.SelfSignedCertificate;
+import java.net.URI;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
@@ -132,6 +134,19 @@ public void headRequestResponsesHaveNoPayload() {
         assertThat(responseData).isNull();
     }
 
+    @Test
+    public void naughtyHeaderCharactersDoNotGetToServer() {
+        String naughtyHeader = "foo\r\nbar";
+        assertThatThrownBy(() -> HttpTestUtils.sendRequest(client,
+                                                           SdkHttpFullRequest.builder()
+                                                                             .uri(URI.create("https://localhost:" + server.port()))
+                                                                             .method(SdkHttpMethod.POST)
+                                                                             .appendHeader("h", naughtyHeader)
+                                                                             .build())
+                                              .join())
+            .hasCauseInstanceOf(Exception.class);
+    }
+
     private static class Server extends ChannelInitializer<Channel> {
         private static final byte[] CONTENT = "helloworld".getBytes(StandardCharsets.UTF_8);
         private ServerBootstrap bootstrap;
@@ -141,6 +156,7 @@ private static class Server extends ChannelInitializer<Channel> {
         private SslContext sslCtx;
         private boolean return500OnFirstRequest;
         private boolean closeConnection;
+        private volatile HttpRequest lastRequestReceived;
 
         public void init() throws Exception {
             SelfSignedCertificate ssc = new SelfSignedCertificate();
@@ -178,6 +194,8 @@ private class BehaviorTestChannelHandler extends ChannelDuplexHandler {
             @Override
             public void channelRead(ChannelHandlerContext ctx, Object msg) {
                 if (msg instanceof HttpRequest) {
+                    lastRequestReceived = (HttpRequest) msg;
+
                     HttpResponseStatus status;
                     if (ctx.channel().equals(channels.get(0)) && return500OnFirstRequest) {
                         status = INTERNAL_SERVER_ERROR;