Skip to content

Updated EC2 detector to use v2 aws sdk #6878

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Updated EC2 detector to use v2 aws sdk #6878

wants to merge 9 commits into from
+156 −58

Conversation

akats7
Copy link
Contributor

@akats7 akats7 commented Mar 4, 2025

Resolves #6860

@akats7 akats7 requested a review from a team as a code owner March 4, 2025 07:44
@github-actions github-actions bot requested a review from pyohannes March 4, 2025 07:45
@codecov Codecov
Copy link

codecov bot commented Mar 4, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 72.72727% with 6 lines in your changes missing coverage. Please review.

Project coverage is 76.0%. Comparing base (ed30671) to head (fce20cd).

Files with missing lines Patch % Lines
detectors/aws/ec2/ec2.go 72.7% 5 Missing and 1 partial ⚠️
Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##            main   #6878     +/-   ##
=======================================
- Coverage   76.1%   76.0%   -0.1%     
=======================================
  Files        219     219             
  Lines      21299   21304      +5     
=======================================
- Hits       16210   16208      -2     
- Misses      4529    4534      +5     
- Partials     560     562      +2
Files with missing lines Coverage Δ
detectors/aws/ec2/ec2.go 84.8% <72.7%> (-4.4%) ⬇️

... and 1 file with indirect coverage changes

@dmathieu
Copy link
Member

dmathieu commented Mar 4, 2025

Side note: the other AWS detectors don't use github.com/aws/aws-sdk-go. So they don't need to upgrade.

MrAlias
MrAlias requested changes Mar 4, 2025
View reviewed changes
dmathieu
dmathieu reviewed Mar 5, 2025
View reviewed changes
MrAlias
MrAlias reviewed Mar 5, 2025
View reviewed changes
detectors/aws/ec2/ec2.go
@@ -44,28 +46,39 @@ func (fn optionFunc) apply(c *config) {
}

// WithClient sets the ec2metadata client in config.
func WithClient(t Client) Option {
func WithClient(t client) Option {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, this is going to be problematic.

The function signature here cannot change, that will be a breaking change

  1. This could be deprecated as well. It needs to be verified that there is never a need for a client to be set here. Likely this is not the case if a user is trying to stub out functionality for testing external to this package.
  2. The Client interface could be extended and a type assertion can be made that will check if the passed client implements the prior functionality. This will mean that backwards compatible support for the existing API needs to be possible (even with the upgrade).
  3. A ec2/v2 package is created to support the AWS v2 API and this package is deprecated
  4. Maybe some other options ... (?)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm yeah I'm not sure if this just also should've been unexported along with Client or if there's a valid use case for a user to set their own? I see the commit that added it on the off chance you remember the rational behind it #1030 @MrAlias.

If we create a v2 package and deprecate this one, does the v2 package permanently stay as v2

Copy link
Member

@pellared pellared Mar 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://go.dev/blog/v2-go-modules

The recommended strategy is to develop v2+ modules in a directory named after the major version suffix.

This allows also nicely deprecating the existing v1 module.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Plan from SIG meeting is to create a v2 of this module.

riyadhalnur
riyadhalnur reviewed Mar 13, 2025
View reviewed changes
detectors/aws/ec2/go.mod
@@ -4,12 +4,25 @@ go 1.22.0

require (
github.com/aws/aws-sdk-go v1.55.6
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How do we plan on mitigating this https://nvd.nist.gov/vuln/detail/CVE-2020-8911 and https://nvd.nist.gov/vuln/detail/CVE-2020-8912 if we are still pulling in this dependency?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Plan from SIG meeting is to create a v2 of this module.

This should solve it

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This package will be deprecated as is, a v2 will be created without this dependency

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmathieu dmathieu dmathieu approved these changes

@riyadhalnur riyadhalnur riyadhalnur left review comments

@pellared pellared pellared left review comments

@MrAlias MrAlias MrAlias requested changes

@pyohannes pyohannes Awaiting requested review from pyohannes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AWS detectors are using the unmaintained AWS SDK for Go
5 participants
@akats7 @dmathieu @riyadhalnur @pellared @MrAlias