英文:
How does one assume a role with the golang xray client?
问题
根据您提供的内容,以下是翻译的结果:
根据https://aws.amazon.com/xray/faqs/:
问:我的应用程序组件在它们自己的AWS账户中运行。我可以使用X-Ray在不同的AWS账户之间收集数据吗?
答:是的,X-Ray代理可以扮演一个角色,将数据发布到与其所在账户不同的账户中。这样可以将应用程序的各个组件的数据发布到一个中央账户中。
我知道可以这样扮演一个角色:
st := sts.NewFromConfig(awsConf)
creds := stscreds.NewAssumeRoleProvider(st, "myRoleArn")
awsConf.Credentials = aws.NewCredentialsCache(creds)
我知道可以使用这些凭证创建一个xray service:
import xrayv2 "github.com/aws/aws-sdk-go-v2/service/xray"
xrayService := xrayv2.NewFromConfig(awsConf)
问题是xray service是用于直接与xray API交互的,它没有xray client提供的一些奇妙功能。
我知道xray client是这样配置的:
import "github.com/aws/aws-xray-sdk-go/xray"
xray.Configure(xray.Config{
DaemonAddr: "",
ServiceVersion: "",
Emitter: nil,
SamplingStrategy: nil,
StreamingStrategy: nil,
ExceptionFormattingStrategy: nil,
ContextMissingStrategy: nil,
LogLevel: "",
LogFormat: "",
})
无论我是使用aws还是aws-v2库,我都没有看到可以为xray client提供任何类型的aws conf /凭证提供程序的地方。我可以创建一个自定义的emitter,但我希望避免这样做。
您有关于如何为github.com/aws/aws-xray-sdk-go/xray
提供凭证缓存的任何想法吗?
英文:
Per https://aws.amazon.com/xray/faqs/:
Q: My application components run in their own AWS accounts. Can I use X-Ray to collect data across AWS accounts?
Yes, the X-Ray agent can assume a role to publish data into an account different from the one in which it is running. This enables you publish data from various components of your application into a central account.
I know that I can assume a role like so:
st := sts.NewFromConfig(awsConf)
creds := stscreds.NewAssumeRoleProvider(st, "myRoleArn")
awsConf.Credentials = aws.NewCredentialsCache(creds)
I know that I can create an xray service using those creds:
import xrayv2 "github.com/aws/aws-sdk-go-v2/service/xray"
xrayService := xrayv2.NewFromConfig(awsConf)
The problem is that the xray service is made for interacting directly with the xray API, it doesn't have any of the wonderful magic that the xray client provides.
The xray client I know is configured this way:
import "github.com/aws/aws-xray-sdk-go/xray"
xray.Configure(xray.Config{
DaemonAddr: "",
ServiceVersion: "",
Emitter: nil,
SamplingStrategy: nil,
StreamingStrategy: nil,
ExceptionFormattingStrategy: nil,
ContextMissingStrategy: nil,
LogLevel: "",
LogFormat: "",
})
Regardless of if I was using the aws or aws-v2 library, I don't see a place where I can provide the xray client any sort of aws conf / credential provider. I can create a custom emitter, but I was hoping to avoid that.
Any ideas on how I might provide a credentials cache to github.com/aws/aws-xray-sdk-go/xray
?
答案1
得分: 1
这个其他的S.O.问题帮助我理解了我的误解。
AWS X-Ray客户端库只是将信息发布到本地运行的守护程序。所以代码不负责将跟踪信息发送到x-ray。
通过按照这里的步骤 - https://aws.amazon.com/blogs/compute/application-tracing-on-kubernetes-with-aws-x-ray/
并设置这个变量 _ = os.Setenv("AWS_XRAY_DAEMON_ADDRESS", "xray-service.kube-system:2000")
,我们能够将库指向本地守护程序。
然后守护程序负责转发,所以我们通过在xray ConfigMap中覆盖RoleArn
来覆盖守护程序运行的角色。
英文:
This other S.O. question helped me misunderstand my misconception.
The AWS X-Ray client library just publishes information to a local running daemon. So the code isn't responsible for shipping traces off to x-ray.
By following the steps here - https://aws.amazon.com/blogs/compute/application-tracing-on-kubernetes-with-aws-x-ray/
And setting this variable _ = os.Setenv("AWS_XRAY_DAEMON_ADDRESS", "xray-service.kube-system:2000")
, we were able to point the library to the local daemon.
Then it's the daemon that is responsible for forwarding, so we override the role that the daemon is running as by overriding the RoleArn
in the xray ConfigMap.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论