-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(aws service): use http client when building assume role for AccessKey #20285
Conversation
Signed-off-by: Stephen Wakely <[email protected]>
Signed-off-by: Stephen Wakely <[email protected]>
Datadog ReportBranch report: ✅ 0 Failed, 87 Passed, 0 Skipped, 13m 31.66s Wall Time New Flaky Tests (3)
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 good catch
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need any similar changes to the AwsAuthentication::File
arm? It seems like it may also not be using the custom HTTP client.
Yikes! I assumed it wouldn't because I thought it was just loading from a file, but a quick test shows that that was a bad assumption. Good catch! |
Signed-off-by: Stephen Wakely <[email protected]>
Signed-off-by: Stephen Wakely <[email protected]>
Regression Detector ResultsRun ID: 2c04cde2-4635-4977-9292-f573882f1895 Performance changes are noted in the perf column of each table:
No significant changes in experiment optimization goalsConfidence level: 90.00% There were no significant changes in experiment optimization goals at this confidence level and effect size tolerance.
|
perf | experiment | goal | Δ mean % | Δ mean % CI |
---|---|---|---|---|
➖ | syslog_log2metric_splunk_hec_metrics | ingress throughput | +3.25 | [+3.07, +3.43] |
➖ | http_elasticsearch | ingress throughput | +1.73 | [+1.64, +1.82] |
➖ | syslog_regex_logs2metric_ddmetrics | ingress throughput | +1.49 | [+1.31, +1.68] |
➖ | file_to_blackhole | egress throughput | +1.27 | [-1.08, +3.61] |
➖ | datadog_agent_remap_blackhole | ingress throughput | +0.95 | [+0.82, +1.08] |
➖ | syslog_loki | ingress throughput | +0.64 | [+0.53, +0.74] |
➖ | http_to_s3 | ingress throughput | +0.63 | [+0.35, +0.91] |
➖ | datadog_agent_remap_datadog_logs | ingress throughput | +0.62 | [+0.50, +0.74] |
➖ | http_to_http_acks | ingress throughput | +0.41 | [-0.94, +1.76] |
➖ | splunk_hec_route_s3 | ingress throughput | +0.39 | [-0.08, +0.86] |
➖ | http_to_http_noack | ingress throughput | +0.19 | [+0.10, +0.29] |
➖ | syslog_log2metric_humio_metrics | ingress throughput | +0.14 | [-0.01, +0.30] |
➖ | otlp_grpc_to_blackhole | ingress throughput | +0.12 | [+0.03, +0.21] |
➖ | http_to_http_json | ingress throughput | +0.04 | [-0.04, +0.12] |
➖ | syslog_log2metric_tag_cardinality_limit_blackhole | ingress throughput | +0.03 | [-0.13, +0.19] |
➖ | splunk_hec_to_splunk_hec_logs_acks | ingress throughput | +0.00 | [-0.14, +0.14] |
➖ | splunk_hec_indexer_ack_blackhole | ingress throughput | -0.01 | [-0.15, +0.14] |
➖ | splunk_hec_to_splunk_hec_logs_noack | ingress throughput | -0.05 | [-0.16, +0.07] |
➖ | enterprise_http_to_http | ingress throughput | -0.11 | [-0.19, -0.03] |
➖ | syslog_splunk_hec_logs | ingress throughput | -0.45 | [-0.54, -0.37] |
➖ | datadog_agent_remap_datadog_logs_acks | ingress throughput | -0.64 | [-0.73, -0.55] |
➖ | otlp_http_to_blackhole | ingress throughput | -0.72 | [-0.84, -0.60] |
➖ | datadog_agent_remap_blackhole_acks | ingress throughput | -0.76 | [-0.91, -0.62] |
➖ | http_text_to_http_json | ingress throughput | -2.60 | [-2.75, -2.44] |
➖ | socket_to_socket_blackhole | ingress throughput | -3.15 | [-3.24, -3.06] |
➖ | syslog_humio_logs | ingress throughput | -3.19 | [-3.41, -2.96] |
➖ | fluent_elasticsearch | ingress throughput | -3.55 | [-4.02, -3.07] |
Explanation
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
Fixes #20282
This fixes the error that we received when using both
access_key_id
andassume_role
together. The builder used in that situation should have had a custom http client provided so it could use our TLS and proxy settings.Note: I have tested this by running locally with that authentication scheme in the config. This gave me the same error in the issue. I fixed the bug and ran again. I now get the error
STS refused to grant assume role
, which is expected because I have not set up a valid client in AWS. I am pretty confident that this fixes the issue, but have not tested 100% to the end to save time having to setup a fairly complex authentication scheme in AWS.