z3d1k commented on code in PR #1: URL: https://github.com/apache/flink-connector-prometheus/pull/1#discussion_r1486713717
########## amp-request-signer/src/main/java/org/apache/flink/connector/prometheus/sink/aws/AmazonManagedPrometheusWriteRequestSigner.java: ########## @@ -0,0 +1,98 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.flink.connector.prometheus.sink.aws; + +import org.apache.flink.connector.prometheus.sink.PrometheusRequestSigner; +import org.apache.flink.util.Preconditions; + +import com.amazonaws.auth.AWSCredentials; +import com.amazonaws.auth.AWSSessionCredentials; +import com.amazonaws.auth.DefaultAWSCredentialsProviderChain; +import com.amazonaws.util.BinaryUtils; +import org.apache.commons.lang3.StringUtils; + +import java.net.MalformedURLException; +import java.net.URL; +import java.util.Map; + +/** Sign a Remote-Write request to Amazon Managed Service for Prometheus (AMP). */ +public class AmazonManagedPrometheusWriteRequestSigner implements PrometheusRequestSigner { + + private final URL remoteWriteUrl; + private final String awsRegion; + + /** + * Constructor. + * + * @param remoteWriteUrl URL of the remote-write endpoint + * @param awsRegion Region of the AMP workspace + */ + public AmazonManagedPrometheusWriteRequestSigner(String remoteWriteUrl, String awsRegion) { + Preconditions.checkArgument( + StringUtils.isNotBlank(awsRegion), "Missing or blank AMP workspace region"); + Preconditions.checkNotNull( + StringUtils.isNotBlank(remoteWriteUrl), + "Missing or blank AMP workspace remote-write URL"); + this.awsRegion = awsRegion; + try { + this.remoteWriteUrl = new URL(remoteWriteUrl); + } catch (MalformedURLException e) { + throw new IllegalArgumentException( + "Invalid AMP remote-write URL: " + remoteWriteUrl, e); + } + } + + /** + * Add the additional Http request headers required by Amazon Managed Prometheus: + * 'x-amz-content-sha256', 'Host', 'X-Amz-Date', 'x-amz-security-token' and 'Authorization`. + * + * @param requestHeaders original Http request headers. It must be mutable. For efficiency, any + * new header is added to the map, instead of making a copy. + * @param requestBody request body, already compressed + */ + @Override + public void addSignatureHeaders(Map<String, String> requestHeaders, byte[] requestBody) { + byte[] contentHash = AWS4SignerBase.hash(requestBody); + String contentHashString = BinaryUtils.toHex(contentHash); + requestHeaders.put( + "x-amz-content-sha256", + contentHashString); // this header must be included before generating the + // Authorization header + + DefaultAWSCredentialsProviderChain credsChain = new DefaultAWSCredentialsProviderChain(); Review Comment: Should this be made configurable? Some use cases may require specific credentials provider implementation. ########## amp-request-signer/src/main/java/org/apache/flink/connector/prometheus/sink/aws/AWS4SignerBase.java: ########## @@ -0,0 +1,290 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.flink.connector.prometheus.sink.aws; + +import com.amazonaws.util.BinaryUtils; + +import javax.crypto.Mac; +import javax.crypto.spec.SecretKeySpec; + +import java.io.UnsupportedEncodingException; +import java.net.URL; +import java.net.URLEncoder; +import java.security.MessageDigest; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.SimpleTimeZone; +import java.util.SortedMap; +import java.util.TreeMap; + +/** Common methods and properties for all AWS4 signer variants. */ +public abstract class AWS4SignerBase { + + /** SHA256 hash of an empty request body. */ + public static final String EMPTY_BODY_SHA256 = + "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"; + + public static final String UNSIGNED_PAYLOAD = "UNSIGNED-PAYLOAD"; + + public static final String SCHEME = "AWS4"; + public static final String ALGORITHM = "HMAC-SHA256"; + public static final String TERMINATOR = "aws4_request"; + + /** format strings for the date/time and date stamps required during signing. */ + public static final String ISO_8601_BASIC_FORMAT = "yyyyMMdd'T'HHmmss'Z'"; + + public static final String DATE_STRING_FORMAT = "yyyyMMdd"; + + protected URL endpointUrl; + protected String httpMethod; + protected String serviceName; + protected String regionName; + + protected final SimpleDateFormat dateTimeFormat; + protected final SimpleDateFormat dateStampFormat; + + /** + * Create a new AWS V4 signer. + * + * @param endpointUrl The service endpoint, including the path to any resource. + * @param httpMethod The HTTP verb for the request, e.g. GET. + * @param serviceName The signing name of the service, e.g. 's3'. + * @param regionName The system name of the AWS region associated with the endpoint, e.g. + * us-east-1. + */ + public AWS4SignerBase( + URL endpointUrl, String httpMethod, String serviceName, String regionName) { + this.endpointUrl = endpointUrl; + this.httpMethod = httpMethod; + this.serviceName = serviceName; + this.regionName = regionName; + + dateTimeFormat = new SimpleDateFormat(ISO_8601_BASIC_FORMAT); + dateTimeFormat.setTimeZone(new SimpleTimeZone(0, "UTC")); + dateStampFormat = new SimpleDateFormat(DATE_STRING_FORMAT); + dateStampFormat.setTimeZone(new SimpleTimeZone(0, "UTC")); + } + + /** + * Returns the canonical collection of header names that will be included in the signature. For + * AWS4, all header names must be included in the process in sorted canonicalized order. + */ + protected static String getCanonicalizeHeaderNames(Map<String, String> headers) { + List<String> sortedHeaders = new ArrayList<String>(); + sortedHeaders.addAll(headers.keySet()); + Collections.sort(sortedHeaders, String.CASE_INSENSITIVE_ORDER); + + StringBuilder buffer = new StringBuilder(); + for (String header : sortedHeaders) { + if (buffer.length() > 0) { + buffer.append(";"); + } + buffer.append(header.toLowerCase()); + } + + return buffer.toString(); + } + + /** + * Computes the canonical headers with values for the request. For AWS4, all headers must be + * included in the signing process. + */ + protected static String getCanonicalizedHeaderString(Map<String, String> headers) { + if (headers == null || headers.isEmpty()) { + return ""; + } + + // step1: sort the headers by case-insensitive order + List<String> sortedHeaders = new ArrayList<String>(); + sortedHeaders.addAll(headers.keySet()); + Collections.sort(sortedHeaders, String.CASE_INSENSITIVE_ORDER); + + // step2: form the canonical header:value entries in sorted order. + // Multiple white spaces in the values should be compressed to a single + // space. + StringBuilder buffer = new StringBuilder(); + for (String key : sortedHeaders) { + buffer.append( + key.toLowerCase().replaceAll("\\s+", " ") + + ":" + + headers.get(key).replaceAll("\\s+", " ")); + buffer.append("\n"); + } + + return buffer.toString(); + } + + /** + * Returns the canonical request string to go into the signer process; this consists of several + * canonical sub-parts. + * + * @return Review Comment: Missing description of returned value? ########## prometheus-connector/src/main/java/org/apache/flink/connector/prometheus/sink/prometheus/Remote.java: ########## @@ -0,0 +1,6661 @@ +/* Review Comment: Should original `*.proto` files also be added here? With a way to generate java files. This way it will be clearer how to update this code if API change in the future releases. ########## amp-request-signer/src/main/java/org/apache/flink/connector/prometheus/sink/aws/AmazonManagedPrometheusWriteRequestSigner.java: ########## @@ -0,0 +1,98 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.flink.connector.prometheus.sink.aws; + +import org.apache.flink.connector.prometheus.sink.PrometheusRequestSigner; +import org.apache.flink.util.Preconditions; + +import com.amazonaws.auth.AWSCredentials; +import com.amazonaws.auth.AWSSessionCredentials; +import com.amazonaws.auth.DefaultAWSCredentialsProviderChain; +import com.amazonaws.util.BinaryUtils; +import org.apache.commons.lang3.StringUtils; + +import java.net.MalformedURLException; +import java.net.URL; +import java.util.Map; + +/** Sign a Remote-Write request to Amazon Managed Service for Prometheus (AMP). */ +public class AmazonManagedPrometheusWriteRequestSigner implements PrometheusRequestSigner { + + private final URL remoteWriteUrl; + private final String awsRegion; + + /** + * Constructor. + * Review Comment: Is this comment required? > JavaDocs should not state meaningless information (just to satisfy the Checkstyle checker). https://flink.apache.org/how-to-contribute/code-style-and-quality-common/#comments -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@flink.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
