Add scripts to publish Java tracer layer. Also add code to set the correct tags in traces (#26)

* Add scripts to publish Java layer versions

* Add JSON Trace Context to MDC

* update getTraceContext's docstring

* Set tags on the span

* set version number to 9

* Delete old layer_names line

* Layer signing

* address PR comments

Author: agocs

build.gradle

@@ -30,19 +30,23 @@ dependencies {
     implementation 'org.apache.commons:commons-lang3:3.10'
     implementation 'org.slf4j:slf4j-log4j12:1.7.28'
     implementation 'org.jetbrains:annotations:15.0'
+    implementation 'io.opentracing:opentracing-api:0.33.0'
+    implementation 'io.opentracing:opentracing-util:0.33.0'
+    implementation 'com.datadoghq:dd-trace-api:0.72.0'
 
     // Use JUnit test framework
     testImplementation 'junit:junit:4.12'
     testImplementation 'org.apache.logging.log4j:log4j-api:2.13.3'
     testImplementation 'org.apache.logging.log4j:log4j-core:2.13.3'
     testImplementation 'com.github.stefanbirkner:system-rules:1.19.0'
+
 }
 
 sourceCompatibility = 1.8
 targetCompatibility = 1.8
 
 group = 'com.datadoghq'
-version= '0.0.8'
+version= '0.0.9'
 
 allprojects {
     repositories {

scripts/list_layers.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# Unless explicitly stated otherwise all files in this repository are licensed
+# under the Apache License Version 2.0.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019 Datadog, Inc.
+
+# Lists most recent layers ARNs across regions to STDOUT
+
+set -e
+
+AVAILABLE_REGIONS=$(aws ec2 describe-regions --output json | jq -r '.[] | .[] | .RegionName')
+LAYERS_MISSING_REGIONS=()
+
+# Check region arg
+if [ -z "$2" ]; then
+    >&2 echo "Region parameter not specified, running for all available regions."
+    REGIONS=$AVAILABLE_REGIONS
+else
+
+    >&2 echo "Region parameter specified: $2"
+    if [[ ! "$AVAILABLE_REGIONS" == *"$2"* ]]; then
+        >&2 echo "Could not find $2 in available regions:" $AVAILABLE_REGIONS
+        >&2 echo ""
+        >&2 echo "EXITING SCRIPT."
+        exit 1
+    fi
+    REGIONS=($2)
+fi
+
+
+for region in $REGIONS
+do
+	layer_name="dd-trace-java"
+	last_layer_arn=$(aws lambda list-layer-versions --layer-name $layer_name --region $region --output json | jq -r ".LayerVersions | .[0] |  .LayerVersionArn")
+	if [ "$last_layer_arn" == "null" ]; then
+	    >&2 echo "No layer found for $region, $layer_name"
+	    if [[ ! " ${LAYERS_MISSING_REGIONS[@]} " =~ " ${region} " ]]; then
+		LAYERS_MISSING_REGIONS+=( $region )
+	    fi
+	else
+	    echo $last_layer_arn
+	fi
+done
+
+if [ ${#LAYERS_MISSING_REGIONS[@]} -gt 0 ]; then
+    echo "WARNING: Following regions missing layers: ${LAYERS_MISSING_REGIONS[@]}"
+    exit 1
+fi

scripts/publish_layers.sh

@@ -0,0 +1,99 @@
+#!/bin/bash
+
+# Unless explicitly stated otherwise all files in this repository are licensed
+# under the Apache License Version 2.0.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2021 Datadog, Inc.
+
+# Publish the datadog python lambda layer across regions, using the AWS CLI
+# Usage: publish_layer.sh [region] [layer]
+# Specifying the region and layer arg will publish the specified layer to the specified region
+set -e
+
+# Makes sure any subprocesses will be terminated with this process
+trap "pkill -P $$; exit 1;" INT
+
+LATEST_JAR_URL=$(curl -i https://repository.sonatype.org/service/local/artifact/maven/redirect\?r\=central-proxy\&g\=com.datadoghq\&a\=dd-java-agent\&v\=LATEST | grep location | cut -d " " -f 2)
+
+LATEST_JAR_FILE=$(echo $LATEST_JAR_URL | rev | cut -d "/" -f 1 | rev)
+
+echo ""
+echo "About to publish a new Lambda layer containing $LATEST_JAR_FILE"
+read -r -p "Continue? [y/N] " response
+if ! [[ "$response" =~ ^([yY][eE][sS]|[yY])$ ]]
+then
+   echo "OK, exiting!"
+   exit 0
+fi
+
+wget -O $LATEST_JAR_FILE https://dtdg.co/latest-java-tracer
+
+LAYER_ZIP="tracer.zip"
+
+rm -rf layer
+mkdir -p layer/java/lib
+cp "$LATEST_JAR_FILE" layer/java/lib/dd-java-agent.jar
+cd layer
+zip -r ../$LAYER_ZIP java
+cd ..
+rm -rf layer
+
+# sign the layer zip
+
+echo
+echo "Signing layers..."
+./scripts/sign_layers.sh prod $LAYER_ZIP
+
+
+AVAILABLE_REGIONS=$(aws ec2 describe-regions --output json | jq -r '.[] | .[] | .RegionName')
+
+
+# Check region arg
+if [ -z "$1" ]; then
+    echo "Region parameter not specified, running for all available regions."
+    REGIONS=$AVAILABLE_REGIONS
+else
+    echo "Region parameter specified: $1"
+    if [[ ! "$AVAILABLE_REGIONS" == *"$1"* ]]; then
+        echo "Could not find $1 in available regions: $AVAILABLE_REGIONS"
+        echo ""
+        echo "EXITING SCRIPT."
+        exit 1
+    fi
+    REGIONS=($1)
+fi
+
+echo "Starting publishing layers for regions: $REGIONS"
+
+
+publish_layer() {
+    region=$1
+    layer_name="dd-trace-java"
+    aws_version_key=$3
+    layer_path=$4
+    version_nbr=$(aws lambda publish-layer-version --layer-name $layer_name \
+        --description "Datadog Tracer Lambda Layer for Java" \
+        --zip-file "fileb://tracer.zip" \
+        --region $region \
+	--output json \
+                        | jq -r '.Version')
+
+    aws lambda add-layer-version-permission --layer-name $layer_name \
+        --version-number $version_nbr \
+        --statement-id "release-$version_nbr" \
+        --action lambda:GetLayerVersion --principal "*" \
+        --region $region\
+    	--output json
+
+    echo "Published layer for region $region, layer_name $layer_name, layer_version $version_nbr"
+}
+
+for region in $REGIONS
+do
+    echo "Starting publishing layer for region $region..."
+
+    publish_layer $region $layer_name $aws_version_key
+done
+
+
+echo "Done !"

scripts/publish_test_layer.sh

@@ -0,0 +1,88 @@
+#!/bin/bash
+
+# Unless explicitly stated otherwise all files in this repository are licensed
+# under the Apache License Version 2.0.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2021 Datadog, Inc.
+
+# Publish the datadog python lambda layer across regions, using the AWS CLI
+# Usage: publish_layer.sh [region] [layer]
+# Specifying the region and layer arg will publish the specified layer to the specified region
+set -e
+
+# Makes sure any subprocesses will be terminated with this process
+trap "pkill -P $$; exit 1;" INT
+
+if [ -z "$1" ]
+then
+  echo "Usage: publish_test_layer path/to/layerFile.jar [region]"
+  exit 0
+fi
+
+
+LAYER_FILE=$1
+REGION=$2
+LAYER_ZIP="tracer.zip"
+
+if [ -z "$REGION" ]
+then
+  REGION="sa-east-1"
+fi
+
+echo ""
+echo "About to publish a TEST Lambda layer containing $LAYER_FILE to $REGION"
+read -r -p "Continue? [y/N] " response
+if ! [[ "$response" =~ ^([yY][eE][sS]|[yY])$ ]]
+then
+   echo "OK, exiting!"
+   exit 0
+fi
+
+rm -rf layer
+mkdir -p layer/java/lib
+cp "$LAYER_FILE" layer/java/lib/dd-java-agent.jar
+cd layer
+zip -r ../$LAYER_ZIP java
+cd ..
+rm -rf layer
+
+echo
+echo "Signing layer..."
+./scripts/sign_layers.sh sandbox $LAYER_ZIP
+
+AVAILABLE_REGIONS=$(aws ec2 describe-regions --output json | jq -r '.[] | .[] | .RegionName')
+
+echo "Region parameter specified: $REGION"
+if [[ ! "$AVAILABLE_REGIONS" == *"$REGION"* ]]; then
+    echo "Could not find $REGION in available regions: $AVAILABLE_REGIONS"
+    echo ""
+    echo "EXITING SCRIPT."
+    exit 1
+fi
+
+publish_layer() {
+    region=$1
+    layer_name="dd-trace-java-test"
+    aws_version_key=$2
+    version_nbr=$(aws lambda publish-layer-version --layer-name $layer_name \
+        --description "Datadog Tracer Lambda Layer for Java" \
+        --zip-file "fileb://$LAYER_ZIP" \
+        --region "$region" \
+	--output json \
+                        | jq -r '.Version')
+
+    aws lambda add-layer-version-permission --layer-name $layer_name \
+        --version-number $version_nbr \
+        --statement-id "release-$version_nbr" \
+        --action lambda:GetLayerVersion --principal "*" \
+        --region $region\
+    	--output json
+
+    echo "Published layer for region $region, layer_name $layer_name, layer_version $version_nbr"
+}
+
+echo "Starting publishing layer for region $REGION..."
+
+publish_layer $REGION "$aws_version_key"
+
+echo "Done !"

scripts/sign_layers.sh

@@ -0,0 +1,108 @@
+#!/bin/bash
+
+# Unless explicitly stated otherwise all files in this repository are licensed
+# under the Apache License Version 2.0.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019 Datadog, Inc.
+
+set -e
+
+SIGNING_PROFILE_NAME="DatadogLambdaSigningProfile"
+
+# Check account parameter
+VALID_ACCOUNTS=("sandbox" "prod")
+if [ -z "$1" ]; then
+    echo "ERROR: You must pass an account parameter to sign the layers"
+    exit 1
+fi
+if [[ ! "${VALID_ACCOUNTS[@]}" =~ $1 ]]; then
+    echo "ERROR: The account parameter was invalid. Please choose sandbox or prod."
+    exit 1
+fi
+if [ "$1" = "sandbox" ]; then
+    REGION="sa-east-1"
+    S3_BUCKET_NAME="dd-lambda-signing-bucket-sandbox"
+fi
+if [ "$1" = "prod" ]; then
+    REGION="us-east-1"
+    S3_BUCKET_NAME="dd-lambda-signing-bucket"
+fi
+
+if [ -z "$2" ]
+then
+  echo "Usage: ./sign_layers (sandbox|prod) layer_file.zip"
+  exit 1
+fi
+
+LAYER_FILE=$2
+
+echo
+echo "${LAYER_FILE}"
+echo "-------------------------"
+
+# Upload the layer to S3 for signing
+echo "Uploading layer to S3 for signing..."
+UUID=$(uuidgen)
+S3_UNSIGNED_ZIP_KEY="${UUID}.zip"
+S3_UNSIGNED_ZIP_URI="s3://${S3_BUCKET_NAME}/${S3_UNSIGNED_ZIP_KEY}"
+aws s3 cp $LAYER_FILE $S3_UNSIGNED_ZIP_URI
+
+# Start a signing job
+echo "Starting the signing job..."
+SIGNING_JOB_ID=$(aws signer start-signing-job \
+    --source "s3={bucketName=${S3_BUCKET_NAME},key=${S3_UNSIGNED_ZIP_KEY},version=null}" \
+    --destination "s3={bucketName=${S3_BUCKET_NAME}}" \
+    --profile-name $SIGNING_PROFILE_NAME \
+    --region $REGION \
+    --output json \
+    | jq -r '.jobId'\
+)
+
+# Wait for the signing job to complete
+echo "Waiting for the signing job to complete..."
+SECONDS_WAITED_SO_FAR=0
+while :
+do
+    sleep 3
+    SECONDS_WAITED_SO_FAR=$((SECONDS_WAITED_SO_FAR + 3))
+
+    SIGNING_JOB_DESCRIPTION=$(aws signer describe-signing-job \
+        --job-id $SIGNING_JOB_ID \
+        --region $REGION \
+        --output json
+    )
+    SIGNING_JOB_STATUS=$(echo $SIGNING_JOB_DESCRIPTION | jq -r '.status')
+    SIGNING_JOB_STATUS_REASON=$(echo $SIGNING_JOB_DESCRIPTION | jq -r '.statusReason')
+
+    if [ $SIGNING_JOB_STATUS = "Succeeded" ]; then
+        echo "Signing job succeeded!"
+        break
+    fi
+
+    if [ $SIGNING_JOB_STATUS = "Failed" ]; then
+        echo "ERROR: Signing job failed"
+        echo $SIGNING_JOB_STATUS_REASON
+        exit 1
+    fi
+
+    if [ $SECONDS_WAITED_SO_FAR -ge 60 ]; then
+        echo "ERROR: Timed out waiting for the signing job to complete"
+        exit 1
+    fi
+
+    echo "Signing job still in progress..."
+done
+
+# Download the signed ZIP, overwriting the original ZIP
+echo "Replacing the local layer with the signed layer from S3..."
+S3_SIGNED_ZIP_KEY="${SIGNING_JOB_ID}.zip"
+S3_SIGNED_ZIP_URI="s3://${S3_BUCKET_NAME}/${S3_SIGNED_ZIP_KEY}"
+aws s3 cp $S3_SIGNED_ZIP_URI $LAYER_FILE
+
+# Delete the signed and unsigned ZIPs in S3
+echo "Cleaning up the S3 bucket..."
+aws s3api delete-object --bucket $S3_BUCKET_NAME --key $S3_UNSIGNED_ZIP_KEY
+aws s3api delete-object --bucket $S3_BUCKET_NAME --key $S3_SIGNED_ZIP_KEY
+
+echo
+echo "Successfully signed the layer!"