Add cloud account ID detection in EKS environment

Add cloud account ID detection in EKS environment

Author: tilakchowdary

processor/resourcedetectionprocessor/internal/aws/eks/detector.go

@@ -43,6 +43,7 @@ type detectorUtils interface {
 	getConfigMap(ctx context.Context, namespace string, name string) (map[string]string, error)
 	getClusterName(ctx context.Context, logger *zap.Logger) string
 	getClusterNameTagFromReservations([]*ec2.Reservation) string
+	getCloudAccountID(ctx context.Context, logger *zap.Logger) string
 }
 
 type eksDetectorUtils struct {
@@ -87,6 +88,10 @@ func (d *detector) Detect(ctx context.Context) (resource pcommon.Resource, schem
 
 	d.rb.SetCloudProvider(conventions.AttributeCloudProviderAWS)
 	d.rb.SetCloudPlatform(conventions.AttributeCloudPlatformAWSEKS)
+	if d.ra.CloudAccountID.Enabled {
+		accountId := d.utils.getCloudAccountID(ctx, d.logger)
+		d.rb.SetCloudAccountID(accountId)
+	}
 
 	if d.ra.K8sClusterName.Enabled {
 		clusterName := d.utils.getClusterName(ctx, d.logger)
@@ -194,3 +199,21 @@ func (e eksDetectorUtils) getClusterNameTagFromReservations(reservations []*ec2.
 
 	return ""
 }
+
+func (e eksDetectorUtils) getCloudAccountID(ctx context.Context, logger *zap.Logger) string {
+	defaultErrorMessage := "Unable to get EKS cluster account ID"
+	sess, err := session.NewSession()
+	if err != nil {
+		logger.Warn(defaultErrorMessage, zap.Error(err))
+		return ""
+	}
+
+	ec2Svc := ec2metadata.New(sess)
+	instanceIdentityDocument, err := ec2Svc.GetInstanceIdentityDocumentWithContext(ctx)
+	if err != nil {
+		logger.Warn(defaultErrorMessage, zap.Error(err))
+		return ""
+	}
+
+	return instanceIdentityDocument.AccountID
+}

processor/resourcedetectionprocessor/internal/aws/eks/detector_test.go

@@ -19,7 +19,8 @@ import (
 )
 
 const (
-	clusterName = "my-cluster"
+	clusterName    = "my-cluster"
+	cloudAccountId = "cloud1234"
 )
 
 type MockDetectorUtils struct {
@@ -40,6 +41,10 @@ func (detectorUtils *MockDetectorUtils) getClusterNameTagFromReservations(_ []*e
 	return clusterName
 }
 
+func (detectorUtils *MockDetectorUtils) getCloudAccountID(_ context.Context, _ *zap.Logger) string {
+	return cloudAccountId
+}
+
 func TestNewDetector(t *testing.T) {
 	dcfg := CreateDefaultConfig()
 	detector, err := NewDetector(processortest.NewNopSettings(), dcfg)
@@ -60,8 +65,9 @@ func TestEKS(t *testing.T) {
 	require.NoError(t, err)
 
 	assert.Equal(t, map[string]any{
-		"cloud.provider": "aws",
-		"cloud.platform": "aws_eks",
+		"cloud.provider":   "aws",
+		"cloud.platform":   "aws_eks",
+		"cloud.account.id": "cloud1234",
 	}, res.Attributes().AsRaw(), "Resource object returned is incorrect")
 }
 
@@ -72,3 +78,57 @@ func TestNotEKS(t *testing.T) {
 	require.NoError(t, err)
 	assert.Equal(t, 0, r.Attributes().Len(), "Resource object should be empty")
 }
+
+func TestEKSResourceDetection_ForCloudAccountID(t *testing.T) {
+	tests := []struct {
+		name           string
+		ra             metadata.ResourceAttributesConfig
+		expectedOutput map[string]any
+		shouldError    bool
+	}{
+		{
+			name: "Detects CloudAccountID when enabled",
+			ra: metadata.ResourceAttributesConfig{
+				CloudAccountID: metadata.ResourceAttributeConfig{Enabled: true},
+			},
+			expectedOutput: map[string]any{
+				"cloud.account.id": "cloud1234",
+			},
+			shouldError: false,
+		},
+		{
+			name: "Does not detect CloudAccountID when disabled",
+			ra: metadata.ResourceAttributesConfig{
+				CloudAccountID: metadata.ResourceAttributeConfig{Enabled: false},
+			},
+			expectedOutput: map[string]any{},
+			shouldError:    false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			detectorUtils := new(MockDetectorUtils)
+			ctx := context.Background()
+
+			t.Setenv("KUBERNETES_SERVICE_HOST", "localhost")
+			detectorUtils.On("getConfigMap", authConfigmapNS, authConfigmapName).Return(map[string]string{conventions.AttributeK8SClusterName: clusterName}, nil)
+
+			eksResourceDetector := &detector{
+				utils: detectorUtils,
+				err:   nil,
+				ra:    tt.ra,
+				rb:    metadata.NewResourceBuilder(tt.ra),
+			}
+			res, _, err := eksResourceDetector.Detect(ctx)
+
+			if tt.shouldError {
+				assert.Error(t, err)
+				return
+			}
+
+			assert.NoError(t, err)
+			assert.Equal(t, tt.expectedOutput, res.Attributes().AsRaw())
+		})
+	}
+}

processor/resourcedetectionprocessor/internal/aws/eks/documentation.md

@@ -8,6 +8,7 @@
 
 | Name | Description | Values | Enabled |
 | ---- | ----------- | ------ | ------- |
+| cloud.account.id | The cloud account id | Any Str | true |
 | cloud.platform | The cloud.platform | Any Str | true |
 | cloud.provider | The cloud.provider | Any Str | true |
 | k8s.cluster.name | The EKS cluster name. This attribute is currently only available when running on EC2 instances, and requires permission to run the EC2:DescribeInstances action. | Any Str | false |

processor/resourcedetectionprocessor/internal/aws/eks/internal/metadata/generated_config.go

@@ -1,6 +1,8 @@
 default:
 all_set:
   resource_attributes:
+    cloud.account.id:
+      enabled: true
     cloud.platform:
       enabled: true
     cloud.provider:
@@ -9,6 +11,8 @@ all_set:
       enabled: true
 none_set:
   resource_attributes:
+    cloud.account.id:
+      enabled: false
     cloud.platform:
       enabled: false
     cloud.provider:

processor/resourcedetectionprocessor/internal/aws/eks/internal/metadata/generated_config_test.go

@@ -11,6 +11,10 @@ resource_attributes:
     description: The cloud.platform
     type: string
     enabled: true
+  cloud.account.id:
+    description: The cloud account id
+    type: string
+    enabled: true
   k8s.cluster.name:
     description: The EKS cluster name. This attribute is currently only available when running on EC2 instances, and requires permission to run the EC2:DescribeInstances action.
     type: string