[util] Incorporating security-groups into tags collected from ec2

[JohnLZeller]

Looks like the agent pulls AWS host tags, but doesn't pull security-groups. Additionally, it doesn't look like there is a good way to grab security group ids from EC2, however we do have access to the security group names. The fix to apply here is simply to make sure we add that to the tags collected as security-group-name:<name>.

[JohnLZeller]

@tmichelet any opinion on whether or not it's a good idea to add this here?

(internal) https://trello.com/c/bHtGDDmS/35-agent-not-pulling-aws-host-tags

[tmichelet]

I think that makes sense for this use case

[tmichelet]

reading the doc, it seems like from within a VPC, when people update a security group this metadata won't be updated:

The names of the security groups applied to the instance.

After launch, you can only changes the security groups of instances running in a VPC. Such changes are reflected here and in network/interfaces/macs/mac/security-groups.

Is that a use case we want to handle? if not, 👍 good to merge, otherwise we'd need some more work

[tmichelet]

Also, this will churn all our contexts, is this something we want or do we want to have an option in the config for this tag?

[JohnLZeller]

Updated this PR by adding if EC2.metadata.get('security-groups'): to ensure we catch a situation where metadata does not contain security-groups

[remh]

@tmichelet is this ready to be merged ? Should we add another feature flag in datadog.conf to avoid churning existing contexts ?

[tmichelet]

@remh cc @JohnLZeller yes I believe we should add another feature flag in datadog.conf.

[JohnLZeller]

@tmichelet how's this?

[tmichelet]

👍 good to merge