From 26e308f5d10921fcc232ee260c6c3e0e1cddf160 Mon Sep 17 00:00:00 2001 From: Jeffrey Chien Date: Thu, 1 Aug 2024 18:13:40 -0400 Subject: [PATCH] Reduce start-amazon-cloudwatch-agent binary size --- Makefile | 2 - .../amazon-cloudwatch-agent.go | 1 + cmd/config-downloader/downloader.go | 2 +- cmd/config-translator/translator.go | 3 +- cmd/start-amazon-cloudwatch-agent/path.go | 37 ++++++----- .../path_darwin.go | 16 ----- .../path_linux.go | 16 ----- .../path_windows.go | 5 +- .../start-amazon-cloudwatch-agent.go | 12 ++-- go.mod | 2 +- go.sum | 4 +- .../constants/constants.go | 4 +- .../util/user}/set_uid_gid.go | 2 +- .../util/user}/set_uid_gid_1_15_x32.go | 2 +- .../util/user}/set_uid_gid_1_15_x64.go | 2 +- .../util/user}/userutil.go | 35 +++-------- .../util/user}/userutil_darwin.go | 6 +- .../util/user}/userutil_darwin_test.go | 2 +- .../util/user}/userutil_linux.go | 6 +- .../util/user}/userutil_linux_test.go | 2 +- .../util/user}/userutil_test.go | 2 +- internal/util/user/userutil_windows.go | 19 ++++++ translator/cmdutil/credentials.go | 25 ++++++++ ...util_windows.go => credentials_windows.go} | 13 ---- translator/cmdutil/translatorutil.go | 61 +------------------ translator/jsonconfig/mergeJsonConfig.go | 3 +- translator/tocwconfig/tocwconfig_test.go | 4 +- .../agentToml.conf | 0 .../agentToml.json | 0 translator/translate/agent/ruleRunAsUser.go | 24 ++++++++ 30 files changed, 132 insertions(+), 180 deletions(-) delete mode 100644 cmd/start-amazon-cloudwatch-agent/path_darwin.go delete mode 100644 cmd/start-amazon-cloudwatch-agent/path_linux.go rename translator/config/errorCode.go => internal/constants/constants.go (72%) rename {translator/cmdutil => internal/util/user}/set_uid_gid.go (96%) rename {translator/cmdutil => internal/util/user}/set_uid_gid_1_15_x32.go (97%) rename {translator/cmdutil => internal/util/user}/set_uid_gid_1_15_x64.go (97%) rename {translator/cmdutil => internal/util/user}/userutil.go (72%) rename {translator/cmdutil => internal/util/user}/userutil_darwin.go (95%) rename {translator/cmdutil => internal/util/user}/userutil_darwin_test.go (97%) rename {translator/cmdutil => internal/util/user}/userutil_linux.go (94%) rename {translator/cmdutil => internal/util/user}/userutil_linux_test.go (98%) rename {translator/cmdutil => internal/util/user}/userutil_test.go (99%) create mode 100644 internal/util/user/userutil_windows.go create mode 100644 translator/cmdutil/credentials.go rename translator/cmdutil/{userutil_windows.go => credentials_windows.go} (52%) rename translator/tocwconfig/totomlconfig/{tomlConfigTemplate => testdata}/agentToml.conf (100%) rename translator/tocwconfig/totomlconfig/{tomlConfigTemplate => testdata}/agentToml.json (100%) create mode 100644 translator/translate/agent/ruleRunAsUser.go diff --git a/Makefile b/Makefile index 21b2fe7d88..44330b5b46 100644 --- a/Makefile +++ b/Makefile @@ -109,7 +109,6 @@ build-for-docker-amd64: $(LINUX_AMD64_BUILD)/amazon-cloudwatch-agent github.com/aws/amazon-cloudwatch-agent/cmd/amazon-cloudwatch-agent $(LINUX_AMD64_BUILD)/start-amazon-cloudwatch-agent github.com/aws/amazon-cloudwatch-agent/cmd/start-amazon-cloudwatch-agent $(LINUX_AMD64_BUILD)/config-translator github.com/aws/amazon-cloudwatch-agent/cmd/config-translator - cp $(BASE_SPACE)/packaging/opentelemetry-jmx-metrics.jar $(BUILD_SPACE)/bin/linux_amd64/opentelemetry-jmx-metrics.jar build-for-docker-windows-amd64: $(WIN_BUILD)/amazon-cloudwatch-agent.exe github.com/aws/amazon-cloudwatch-agent/cmd/amazon-cloudwatch-agent @@ -120,7 +119,6 @@ build-for-docker-arm64: $(LINUX_ARM64_BUILD)/amazon-cloudwatch-agent github.com/aws/amazon-cloudwatch-agent/cmd/amazon-cloudwatch-agent $(LINUX_ARM64_BUILD)/start-amazon-cloudwatch-agent github.com/aws/amazon-cloudwatch-agent/cmd/start-amazon-cloudwatch-agent $(LINUX_ARM64_BUILD)/config-translator github.com/aws/amazon-cloudwatch-agent/cmd/config-translator - cp $(BASE_SPACE)/packaging/opentelemetry-jmx-metrics.jar $(BUILD_SPACE)/bin/linux_arm64/opentelemetry-jmx-metrics.jar docker-build: build-for-docker-amd64 build-for-docker-arm64 docker buildx build --platform linux/amd64,linux/arm64 . -f amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localbin/Dockerfile -t $(IMAGE) diff --git a/cmd/amazon-cloudwatch-agent/amazon-cloudwatch-agent.go b/cmd/amazon-cloudwatch-agent/amazon-cloudwatch-agent.go index 2afac53173..a38fd5d069 100644 --- a/cmd/amazon-cloudwatch-agent/amazon-cloudwatch-agent.go +++ b/cmd/amazon-cloudwatch-agent/amazon-cloudwatch-agent.go @@ -242,6 +242,7 @@ func runAgent(ctx context.Context, c := config.NewConfig() c.OutputFilters = outputFilters c.InputFilters = inputFilters + c.AllowUnusedFields = true err = loadTomlConfigIntoAgent(c) if err != nil { diff --git a/cmd/config-downloader/downloader.go b/cmd/config-downloader/downloader.go index fc198b3db1..baa86eb74a 100644 --- a/cmd/config-downloader/downloader.go +++ b/cmd/config-downloader/downloader.go @@ -17,7 +17,7 @@ import ( "github.com/aws/aws-sdk-go/service/ssm" configaws "github.com/aws/amazon-cloudwatch-agent/cfg/aws" - commonconfig "github.com/aws/amazon-cloudwatch-agent/cfg/commonconfig" + "github.com/aws/amazon-cloudwatch-agent/cfg/commonconfig" "github.com/aws/amazon-cloudwatch-agent/translator/config" "github.com/aws/amazon-cloudwatch-agent/translator/context" "github.com/aws/amazon-cloudwatch-agent/translator/util" diff --git a/cmd/config-translator/translator.go b/cmd/config-translator/translator.go index 2d69a2c03c..ad213dfd27 100644 --- a/cmd/config-translator/translator.go +++ b/cmd/config-translator/translator.go @@ -12,6 +12,7 @@ import ( "path/filepath" "github.com/aws/amazon-cloudwatch-agent/cfg/commonconfig" + userutil "github.com/aws/amazon-cloudwatch-agent/internal/util/user" "github.com/aws/amazon-cloudwatch-agent/translator" "github.com/aws/amazon-cloudwatch-agent/translator/cmdutil" "github.com/aws/amazon-cloudwatch-agent/translator/context" @@ -104,7 +105,7 @@ func main() { // run as user only applies to non container situation. current, err := user.Current() if err == nil && current.Name == "root" { - runAsUser, err := cmdutil.DetectRunAsUser(mergedJsonConfigMap) + runAsUser, err := userutil.DetectRunAsUser(mergedJsonConfigMap) if err != nil { log.Panic("E! Failed to detectRunAsUser") } diff --git a/cmd/start-amazon-cloudwatch-agent/path.go b/cmd/start-amazon-cloudwatch-agent/path.go index bf17673c52..b94c055a73 100644 --- a/cmd/start-amazon-cloudwatch-agent/path.go +++ b/cmd/start-amazon-cloudwatch-agent/path.go @@ -14,14 +14,15 @@ import ( "os/exec" "syscall" + "github.com/BurntSushi/toml" + + "github.com/aws/amazon-cloudwatch-agent/cfg/envconfig" + "github.com/aws/amazon-cloudwatch-agent/internal/util/user" "github.com/aws/amazon-cloudwatch-agent/tool/paths" - "github.com/aws/amazon-cloudwatch-agent/translator/cmdutil" - "github.com/aws/amazon-cloudwatch-agent/translator/config" - "github.com/aws/amazon-cloudwatch-agent/translator/context" ) func startAgent(writer io.WriteCloser) error { - if os.Getenv(config.RUN_IN_CONTAINER) == config.RUN_IN_CONTAINER_TRUE { + if envconfig.IsRunningInContainer() { // Use exec so PID 1 changes to agent from start-agent. execArgs := []string{ paths.AgentBinaryPath, // when using syscall.Exec, must pass binary name as args[0] @@ -37,13 +38,16 @@ func startAgent(writer io.WriteCloser) error { return nil } - mergedJsonConfigMap, err := generateMergedJsonConfigMap() + configMap, err := getTOMLConfigMap() if err != nil { - log.Printf("E! Failed to generate merged json config: %v ", err) + log.Printf("E! Failed to read TOML config: %v ", err) return err } - _, err = cmdutil.ChangeUser(mergedJsonConfigMap) + runAsUser, _ := user.DetectRunAsUser(configMap) + log.Printf("I! Detected runAsUser: %v", runAsUser) + + _, err = user.ChangeUser(runAsUser) if err != nil { log.Printf("E! Failed to ChangeUser: %v ", err) return err @@ -77,11 +81,16 @@ func startAgent(writer io.WriteCloser) error { return nil } -func generateMergedJsonConfigMap() (map[string]interface{}, error) { - ctx := context.CurrentContext() - setCTXOS(ctx) - ctx.SetInputJsonFilePath(paths.JsonConfigPath) - ctx.SetInputJsonDirPath(paths.JsonDirPath) - ctx.SetMultiConfig("remove") - return cmdutil.GenerateMergedJsonConfigMap(ctx) +func getTOMLConfigMap() (map[string]any, error) { + f, err := os.Open(paths.TomlConfigPath) + if err != nil { + return nil, err + } + defer f.Close() + var m map[string]any + _, err = toml.NewDecoder(f).Decode(&m) + if err != nil { + return nil, err + } + return m, nil } diff --git a/cmd/start-amazon-cloudwatch-agent/path_darwin.go b/cmd/start-amazon-cloudwatch-agent/path_darwin.go deleted file mode 100644 index c02edf1513..0000000000 --- a/cmd/start-amazon-cloudwatch-agent/path_darwin.go +++ /dev/null @@ -1,16 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: MIT - -//go:build darwin -// +build darwin - -package main - -import ( - "github.com/aws/amazon-cloudwatch-agent/translator/config" - "github.com/aws/amazon-cloudwatch-agent/translator/context" -) - -func setCTXOS(ctx *context.Context) { - ctx.SetOs(config.OS_TYPE_DARWIN) -} diff --git a/cmd/start-amazon-cloudwatch-agent/path_linux.go b/cmd/start-amazon-cloudwatch-agent/path_linux.go deleted file mode 100644 index 99122114f4..0000000000 --- a/cmd/start-amazon-cloudwatch-agent/path_linux.go +++ /dev/null @@ -1,16 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: MIT - -//go:build linux -// +build linux - -package main - -import ( - "github.com/aws/amazon-cloudwatch-agent/translator/config" - "github.com/aws/amazon-cloudwatch-agent/translator/context" -) - -func setCTXOS(ctx *context.Context) { - ctx.SetOs(config.OS_TYPE_LINUX) -} diff --git a/cmd/start-amazon-cloudwatch-agent/path_windows.go b/cmd/start-amazon-cloudwatch-agent/path_windows.go index 8337a6f0ee..a253348f64 100644 --- a/cmd/start-amazon-cloudwatch-agent/path_windows.go +++ b/cmd/start-amazon-cloudwatch-agent/path_windows.go @@ -13,13 +13,12 @@ import ( "os" "os/exec" + "github.com/aws/amazon-cloudwatch-agent/cfg/envconfig" "github.com/aws/amazon-cloudwatch-agent/tool/paths" - "github.com/aws/amazon-cloudwatch-agent/translator/config" ) func startAgent(writer io.WriteCloser) error { - - if os.Getenv(config.RUN_IN_CONTAINER) != config.RUN_IN_CONTAINER_TRUE { + if !envconfig.IsRunningInContainer() { if err := writer.Close(); err != nil { log.Printf("E! Cannot close the log file, ERROR is %v \n", err) return err diff --git a/cmd/start-amazon-cloudwatch-agent/start-amazon-cloudwatch-agent.go b/cmd/start-amazon-cloudwatch-agent/start-amazon-cloudwatch-agent.go index 0c23787f06..39abcb6a9f 100644 --- a/cmd/start-amazon-cloudwatch-agent/start-amazon-cloudwatch-agent.go +++ b/cmd/start-amazon-cloudwatch-agent/start-amazon-cloudwatch-agent.go @@ -14,16 +14,14 @@ import ( "gopkg.in/natefinch/lumberjack.v2" + "github.com/aws/amazon-cloudwatch-agent/cfg/envconfig" + "github.com/aws/amazon-cloudwatch-agent/internal/constants" "github.com/aws/amazon-cloudwatch-agent/tool/paths" - "github.com/aws/amazon-cloudwatch-agent/translator/config" ) -// We use an environment variable here because we need this condition before the translator reads agent config json file. -var runInContainer = os.Getenv(config.RUN_IN_CONTAINER) - func translateConfig() error { args := []string{"--output", paths.TomlConfigPath, "--mode", "auto"} - if runInContainer == config.RUN_IN_CONTAINER_TRUE { + if envconfig.IsRunningInContainer() { args = append(args, "--input-dir", paths.CONFIG_DIR_IN_CONTAINER) } else { args = append(args, "--input", paths.JsonConfigPath, "--input-dir", paths.JsonDirPath, "--config", paths.CommonConfigPath) @@ -39,7 +37,7 @@ func translateConfig() error { case status.Exited(): log.Printf("I! Return exit error: exit code=%d\n", status.ExitStatus()) - if status.ExitStatus() == config.ERR_CODE_NOJSONFILE { + if status.ExitStatus() == constants.ExitCodeNoJSONFile { log.Printf("I! No json config files found, please provide config, exit now\n") os.Exit(0) } @@ -55,7 +53,7 @@ func translateConfig() error { func main() { var writer io.WriteCloser - if runInContainer != config.RUN_IN_CONTAINER_TRUE { + if !envconfig.IsRunningInContainer() { writer = &lumberjack.Logger{ Filename: paths.AgentLogFilePath, MaxSize: 100, //MB diff --git a/go.mod b/go.mod index 44c46ce737..1329f72f5e 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module github.com/aws/amazon-cloudwatch-agent go 1.22.4 -replace github.com/influxdata/telegraf => github.com/aws/telegraf v0.10.2-0.20240423220441-63baeaedb379 +replace github.com/influxdata/telegraf => github.com/aws/telegraf v0.10.2-0.20240802204712-483bd77d26a2 replace ( go.opentelemetry.io/collector/config/configgrpc => github.com/amazon-contributing/opentelemetry-collector-contrib/config/configgrpc v0.0.0-20240709194807-b0f0c0eda01b diff --git a/go.sum b/go.sum index 50a336c5a2..2ab537c562 100644 --- a/go.sum +++ b/go.sum @@ -325,8 +325,8 @@ github.com/aws/aws-sdk-go-v2/service/timestreamwrite v1.13.6/go.mod h1:akrYtxss2 github.com/aws/smithy-go v1.8.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= github.com/aws/smithy-go v1.17.0 h1:wWJD7LX6PBV6etBUwO0zElG0nWN9rUhp0WdYeHSHAaI= github.com/aws/smithy-go v1.17.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE= -github.com/aws/telegraf v0.10.2-0.20240423220441-63baeaedb379 h1:EaMA5kc5yQzobctnBE8MYD9h4HPQ/YtCg4u0mFKXAj8= -github.com/aws/telegraf v0.10.2-0.20240423220441-63baeaedb379/go.mod h1:tSaq8qDvwntXHIWy6YTHPoWttYsOnF7Hm3mpZfHkIrA= +github.com/aws/telegraf v0.10.2-0.20240802204712-483bd77d26a2 h1:MxKmCOpGDxB6nrezuG/kUbzVNq5I5TMXt6ymrjiL5xU= +github.com/aws/telegraf v0.10.2-0.20240802204712-483bd77d26a2/go.mod h1:5LhWLYfsZ7isLfw+TJUxPdTuzYuP8qiMiXz/DvqovRY= github.com/aws/telegraf/patches/gopsutil/v3 v3.0.0-20231109213610-a8c21c54a2be h1:sF6OUdk1hpuX7lf74vn+zBUFtQRe+hky0jmMYyFp5Kk= github.com/aws/telegraf/patches/gopsutil/v3 v3.0.0-20231109213610-a8c21c54a2be/go.mod h1:1W1wnODUDv+FBSAtAa878Kxto5kj8eV+kI0AF4LIjq4= github.com/awslabs/kinesis-aggregation/go v0.0.0-20210630091500-54e17340d32f h1:Pf0BjJDga7C98f0vhw+Ip5EaiE07S3lTKpIYPNS0nMo= diff --git a/translator/config/errorCode.go b/internal/constants/constants.go similarity index 72% rename from translator/config/errorCode.go rename to internal/constants/constants.go index 5de5bfb2cc..8f0635bf4a 100644 --- a/translator/config/errorCode.go +++ b/internal/constants/constants.go @@ -1,8 +1,8 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: MIT -package config +package constants const ( - ERR_CODE_NOJSONFILE = 99 + ExitCodeNoJSONFile = 99 ) diff --git a/translator/cmdutil/set_uid_gid.go b/internal/util/user/set_uid_gid.go similarity index 96% rename from translator/cmdutil/set_uid_gid.go rename to internal/util/user/set_uid_gid.go index 374cba1ce4..dfa5bb93ed 100644 --- a/translator/cmdutil/set_uid_gid.go +++ b/internal/util/user/set_uid_gid.go @@ -4,7 +4,7 @@ //go:build linux && go1.16 // +build linux,go1.16 -package cmdutil +package user import "syscall" diff --git a/translator/cmdutil/set_uid_gid_1_15_x32.go b/internal/util/user/set_uid_gid_1_15_x32.go similarity index 97% rename from translator/cmdutil/set_uid_gid_1_15_x32.go rename to internal/util/user/set_uid_gid_1_15_x32.go index 2c4ac4702c..d9e7397acc 100644 --- a/translator/cmdutil/set_uid_gid_1_15_x32.go +++ b/internal/util/user/set_uid_gid_1_15_x32.go @@ -6,7 +6,7 @@ // +build 386 arm // +build !go1.16 -package cmdutil +package user import ( "golang.org/x/sys/unix" diff --git a/translator/cmdutil/set_uid_gid_1_15_x64.go b/internal/util/user/set_uid_gid_1_15_x64.go similarity index 97% rename from translator/cmdutil/set_uid_gid_1_15_x64.go rename to internal/util/user/set_uid_gid_1_15_x64.go index e300c13e0c..ddb00a72ca 100644 --- a/translator/cmdutil/set_uid_gid_1_15_x64.go +++ b/internal/util/user/set_uid_gid_1_15_x64.go @@ -6,7 +6,7 @@ // +build arm64 amd64 mips mipsle mips64 mips64le ppc ppc64 ppc64le riscv64 s390x // +build !go1.16 -package cmdutil +package user import ( "golang.org/x/sys/unix" diff --git a/translator/cmdutil/userutil.go b/internal/util/user/userutil.go similarity index 72% rename from translator/cmdutil/userutil.go rename to internal/util/user/userutil.go index 0b83aa5c03..a9e26d7cdf 100644 --- a/translator/cmdutil/userutil.go +++ b/internal/util/user/userutil.go @@ -4,16 +4,13 @@ //go:build linux || darwin // +build linux darwin -package cmdutil +package user import ( "fmt" "log" "os" "path/filepath" - - "github.com/aws/amazon-cloudwatch-agent/translator/config" - "github.com/aws/amazon-cloudwatch-agent/translator/context" ) var ( @@ -27,23 +24,21 @@ type ChownFunc func(name string, uid, gid int) error var chown ChownFunc = os.Chown // DetectRunAsUser get the user name from toml config. It runs on all platforms except windows. -func DetectRunAsUser(mergedJsonConfigMap map[string]interface{}) (runAsUser string, err error) { +func DetectRunAsUser(configMap map[string]any) (string, error) { fmt.Printf("I! Detecting run_as_user...\n") - if agentSection, ok := mergedJsonConfigMap["agent"]; ok { - agent := agentSection.(map[string]interface{}) + if agentSection, ok := configMap["agent"]; ok { + agent := agentSection.(map[string]any) if user, ok := agent["run_as_user"]; ok { - if runasuser, ok := user.(string); ok { - return runasuser, nil + if runAsUser, ok := user.(string); ok { + return runAsUser, nil } - log.Panicf("E! run_as_user is not string %v", user) } - - // agent section exists, but "runasuser" does not exist, then use "root" + // agent section exists, but "run_as_user" does not exist, then use "root" return "root", nil } - // no agent section, it means no runasuser, use "root" + // no agent section, it means no run_as_user, use "root" return "root", nil } @@ -70,7 +65,6 @@ func changeFileOwner(uid, gid int) error { // or with special purpose to be changed to be owned by root when run_as_user option // is removed from the configuration func chownRecursive(uid, gid int, dir string) error { - err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error { if err != nil { return err @@ -100,7 +94,7 @@ func chownRecursive(uid, gid int, dir string) error { return nil } - if err := chown(path, uid, gid); err != nil { + if err = chown(path, uid, gid); err != nil { return err } return nil @@ -111,14 +105,3 @@ func chownRecursive(uid, gid int, dir string) error { } return nil } - -func VerifyCredentials(ctx *context.Context, runAsUser string) { - credentials := ctx.Credentials() - if (config.ModeOnPrem == ctx.Mode()) || (config.ModeOnPremise == ctx.Mode()) { - if runAsUser != "root" { - if _, ok := credentials["shared_credential_file"]; !ok { - log.Panic("E! Credentials path is not set while runasuser is not root") - } - } - } -} diff --git a/translator/cmdutil/userutil_darwin.go b/internal/util/user/userutil_darwin.go similarity index 95% rename from translator/cmdutil/userutil_darwin.go rename to internal/util/user/userutil_darwin.go index 568ff3b14a..c43971b356 100644 --- a/translator/cmdutil/userutil_darwin.go +++ b/internal/util/user/userutil_darwin.go @@ -4,7 +4,7 @@ //go:build darwin // +build darwin -package cmdutil +package user import ( "fmt" @@ -113,9 +113,7 @@ func switchUser(execUser *user.User) error { return nil } -func ChangeUser(mergedJsonConfigMap map[string]interface{}) (string, error) { - runAsUser, _ := DetectRunAsUser(mergedJsonConfigMap) - log.Printf("I! Detected runAsUser: %v", runAsUser) +func ChangeUser(runAsUser string) (string, error) { if runAsUser == "" { return "root", nil } diff --git a/translator/cmdutil/userutil_darwin_test.go b/internal/util/user/userutil_darwin_test.go similarity index 97% rename from translator/cmdutil/userutil_darwin_test.go rename to internal/util/user/userutil_darwin_test.go index 471f2287ce..041f9fb1eb 100644 --- a/translator/cmdutil/userutil_darwin_test.go +++ b/internal/util/user/userutil_darwin_test.go @@ -4,7 +4,7 @@ //go:build darwin // +build darwin -package cmdutil +package user import ( "testing" diff --git a/translator/cmdutil/userutil_linux.go b/internal/util/user/userutil_linux.go similarity index 94% rename from translator/cmdutil/userutil_linux.go rename to internal/util/user/userutil_linux.go index c40b0f1daa..f37327885e 100644 --- a/translator/cmdutil/userutil_linux.go +++ b/internal/util/user/userutil_linux.go @@ -4,7 +4,7 @@ //go:build linux // +build linux -package cmdutil +package user import ( "bufio" @@ -141,9 +141,7 @@ func getRunAsExecUser(runasuser string) (*ExecUser, error) { return toExecUser(newUser) } -func ChangeUser(mergedJsonConfigMap map[string]interface{}) (string, error) { - runAsUser, _ := DetectRunAsUser(mergedJsonConfigMap) - log.Printf("I! Detected runAsUser: %v", runAsUser) +func ChangeUser(runAsUser string) (string, error) { if runAsUser == "" { runAsUser = "root" } diff --git a/translator/cmdutil/userutil_linux_test.go b/internal/util/user/userutil_linux_test.go similarity index 98% rename from translator/cmdutil/userutil_linux_test.go rename to internal/util/user/userutil_linux_test.go index e62e20c512..eb63bc20ca 100644 --- a/translator/cmdutil/userutil_linux_test.go +++ b/internal/util/user/userutil_linux_test.go @@ -4,7 +4,7 @@ //go:build linux // +build linux -package cmdutil +package user import ( "fmt" diff --git a/translator/cmdutil/userutil_test.go b/internal/util/user/userutil_test.go similarity index 99% rename from translator/cmdutil/userutil_test.go rename to internal/util/user/userutil_test.go index a42c5ed981..8c15363de8 100644 --- a/translator/cmdutil/userutil_test.go +++ b/internal/util/user/userutil_test.go @@ -4,7 +4,7 @@ //go:build !windows // +build !windows -package cmdutil +package user import ( "os" diff --git a/internal/util/user/userutil_windows.go b/internal/util/user/userutil_windows.go new file mode 100644 index 0000000000..b762de96d3 --- /dev/null +++ b/internal/util/user/userutil_windows.go @@ -0,0 +1,19 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: MIT + +//go:build windows +// +build windows + +package user + +func SetupUser(u string) error { + return nil +} + +func ChangeUser(runAsUser string) (user string, err error) { + return "", nil +} + +func DetectRunAsUser(mergedJsonConfigMap map[string]any) (runAsUser string, err error) { + return "", nil +} diff --git a/translator/cmdutil/credentials.go b/translator/cmdutil/credentials.go new file mode 100644 index 0000000000..1809fe3cfd --- /dev/null +++ b/translator/cmdutil/credentials.go @@ -0,0 +1,25 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: MIT + +//go:build linux || darwin +// +build linux darwin + +package cmdutil + +import ( + "log" + + "github.com/aws/amazon-cloudwatch-agent/translator/config" + "github.com/aws/amazon-cloudwatch-agent/translator/context" +) + +func VerifyCredentials(ctx *context.Context, runAsUser string) { + credentials := ctx.Credentials() + if (config.ModeOnPrem == ctx.Mode()) || (config.ModeOnPremise == ctx.Mode()) { + if runAsUser != "root" { + if _, ok := credentials["shared_credential_file"]; !ok { + log.Panic("E! Credentials path is not set while runasuser is not root") + } + } + } +} diff --git a/translator/cmdutil/userutil_windows.go b/translator/cmdutil/credentials_windows.go similarity index 52% rename from translator/cmdutil/userutil_windows.go rename to translator/cmdutil/credentials_windows.go index 9e960457b7..02ae35c861 100644 --- a/translator/cmdutil/userutil_windows.go +++ b/translator/cmdutil/credentials_windows.go @@ -8,19 +8,6 @@ package cmdutil import "github.com/aws/amazon-cloudwatch-agent/translator/context" -func SetupUser(u string) error { - return nil -} - -func ChangeUser(mergedJsonConfigMap map[string]interface{}) (user string, err error) { - - return "", nil -} - func VerifyCredentials(ctx *context.Context, runAsUser string) { } - -func DetectRunAsUser(mergedJsonConfigMap map[string]interface{}) (runAsUser string, err error) { - return "", nil -} diff --git a/translator/cmdutil/translatorutil.go b/translator/cmdutil/translatorutil.go index 8a131dbb30..2eb22d427f 100644 --- a/translator/cmdutil/translatorutil.go +++ b/translator/cmdutil/translatorutil.go @@ -24,7 +24,6 @@ import ( "github.com/aws/amazon-cloudwatch-agent/translator/tocwconfig/toyamlconfig" "github.com/aws/amazon-cloudwatch-agent/translator/translate" "github.com/aws/amazon-cloudwatch-agent/translator/translate/otel" - "github.com/aws/amazon-cloudwatch-agent/translator/translate/otel/common" translatorUtil "github.com/aws/amazon-cloudwatch-agent/translator/util" ) @@ -227,65 +226,9 @@ func TranslateJsonMapToYamlConfig(jsonConfigValue interface{}) (interface{}, err if err != nil { return nil, err } - var result map[string]any - if result, err = mapstructure.Marshal(cfg); err != nil { - return nil, err - } - ConvertOtelNullToEmpty(result) - RemoveTLSRedacted(result) - return result, nil -} -func RemoveTLSRedacted(stringMap map[string]interface{}) { - type Node struct { - isTLSParent bool - parentKey string - data map[string]interface{} - } - root := Node{isTLSParent: false, parentKey: "", data: stringMap} - queue := []Node{root} - // Using BFS search through string Map and find sub settings of TLS - // Then delete REDACTED settings under TLS - for len(queue) > 0 { - node := queue[0] - queue = queue[1:] - for key, child := range node.data { - if childMap, ok := child.(map[string]interface{}); ok { - queue = append(queue, Node{key == common.TLSKey, key, childMap}) - } else if child == "[REDACTED]" && (node.isTLSParent) { - delete(node.data, key) - } - } - } -} -func ConvertOtelNullToEmpty(stringMap map[string]interface{}) { - receivers, ok := stringMap["receivers"].(map[string]interface{}) - if !ok { - return - } - for key, value := range receivers { - if !strings.Contains(key, "otlp/metrics") { - continue - } - otlp, ok := value.(map[string]interface{}) - if !ok { - return - } - protocols, ok := otlp["protocols"].(map[string]interface{}) - if !ok { - return - } - //Remove either HTTP or GRPC depending on if one of them is used and other isn't - http, ok := protocols["http"] - if http == nil { - delete(protocols, "http") - } - grpc, ok := protocols["grpc"] - if grpc == nil { - delete(protocols, "grpc") - } - } - return + return mapstructure.Marshal(cfg) } + func ConfigToTomlFile(config interface{}, tomlConfigFilePath string) error { res := totomlconfig.ToTomlConfig(config) return os.WriteFile(tomlConfigFilePath, []byte(res), fileMode) diff --git a/translator/jsonconfig/mergeJsonConfig.go b/translator/jsonconfig/mergeJsonConfig.go index 7f04c848d4..2ac0cb9ab1 100644 --- a/translator/jsonconfig/mergeJsonConfig.go +++ b/translator/jsonconfig/mergeJsonConfig.go @@ -8,6 +8,7 @@ import ( "os" "sort" + "github.com/aws/amazon-cloudwatch-agent/internal/constants" "github.com/aws/amazon-cloudwatch-agent/translator" "github.com/aws/amazon-cloudwatch-agent/translator/config" "github.com/aws/amazon-cloudwatch-agent/translator/jsonconfig/mergeJsonUtil" @@ -26,7 +27,7 @@ func MergeJsonConfigMaps(jsonConfigMapMap map[string]map[string]interface{}, def } } if multiConfig == "remove" { - os.Exit(config.ERR_CODE_NOJSONFILE) + os.Exit(constants.ExitCodeNoJSONFile) } else { log.Println("No json config files found, use the default one") } diff --git a/translator/tocwconfig/tocwconfig_test.go b/translator/tocwconfig/tocwconfig_test.go index 901257205b..4fd9049521 100644 --- a/translator/tocwconfig/tocwconfig_test.go +++ b/translator/tocwconfig/tocwconfig_test.go @@ -564,7 +564,7 @@ func TestIgnoreInvalidAppendDimensions(t *testing.T) { func TestTomlToTomlComparison(t *testing.T) { resetContext(t) - var jsonFilePath = "./totomlconfig/tomlConfigTemplate/agentToml.json" + var jsonFilePath = "./totomlconfig/testdata/agentToml.json" var input interface{} x := os.Getenv("HOST_NAME") require.Equal(t, "", x) @@ -572,7 +572,7 @@ func TestTomlToTomlComparison(t *testing.T) { content, err := os.ReadFile(jsonFilePath) require.NoError(t, err) require.NoError(t, json.Unmarshal(content, &input)) - verifyToTomlTranslation(t, input, "./totomlconfig/tomlConfigTemplate/agentToml.conf", map[string]string{}) + verifyToTomlTranslation(t, input, "./totomlconfig/testdata/agentToml.conf", map[string]string{}) } func checkTranslation(t *testing.T, fileName string, targetPlatform string, expectedEnvVars map[string]string, appendString string, tokenReplacements ...map[string]string) { diff --git a/translator/tocwconfig/totomlconfig/tomlConfigTemplate/agentToml.conf b/translator/tocwconfig/totomlconfig/testdata/agentToml.conf similarity index 100% rename from translator/tocwconfig/totomlconfig/tomlConfigTemplate/agentToml.conf rename to translator/tocwconfig/totomlconfig/testdata/agentToml.conf diff --git a/translator/tocwconfig/totomlconfig/tomlConfigTemplate/agentToml.json b/translator/tocwconfig/totomlconfig/testdata/agentToml.json similarity index 100% rename from translator/tocwconfig/totomlconfig/tomlConfigTemplate/agentToml.json rename to translator/tocwconfig/totomlconfig/testdata/agentToml.json diff --git a/translator/translate/agent/ruleRunAsUser.go b/translator/translate/agent/ruleRunAsUser.go new file mode 100644 index 0000000000..7e99f54f16 --- /dev/null +++ b/translator/translate/agent/ruleRunAsUser.go @@ -0,0 +1,24 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: MIT + +package agent + +import ( + "github.com/aws/amazon-cloudwatch-agent/translator" +) + +type RunAsUser struct { +} + +func (r *RunAsUser) ApplyRule(input interface{}) (returnKey string, returnVal interface{}) { + returnKey, returnVal = translator.DefaultCase("run_as_user", nil, input) + if returnVal == nil { + returnKey = "" + } + return +} + +func init() { + r := new(RunAsUser) + RegisterRule("run_as_user", r) +}