Update config translation to respect common config profile and creds …

…file (#447) (cherry picked from commit e1860d3)
aws · Aug 18, 2023 · e2ef915 · e2ef915
1 parent c5c0f62
commit e2ef915
Show file tree

Hide file tree

Showing 11 changed files with 63 additions and 25 deletions.
diff --git a/translator/tocwconfig/sampleConfig/commonConfig/withCredentials.toml b/translator/tocwconfig/sampleConfig/commonConfig/withCredentials.toml
@@ -0,0 +1,23 @@
+# This common-config is used to configure items used for both ssm and cloudwatch access
+
+
+## Configuration for shared credential.
+## Default credential strategy will be used if it is absent here:
+## 	Instance role is used for EC2 case by default.
+##	AmazonCloudWatchAgent profile is used for onPremise case by default.
+[credentials]
+    shared_credential_profile = "default"
+    shared_credential_file = "/root/.aws/credentials"
+
+## Configuration for proxy.
+## System-wide environment-variable will be read if it is absent here.
+## i.e. HTTP_PROXY/http_proxy; HTTPS_PROXY/https_proxy; NO_PROXY/no_proxy
+## Note: system-wide environment-variable is not accessible when using ssm run-command.
+## Absent in both here and environment-variable means no proxy will be used.
+#[proxy]
+#    http_proxy = "http://127.0.0.1:3280"
+#    https_proxy = "https://127.0.0.1:3280"
+#    no_proxy = "254.1.1.1"
+
+#[ssl]
+#    ca_bundle_path = "/etc/test/ca_bundle.pem"
diff --git a/...config/sampleConfig/commonConfigTest.toml → ...commonConfig/withCredentialsProxySsl.toml b/...config/sampleConfig/commonConfigTest.toml → ...commonConfig/withCredentialsProxySsl.toml
diff --git a/translator/tocwconfig/sampleConfig/emf_and_kubernetes_config.yaml b/translator/tocwconfig/sampleConfig/emf_and_kubernetes_config.yaml
@@ -11,7 +11,7 @@ exporters:
     max_retries: 2
     no_verify_ssl: false
     num_workers: 8
-    profile: ""
+    profile: "default"
     proxy_address: ""
     raw_log: true
     region: us-east-1
@@ -27,7 +27,7 @@ exporters:
     role_arn: ""
     sending_queue:
       queue_size: 1000
-    shared_credentials_file: []
+    shared_credentials_file: [ "/root/.aws/credentials" ]
   awsemf/containerinsights:
     detailed_metrics: false
     dimension_rollup_option: NoDimensionRollup
@@ -159,8 +159,8 @@ exporters:
       enabled: true
     retain_initial_value_of_delta_metric: false
     role_arn: ""
-    profile: ""
-    shared_credentials_file: [ ]
+    profile: "default"
+    shared_credentials_file: [ "/root/.aws/credentials" ]
     version: "0"
 extensions: {}
 processors:
@@ -195,8 +195,8 @@ receivers:
     request_timeout_seconds: 0
     resource_arn: ""
     role_arn: ""
-    profile: ""
-    shared_credentials_file: []
+    profile: "default"
+    shared_credentials_file: [ "/root/.aws/credentials" ]
   tcplog/emf_logs:
     attributes: {}
     encoding: utf-8

diff --git a/translator/tocwconfig/sampleConfig/kubernetes_on_prem_config.yaml b/translator/tocwconfig/sampleConfig/kubernetes_on_prem_config.yaml
@@ -163,8 +163,8 @@ receivers:
     request_timeout_seconds: 0
     resource_arn: ""
     role_arn: ""
-    profile: ""
-    shared_credentials_file: []
+    profile: "AmazonCloudWatchAgent"
+    shared_credentials_file: [ "fake-path" ]
 service:
   extensions: []
   pipelines:

diff --git a/translator/tocwconfig/sampleConfig/trace_config_linux.yaml b/translator/tocwconfig/sampleConfig/trace_config_linux.yaml
@@ -15,8 +15,8 @@ exporters:
     request_timeout_seconds: 30
     resource_arn: ""
     role_arn: ""
-    profile: ""
-    shared_credentials_file: []
+    profile: "default"
+    shared_credentials_file: [ "/root/.aws/credentials" ]
     telemetry:
       enabled: true
       include_metadata: true

diff --git a/translator/tocwconfig/sampleConfig/trace_config_windows.yaml b/translator/tocwconfig/sampleConfig/trace_config_windows.yaml
@@ -15,8 +15,8 @@ exporters:
     request_timeout_seconds: 30
     resource_arn: ""
     role_arn: ""
-    profile: ""
-    shared_credentials_file: []
+    profile: "default"
+    shared_credentials_file: [ "/root/.aws/credentials" ]
     telemetry:
       enabled: true
       include_metadata: true

diff --git a/translator/tocwconfig/tocwconfig_test.go b/translator/tocwconfig/tocwconfig_test.go
@@ -56,6 +56,7 @@ func TestBaseContainerInsightsConfig(t *testing.T) {
 
 func TestEmfAndKubernetesConfig(t *testing.T) {
 	resetContext(t)
+	readCommonConfig(t, "./sampleConfig/commonConfig/withCredentials.toml")
 	context.CurrentContext().SetRunInContainer(true)
 	t.Setenv(config.HOST_NAME, "host_name_from_env")
 	t.Setenv(config.HOST_IP, "127.0.0.1")
@@ -168,6 +169,7 @@ func TestLogOnlyConfig(t *testing.T) {
 
 func TestTraceConfig(t *testing.T) {
 	resetContext(t)
+	readCommonConfig(t, "./sampleConfig/commonConfig/withCredentials.toml")
 	expectedEnvVars := map[string]string{}
 	checkTranslation(t, "trace_config", "linux", expectedEnvVars, "_linux")
 	checkTranslation(t, "trace_config", "darwin", expectedEnvVars, "_linux")
@@ -182,7 +184,7 @@ func TestConfigWithEnvironmentVariables(t *testing.T) {
 
 func TestStandardConfigWithCommonConfig(t *testing.T) {
 	resetContext(t)
-	readCommonConfig(t)
+	readCommonConfig(t, "./sampleConfig/commonConfig/withCredentialsProxySsl.toml")
 	expectedEnvVars := map[string]string{
 		"AWS_CA_BUNDLE": "/etc/test/ca_bundle.pem",
 		"HTTPS_PROXY":   "https://127.0.0.1:3280",
@@ -260,10 +262,10 @@ func checkTranslationForPaths(t *testing.T, jsonFilePath string, expectedTomlFil
 	verifyToYamlTranslation(t, input, expectedYamlFilePath, tokenReplacements...)
 }
 
-func readCommonConfig(t *testing.T) {
+func readCommonConfig(t *testing.T, commonConfigFilePath string) {
 	ctx := context.CurrentContext()
 	cfg := commonconfig.New()
-	data, _ := os.ReadFile("./sampleConfig/commonConfigTest.toml")
+	data, _ := os.ReadFile(commonConfigFilePath)
 	require.NoError(t, cfg.Parse(bytes.NewReader(data)))
 	ctx.SetCredentials(cfg.CredentialsMap())
 	ctx.SetProxy(cfg.ProxyMap())

diff --git a/translator/translate/otel/exporter/awsemf/translator.go b/translator/translate/otel/exporter/awsemf/translator.go
@@ -13,8 +13,6 @@ import (
 	"go.opentelemetry.io/collector/exporter"
 	"gopkg.in/yaml.v3"
 
-	"github.com/aws/amazon-cloudwatch-agent/translator/config"
-	"github.com/aws/amazon-cloudwatch-agent/translator/context"
 	"github.com/aws/amazon-cloudwatch-agent/translator/translate/agent"
 	"github.com/aws/amazon-cloudwatch-agent/translator/translate/otel/common"
 )
@@ -79,11 +77,11 @@ func (t *translator) Translate(c *confmap.Conf) (component.Config, error) {
 		}
 	}
 	cfg.AWSSessionSettings.Region = agent.Global_Config.Region
-	if context.CurrentContext().Mode() == config.ModeOnPrem || context.CurrentContext().Mode() == config.ModeOnPremise {
-		if profile, ok := agent.Global_Config.Credentials[agent.Profile_Key]; ok {
-			cfg.AWSSessionSettings.Profile = fmt.Sprintf("%v", profile)
-			cfg.AWSSessionSettings.SharedCredentialsFile = []string{fmt.Sprintf("%v", agent.Global_Config.Credentials[agent.CredentialsFile_Key])}
-		}
+	if profileKey, ok := agent.Global_Config.Credentials[agent.Profile_Key]; ok {
+		cfg.AWSSessionSettings.Profile = fmt.Sprintf("%v", profileKey)
+	}
+	if credentialsFileKey, ok := agent.Global_Config.Credentials[agent.CredentialsFile_Key]; ok {
+		cfg.AWSSessionSettings.SharedCredentialsFile = []string{fmt.Sprintf("%v", credentialsFileKey)}
 	}
 
 	if isEcs(c) {

diff --git a/translator/translate/otel/exporter/awsxray/translator.go b/translator/translate/otel/exporter/awsxray/translator.go
@@ -58,6 +58,12 @@ func (t *translator) Translate(conf *confmap.Conf) (component.Config, error) {
 	}
 	cfg.RoleARN = getRoleARN(conf)
 	cfg.Region = getRegion(conf)
+	if profileKey, ok := agent.Global_Config.Credentials[agent.Profile_Key]; ok {
+		cfg.AWSSessionSettings.Profile = fmt.Sprintf("%v", profileKey)
+	}
+	if credentialsFileKey, ok := agent.Global_Config.Credentials[agent.CredentialsFile_Key]; ok {
+		cfg.AWSSessionSettings.SharedCredentialsFile = []string{fmt.Sprintf("%v", credentialsFileKey)}
+	}
 	if endpointOverride, ok := common.GetString(conf, common.ConfigKey(common.TracesKey, common.EndpointOverrideKey)); ok {
 		cfg.Endpoint = endpointOverride
 	}

diff --git a/translator/translate/otel/exporter/otel_aws_cloudwatch_logs/translator.go b/translator/translate/otel/exporter/otel_aws_cloudwatch_logs/translator.go
@@ -75,9 +75,11 @@ func (t *translator) Translate(c *confmap.Conf) (component.Config, error) {
 		}
 	}
 
-	if profile, ok := agent.Global_Config.Credentials[agent.Profile_Key]; ok {
-		cfg.AWSSessionSettings.Profile = fmt.Sprintf("%v", profile)
-		cfg.AWSSessionSettings.SharedCredentialsFile = []string{fmt.Sprintf("%v", agent.Global_Config.Credentials[agent.CredentialsFile_Key])}
+	if profileKey, ok := agent.Global_Config.Credentials[agent.Profile_Key]; ok {
+		cfg.AWSSessionSettings.Profile = fmt.Sprintf("%v", profileKey)
+	}
+	if credentialsFileKey, ok := agent.Global_Config.Credentials[agent.CredentialsFile_Key]; ok {
+		cfg.AWSSessionSettings.SharedCredentialsFile = []string{fmt.Sprintf("%v", credentialsFileKey)}
 	}
 	cfg.AWSSessionSettings.RoleARN = agent.Global_Config.Role_arn
 	if c.IsSet(roleArnPathKey) {

diff --git a/translator/translate/otel/receiver/awscontainerinsight/translator.go b/translator/translate/otel/receiver/awscontainerinsight/translator.go
@@ -5,6 +5,7 @@ package awscontainerinsight
 
 import (
 	"errors"
+	"fmt"
 	"strings"
 	"time"
 
@@ -79,6 +80,12 @@ func (t *translator) Translate(conf *confmap.Conf) (component.Config, error) {
 	cfg.CollectionInterval = common.GetOrDefaultDuration(conf, intervalKeyChain, defaultMetricsCollectionInterval)
 	cfg.ContainerOrchestrator = configuredService.Value
 	cfg.AWSSessionSettings.Region = agent.Global_Config.Region
+	if profileKey, ok := agent.Global_Config.Credentials[agent.Profile_Key]; ok {
+		cfg.AWSSessionSettings.Profile = fmt.Sprintf("%v", profileKey)
+	}
+	if credentialsFileKey, ok := agent.Global_Config.Credentials[agent.CredentialsFile_Key]; ok {
+		cfg.AWSSessionSettings.SharedCredentialsFile = []string{fmt.Sprintf("%v", credentialsFileKey)}
+	}
 
 	if configuredService.Value == eks {
 		if err := t.setClusterName(conf, cfg); err != nil {