Container insights ssl (#822)

go.mod

@@ -83,7 +83,7 @@ replace github.com/go-kit/kit => github.com/go-kit/kit v0.12.1-0.20220808180842-
 replace github.com/openshift/api v3.9.0+incompatible => github.com/openshift/api v0.0.0-20180801171038-322a19404e37
 
 require (
-	github.com/BurntSushi/toml v0.4.1
+	github.com/BurntSushi/toml v1.3.2
 	github.com/Jeffail/gabs v1.4.0
 	github.com/aws/aws-sdk-go v1.45.2
 	github.com/aws/aws-sdk-go-v2 v1.19.0

go.sum

@@ -94,8 +94,9 @@ github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c h1:/IBSNwUN8+eKzUzbJPqhK839ygXJ82sde8x3ogr6R28=
-github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
+github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/ClickHouse/clickhouse-go v1.5.4 h1:cKjXeYLNWVJIx2J1K6H2CqyRmfwVJVY1OV1coaaFcI0=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=

translator/tocwconfig/sampleConfig/base_container_insights_config.yaml

@@ -1,7 +1,7 @@
 connectors: {}
 exporters:
   awscloudwatchlogs/emf_logs:
-    certificate_file_path: ""
+    certificate_file_path: "/etc/test/ca_bundle.pem"
     emf_only: true
     endpoint: "https://fake_endpoint"
     imds_retries: 1
@@ -39,8 +39,8 @@ exporters:
     disable_metric_extraction: true
     version: "0"
     eks_fargate_container_insights_enabled: false
-    certificate_file_path: ""
-    endpoint: ""
+    certificate_file_path: "/etc/test/ca_bundle.pem"
+    endpoint: "https://fake_endpoint"
     enhanced_container_insights: false
     imds_retries: 1
     local_mode: false

translator/tocwconfig/sampleConfig/emf_and_kubernetes_config.yaml

@@ -35,7 +35,7 @@ exporters:
     disable_metric_extraction: true
     eks_fargate_container_insights_enabled: false
     certificate_file_path: ""
-    endpoint: ""
+    endpoint: "https://fake_endpoint"
     enhanced_container_insights: true
     imds_retries: 2
     local_mode: false

translator/tocwconfig/sampleConfig/kubernetes_on_prem_config.yaml

@@ -6,7 +6,7 @@ exporters:
     dimension_rollup_option: NoDimensionRollup
     disable_metric_extraction: true
     eks_fargate_container_insights_enabled: false
-    endpoint: ""
+    endpoint: "https://fake_endpoint"
     enhanced_container_insights: true
     imds_retries: 1
     local_mode: false

translator/tocwconfig/sampleConfig/log_ecs_metric_only.yaml

@@ -35,8 +35,8 @@ exporters:
     disable_metric_extraction: false
     eks_fargate_container_insights_enabled: false
     certificate_file_path: ""
-    endpoint: ""
-    imds_retries: 1
+    endpoint: "https://fake_endpoint"
+    "imds_retries": 1
     enhanced_container_insights: false
     local_mode: false
     log_group_name: /aws/ecs/containerinsights/{ClusterName}/performance

translator/tocwconfig/sampleConfig/logs_and_kubernetes_config.yaml

@@ -35,7 +35,7 @@ exporters:
     dimension_rollup_option: NoDimensionRollup
     disable_metric_extraction: false
     eks_fargate_container_insights_enabled: false
-    endpoint: ""
+    endpoint: "https://fake_endpoint"
     imds_retries: 0
     enhanced_container_insights: true
     local_mode: false

translator/tocwconfig/sampleConfig/prometheus_config_linux.yaml

@@ -8,8 +8,8 @@ exporters:
     retain_initial_value_of_delta_metric: false
     eks_fargate_container_insights_enabled: false
     certificate_file_path: ""
-    endpoint: ""
-    imds_retries: 1
+    endpoint: "https://fake_endpoint"
+    "imds_retries": 1
     enhanced_container_insights: false
     local_mode: false
     log_group_name: /aws/ecs/containerinsights/TestCluster/prometheus

translator/tocwconfig/sampleConfig/prometheus_config_windows.yaml

@@ -8,8 +8,8 @@ exporters:
     retain_initial_value_of_delta_metric: false
     eks_fargate_container_insights_enabled: false
     certificate_file_path: ""
-    endpoint: ""
-    imds_retries: 1
+    endpoint: "https://fake_endpoint"
+    "imds_retries": 1
     enhanced_container_insights: false
     local_mode: false
     log_group_name: /aws/ecs/containerinsights/TestCluster/prometheus

translator/tocwconfig/tocwconfig_test.go

@@ -59,7 +59,10 @@ func TestBaseContainerInsightsConfig(t *testing.T) {
 	context.CurrentContext().SetRunInContainer(true)
 	t.Setenv(config.HOST_NAME, "host_name_from_env")
 	t.Setenv(config.HOST_IP, "127.0.0.1")
-	expectedEnvVars := map[string]string{}
+	t.Setenv(envconfig.AWS_CA_BUNDLE, "/etc/test/ca_bundle.pem")
+	expectedEnvVars := map[string]string{
+		"AWS_CA_BUNDLE": "/etc/test/ca_bundle.pem",
+	}
 	checkTranslation(t, "base_container_insights_config", "linux", expectedEnvVars, "")
 	checkTranslation(t, "base_container_insights_config", "darwin", nil, "")
 }

translator/translate/otel/exporter/awsemf/translator.go

@@ -6,13 +6,15 @@ package awsemf
 import (
 	_ "embed"
 	"fmt"
+	"os"
 
 	"github.com/open-telemetry/opentelemetry-collector-contrib/exporter/awsemfexporter"
 	"go.opentelemetry.io/collector/component"
 	"go.opentelemetry.io/collector/confmap"
 	"go.opentelemetry.io/collector/exporter"
 	"gopkg.in/yaml.v3"
 
+	"github.com/aws/amazon-cloudwatch-agent/cfg/envconfig"
 	"github.com/aws/amazon-cloudwatch-agent/internal/retryer"
 	"github.com/aws/amazon-cloudwatch-agent/translator/translate/agent"
 	"github.com/aws/amazon-cloudwatch-agent/translator/translate/otel/common"
@@ -33,6 +35,7 @@ var (
 	kubernetesBasePathKey   = common.ConfigKey(common.LogsKey, common.MetricsCollectedKey, common.KubernetesKey)
 	prometheusBasePathKey   = common.ConfigKey(common.LogsKey, common.MetricsCollectedKey, common.PrometheusKey)
 	emfProcessorBasePathKey = common.ConfigKey(prometheusBasePathKey, common.EMFProcessorKey)
+	endpointOverrideKey     = common.ConfigKey(common.LogsKey, common.EndpointOverrideKey)
 )
 
 type translator struct {
@@ -79,6 +82,11 @@ func (t *translator) Translate(c *confmap.Conf) (component.Config, error) {
 		}
 	}
 	cfg.AWSSessionSettings.Region = agent.Global_Config.Region
+	if c.IsSet(endpointOverrideKey) {
+		cfg.AWSSessionSettings.Endpoint, _ = common.GetString(c, endpointOverrideKey)
+	}
+	cfg.AWSSessionSettings.CertificateFilePath = os.Getenv(envconfig.AWS_CA_BUNDLE)
+	cfg.AWSSessionSettings.Region = agent.Global_Config.Region
 	if profileKey, ok := agent.Global_Config.Credentials[agent.Profile_Key]; ok {
 		cfg.AWSSessionSettings.Profile = fmt.Sprintf("%v", profileKey)
 	}
@@ -100,7 +108,6 @@ func (t *translator) Translate(c *confmap.Conf) (component.Config, error) {
 			return nil, err
 		}
 	}
-
 	return cfg, nil
 }
 

translator/translate/otel/exporter/otel_aws_cloudwatch_logs/translator.go

@@ -89,7 +89,6 @@ func (t *translator) Translate(c *confmap.Conf) (component.Config, error) {
 	if c.IsSet(endpointOverrideKey) {
 		cfg.AWSSessionSettings.Endpoint, _ = common.GetString(c, endpointOverrideKey)
 	}
-
 	cfg.AWSSessionSettings.CertificateFilePath = os.Getenv(envconfig.AWS_CA_BUNDLE)
 	cfg.AWSSessionSettings.IMDSRetries = retryer.GetDefaultRetryNumber()
 	return cfg, nil