Merge pull request #512 from fierlion/v1.62.0-1-stage

V1.62.0 1 stage

Author: fierlion

CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+## 1.62.0-1
+* Update golang version 1.18.3
+
 ## 1.61.3-1
 * Cache Agent version 1.61.3
 

ecs-init/ECSVERSION

@@ -1 +1 @@
-1.61.3
+1.62.0

ecs-init/config/common.go

@@ -46,7 +46,7 @@ const (
 	// DefaultAgentVersion is the version of the agent that will be
 	// fetched if required. This should look like v1.2.3 or an
 	// 8-character sha, as is downloadable from S3.
-	DefaultAgentVersion = "v1.61.3"
+	DefaultAgentVersion = "v1.62.0"
 
 	// AgentPartitionBucketName is the name of the paritional s3 bucket that stores the agent
 	AgentPartitionBucketName = "amazon-ecs-agent"

ecs-init/docker/docker.go

@@ -79,6 +79,11 @@ const (
 	// For more information on setns, please read this manpage:
 	// http://man7.org/linux/man-pages/man2/setns.2.html
 	CapSysAdmin = "SYS_ADMIN"
+	// CapChown to start agent with CAP_CHOWN capability
+	// This is needed for the ECS Agent to invoke the chown call when
+	// configuring the files for configuration or administration.
+	// http://man7.org/linux/man-pages/man2/chown.2.html
+	CapChown = "CAP_CHOWN"
 	// DefaultCgroupMountpoint is the default mount point for the cgroup subsystem
 	DefaultCgroupMountpoint = "/sys/fs/cgroup"
 	// pluginSocketFilesDir specifies the location of UNIX domain socket files of
@@ -117,9 +122,7 @@ const (
 	containerResourcesRootDir = "/managed-agents"
 
 	execCapabilityName     = "execute-command"
-	execBinRelativePath    = "bin"
 	execConfigRelativePath = "config"
-	execCertsRelativePath  = "certs"
 
 	execAgentLogRelativePath = "/exec"
 )
@@ -432,7 +435,7 @@ func (c *client) getHostConfig(envVarsFromFiles map[string]string) *godocker.Hos
 	binds = append(binds, getDockerPluginDirBinds()...)
 
 	// only add bind mounts when the src file/directory exists on host; otherwise docker API create an empty directory on host
-	binds = append(binds, getCapabilityExecBinds()...)
+	binds = append(binds, getCapabilityBinds()...)
 
 	return createHostConfig(binds)
 }
@@ -468,31 +471,24 @@ func getDockerPluginDirBinds() []string {
 	return pluginBinds
 }
 
-func getCapabilityExecBinds() []string {
-	hostResourcesDir := filepath.Join(hostResourcesRootDir, execCapabilityName)
-	containerResourcesDir := filepath.Join(containerResourcesRootDir, execCapabilityName)
+func getCapabilityBinds() []string {
+	var binds = []string{}
 
-	var binds []string
-
-	// bind mount the entire /host/dependency/path/execute-command/bin folder
-	hostBinDir := filepath.Join(hostResourcesDir, execBinRelativePath)
-	if isPathValid(hostBinDir, true) {
+	// bind mount the entire /host/dependency/path/ folder
+	// as readonly to support all managed dependencies
+	if isPathValid(hostResourcesRootDir, true) {
 		binds = append(binds,
-			hostBinDir+":"+filepath.Join(containerResourcesDir, execBinRelativePath)+readOnly)
+			hostResourcesRootDir+":"+containerResourcesRootDir+readOnly)
 	}
 
 	// bind mount the entire /host/dependency/path/execute-command/config folder
 	// in read-write mode to allow ecs-agent to write config files to host file system
 	// (docker will) create the config folder if it does not exist
-	hostConfigDir := filepath.Join(hostResourcesDir, execConfigRelativePath)
-	binds = append(binds,
-		hostConfigDir+":"+filepath.Join(containerResourcesDir, execConfigRelativePath))
-
-	// bind mount the entire /host/dependency/path/execute-command/certs folder
-	hostCertsDir := filepath.Join(hostResourcesDir, execCertsRelativePath)
-	if isPathValid(hostCertsDir, true) {
+	hostConfigDir := filepath.Join(hostResourcesRootDir, execCapabilityName, execConfigRelativePath)
+	// Check that execute-command folder is present not config folder
+	if isPathValid(filepath.Dir(hostConfigDir), true) {
 		binds = append(binds,
-			hostCertsDir+":"+filepath.Join(containerResourcesDir, execCertsRelativePath)+readOnly)
+			hostConfigDir+":"+filepath.Join(containerResourcesRootDir, execCapabilityName, execConfigRelativePath))
 	}
 
 	return binds

ecs-init/docker/docker_config.go

@@ -49,7 +49,7 @@ func createHostConfig(binds []string) *godocker.HostConfig {
 		// CapNetAdmin and CapSysAdmin are needed for running task in awsvpc network mode.
 		// This network mode is (at least currently) not supported in external environment,
 		// hence not adding them in that case.
-		caps = []string{CapNetAdmin, CapSysAdmin}
+		caps = []string{CapNetAdmin, CapSysAdmin, CapChown}
 	}
 
 	hostConfig := &godocker.HostConfig{

ecs-init/docker/docker_test.go

@@ -33,7 +33,7 @@ import (
 const (
 	testTempDirPrefix = "init-docker-test-"
 
-	expectedAgentBindsUnspecifiedPlatform = 21
+	expectedAgentBindsUnspecifiedPlatform = 20
 	expectedAgentBindsSuseUbuntuPlatform  = 18
 )
 
@@ -288,7 +288,7 @@ func validateCommonCreateContainerOptions(opts godocker.CreateContainerOptions,
 		t.Errorf("Expected network mode to be %s, got %s", networkMode, hostCfg.NetworkMode)
 	}
 
-	if len(hostCfg.CapAdd) != 2 {
+	if len(hostCfg.CapAdd) != 3 {
 		t.Error("Mismatch detected in added host config capabilities")
 	}
 
@@ -827,21 +827,13 @@ func TestStartAgentWithExecBinds(t *testing.T) {
 	hostCapabilityExecResourcesDir := filepath.Join(hostResourcesRootDir, execCapabilityName)
 	containerCapabilityExecResourcesDir := filepath.Join(containerResourcesRootDir, execCapabilityName)
 
-	// binaries
-	hostBinDir := filepath.Join(hostCapabilityExecResourcesDir, execBinRelativePath)
-	containerBinDir := filepath.Join(containerCapabilityExecResourcesDir, execBinRelativePath)
-
 	// config
 	hostConfigDir := filepath.Join(hostCapabilityExecResourcesDir, execConfigRelativePath)
 	containerConfigDir := filepath.Join(containerCapabilityExecResourcesDir, execConfigRelativePath)
 
-	// certs
-	hostCertsDir := filepath.Join(hostCapabilityExecResourcesDir, execCertsRelativePath)
-	containerCertsDir := filepath.Join(containerCapabilityExecResourcesDir, execCertsRelativePath)
-
 	expectedExecBinds := []string{
-		hostBinDir + ":" + containerBinDir + readOnly,
-		hostCertsDir + ":" + containerCertsDir + readOnly,
+		hostResourcesRootDir + ":" + containerResourcesRootDir + readOnly,
+		hostConfigDir + ":" + containerConfigDir,
 	}
 	expectedAgentBinds += len(expectedExecBinds)
 
@@ -884,18 +876,10 @@ func TestGetCapabilityExecBinds(t *testing.T) {
 	hostCapabilityExecResourcesDir := filepath.Join(hostResourcesRootDir, execCapabilityName)
 	containerCapabilityExecResourcesDir := filepath.Join(containerResourcesRootDir, execCapabilityName)
 
-	// binaries
-	hostBinDir := filepath.Join(hostCapabilityExecResourcesDir, execBinRelativePath)
-	containerBinDir := filepath.Join(containerCapabilityExecResourcesDir, execBinRelativePath)
-
 	// config
 	hostConfigDir := filepath.Join(hostCapabilityExecResourcesDir, execConfigRelativePath)
 	containerConfigDir := filepath.Join(containerCapabilityExecResourcesDir, execConfigRelativePath)
 
-	// certs
-	hostCertsDir := filepath.Join(hostCapabilityExecResourcesDir, execCertsRelativePath)
-	containerCertsDir := filepath.Join(containerCapabilityExecResourcesDir, execCertsRelativePath)
-
 	testCases := []struct {
 		name            string
 		testIsPathValid func(string, bool) bool
@@ -907,35 +891,31 @@ func TestGetCapabilityExecBinds(t *testing.T) {
 				return true
 			},
 			expectedBinds: []string{
-				hostBinDir + ":" + containerBinDir + readOnly,
+				hostResourcesRootDir + ":" + containerResourcesRootDir + readOnly,
 				hostConfigDir + ":" + containerConfigDir,
-				hostCertsDir + ":" + containerCertsDir + readOnly,
 			},
 		},
 		{
-			name: "only ssm-agent bin path valid",
+			name: "managed-agents path valid, no execute-command",
 			testIsPathValid: func(path string, isDir bool) bool {
-				return path == hostBinDir
+				return path == hostResourcesRootDir
 			},
 			expectedBinds: []string{
-				hostBinDir + ":" + containerBinDir + readOnly,
-				hostConfigDir + ":" + containerConfigDir,
+				hostResourcesRootDir + ":" + containerResourcesRootDir + readOnly,
 			},
 		},
 		{
 			name: "no path valid",
 			testIsPathValid: func(path string, isDir bool) bool {
 				return false
 			},
-			expectedBinds: []string{
-				hostConfigDir + ":" + containerConfigDir,
-			},
+			expectedBinds: []string{},
 		},
 	}
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			isPathValid = tc.testIsPathValid
-			binds := getCapabilityExecBinds()
+			binds := getCapabilityBinds()
 			assert.Equal(t, tc.expectedBinds, binds)
 		})
 	}

packaging/amazon-linux-ami/ecs-init.spec

@@ -33,7 +33,7 @@
 %endif
 
 Name:           ecs-init
-Version:        1.61.3
+Version:        1.62.0
 Release:        1%{?dist}
 License:        Apache 2.0
 Summary:        Amazon Elastic Container Service initialization application
@@ -279,6 +279,9 @@ fi
 %endif
 
 %changelog
+* Wed Jul 27 2022 Ray Allan <[email protected]> - 1.62.0-1
+- Update golang version 1.18.3
+
 * Wed Jun 15 2022 Mythri Garaga Manjunatha <[email protected]> - 1.61.3-1
 - Cache Agent version 1.61.3
 

packaging/generic-deb/debian/changelog

@@ -1,3 +1,9 @@
+amazon-ecs-init (1.62.0-1) stable; urgency=medium
+
+  * Update golang version 1.18.3
+
+ -- Ray Allan <[email protected]>  Wed, 27 Jul 2022 18:00:00 +0000
+
 amazon-ecs-init (1.61.3-1) stable; urgency=medium
 
   * Cache Agent version 1.61.3

packaging/generic-rpm/amazon-ecs-init.spec

@@ -26,7 +26,7 @@
 %endif
 
 Name:           amazon-ecs-init
-Version:        1.61.3
+Version:        1.62.0
 Release:        1
 License:        Apache 2.0
 Summary:        Amazon Elastic Container Service initialization application
@@ -105,6 +105,9 @@ ln -sf %{basename:%{agent_image}} %{_cachedir}/ecs/ecs-agent.tar
 %systemd_postun_with_restart amazon-ecs-volume-plugin
 
 %changelog
+* Wed Jul 27 2022 Ray Allan <[email protected]> - 1.62.0-1
+- Update golang version 1.18.3
+
 * Wed Jun 15 2022 Mythri Garaga Manjunatha <[email protected]> - 1.61.3-1
 - Cache Agent version 1.61.3
 

packaging/suse/amazon-ecs-init.changes

@@ -1,4 +1,8 @@
 -------------------------------------------------------------------
+Wed Jul 27, 18:00:00 UTC 2022 - [email protected] - 1.62.0-1
+
+- Update golang version 1.18.3
+-------------------------------------------------------------------
 Wed Jun 15, 18:00:00 UTC 2022 - [email protected] - 1.61.3-1
 
 - Cache Agent version 1.61.3

scripts/changelog/CHANGELOG_MASTER

@@ -1,3 +1,8 @@
+1.62.0-1
+Ray Allan <[email protected]>
+2022-07-27T10:00:00-08:00
+Update golang version 1.18.3
+
 1.61.3-1
 Mythri Garaga Manjunatha <[email protected]>
 2022-06-15T10:00:00-08:00