Merge pull request #1041 from joushx/main

Migrate dynatrace integration to LD_PRELOAD and support FIPS mode

Author: pivotal-david-osullivan

docs/framework-dynatrace_one_agent.md

@@ -30,6 +30,7 @@ The credential payload of the service may contain the following entries:
 | `environmentid` | Your Dynatrace environment ID is the unique identifier of your Dynatrace environment. You can find it in the deploy Dynatrace section within your environment.
 | `networkzone` | (Optional) Network zones are Dynatrace entities that represent your network structure. They help you to route the traffic efficiently, avoiding unnecessary traffic across data centers and network regions. Enter the network zone you wish to pass to the server during the OneAgent Download.
 | `skiperrors` | (Optional) The errors during agent download are skipped and the injection is disabled. Use this option at your own risk. Possible values are 'true' and 'false'. This option is disabled by default!
+| `enablefips`| (Optional) Enables the use of [FIPS 140 cryptographic algorithms](https://docs.dynatrace.com/docs/shortlink/oneagentctl#fips-140). Possible values are 'true' and 'false'. This option is disabled by default!
 
 ## Configuration
 For general information on configuring the buildpack, including how to specify configuration values through environment variables, refer to [Configuration and Extension][].

lib/java_buildpack/framework/dynatrace_one_agent.rb

@@ -68,8 +68,10 @@ def release
 
         manifest = agent_manifest
 
-        @droplet.java_opts.add_agentpath(agent_path(manifest))
-        @droplet.java_opts.add_preformatted_options('-Xshare:off')
+        environment_variables = @droplet.environment_variables
+        environment_variables.add_environment_variable(LD_PRELOAD, agent_path(manifest))
+
+        File.delete(@droplet.sandbox + 'agent/dt_fips_disabled.flag') if enable_fips?
 
         dynatrace_environment_variables(manifest)
       end
@@ -87,6 +89,8 @@ def supports?
 
       APITOKEN = 'apitoken'
 
+      ENABLE_FIPS = 'enablefips'
+
       DT_APPLICATION_ID = 'DT_APPLICATIONID'
 
       DT_CONNECTION_POINT = 'DT_CONNECTION_POINT'
@@ -99,6 +103,8 @@ def supports?
 
       DT_NETWORK_ZONE = 'DT_NETWORK_ZONE'
 
+      LD_PRELOAD = 'LD_PRELOAD'
+
       ENVIRONMENTID = 'environmentid'
 
       FILTER = /dynatrace/.freeze
@@ -107,8 +113,9 @@ def supports?
 
       SKIP_ERRORS = 'skiperrors'
 
-      private_constant :APIURL, :APITOKEN, :DT_APPLICATION_ID, :DT_CONNECTION_POINT, :DT_NETWORK_ZONE, :DT_LOGSTREAM,
-                       :DT_TENANT, :DT_TENANTTOKEN, :ENVIRONMENTID, :FILTER, :NETWORKZONE, :SKIP_ERRORS
+      private_constant :APIURL, :APITOKEN, :ENABLE_FIPS, :DT_APPLICATION_ID, :DT_CONNECTION_POINT, :DT_NETWORK_ZONE,
+                       :DT_LOGSTREAM, :DT_TENANT, :DT_TENANTTOKEN, :LD_PRELOAD, :ENVIRONMENTID, :FILTER, :NETWORKZONE,
+                       :SKIP_ERRORS
 
       def agent_download_url
         download_uri = "#{api_base_url(credentials)}/v1/deployment/installer/agent/unix/paas/latest?include=java" \
@@ -126,8 +133,8 @@ def agent_manifest
 
       def agent_path(manifest)
         technologies  = manifest['technologies']
-        java_binaries = technologies['java']['linux-x86-64']
-        loader        = java_binaries.find { |bin| bin['binarytype'] == 'loader' }
+        java_binaries = technologies['process']['linux-x86-64']
+        loader        = java_binaries.find { |bin| bin['binarytype'] == 'primary' }
         @droplet.sandbox + loader['path']
       end
 
@@ -191,7 +198,11 @@ def logstream?
       end
 
       def skip_errors?
-        credentials[SKIP_ERRORS].to_b
+        credentials[SKIP_ERRORS] == 'true'
+      end
+
+      def enable_fips?
+        credentials[ENABLE_FIPS] == 'true'
       end
 
       def tenanttoken(manifest)

spec/fixtures/framework_dynatrace_one_agent/.java-buildpack/dynatrace_one_agent/manifest.json

@@ -1,10 +1,10 @@
 {
   "technologies" : {
-    "java" : {
+    "process" : {
       "linux-x86-64" : [
           {
-            "path": "agent/lib64/liboneagentloader.so",
-            "binarytype" : "loader"
+            "path": "agent/lib64/liboneagentproc.so",
+            "binarytype" : "primary"
           }
       ]
     }

spec/fixtures/stub-dynatrace-one-agent.zip

@@ -50,18 +50,17 @@
 
       component.compile
 
-      expect(sandbox + 'agent/lib64/liboneagentloader.so').to exist
+      expect(sandbox + 'agent/lib64/liboneagentproc.so').to exist
       expect(sandbox + 'manifest.json').to exist
     end
 
-    it 'updates JAVA_OPTS with agent loader and share set to off',
+    it 'sets LD_PRELOAD with liboneagentproc',
        app_fixture: 'framework_dynatrace_one_agent' do
 
       component.release
 
-      expect(java_opts).to include('-agentpath:$PWD/.java-buildpack/dynatrace_one_agent/agent/lib64/' \
-                                   'liboneagentloader.so')
-      expect(java_opts).to include('-Xshare:off')
+      expect(environment_variables).to include('LD_PRELOAD=$PWD/.java-buildpack/dynatrace_one_agent/agent/lib64/' \
+                                               'liboneagentproc.so')
     end
 
     it 'updates environment variables',
@@ -112,7 +111,7 @@
 
         component.compile
 
-        expect(sandbox + 'agent/lib64/liboneagentloader.so').to exist
+        expect(sandbox + 'agent/lib64/liboneagentproc.so').to exist
         expect(sandbox + 'manifest.json').to exist
       end
     end