Merge pull request #3321 from aws/dev

release 1.62.0

CHANGELOG.md

@@ -1,3 +1,8 @@
+# Changelog
+## 1.62.0
+* Enhancement - Update golang version to 1.18.3 [#3301](https://github.com/aws/amazon-ecs-agent/pull/3301)
+* Enhancement - Update windows golang version to 1.18.3 [#3317](https://github.com/aws/amazon-ecs-agent/pull/3317)
+
 # Changelog
 ## 1.61.3
 * Enhancement - Add command and error logging for FSx file mapping when calling out to PowerShell [#3240](https://github.com/aws/amazon-ecs-agent/pull/3240)

GO_VERSION

@@ -1 +1 @@
-1.17.5
+1.18.3

GO_VERSION_WINDOWS

@@ -1 +1 @@
-1.17.5
+1.18.3

Makefile

@@ -55,7 +55,10 @@ static-with-pause:
 xplatform-build:
 	GOOS=linux GOARCH=arm64 ./scripts/build true "" false
 	GOOS=windows GOARCH=amd64 ./scripts/build true "" false
-	GOOS=darwin GOARCH=amd64 ./scripts/build true "" false
+	# Agent and its dependencies on Go 1.18.x are not compatible with Mac (Darwin).
+	# Mac is not a supported target platform for Agent, so commenting out 
+	# cross-platform build step for Mac temporarily.
+	# GOOS=darwin GOARCH=amd64 ./scripts/build true "" false
 
 BUILDER_IMAGE="amazon/amazon-ecs-agent-build:make"
 .builder-image-stamp: scripts/dockerfiles/Dockerfile.build
@@ -340,8 +343,8 @@ GOPATH=$(shell go env GOPATH)
 	go get github.com/golang/mock/mockgen
 	cd "${GOPATH}/src/github.com/golang/mock/mockgen" && git checkout 1.3.1 && go get ./... && go install ./... && cd -
 	go get golang.org/x/tools/cmd/goimports
-	GO111MODULE=on go get github.com/fzipp/gocyclo/cmd/[email protected]
-	GO111MODULE=on go get honnef.co/go/tools/cmd/staticcheck@v0.2.1
+	GO111MODULE=on go install github.com/fzipp/gocyclo/cmd/[email protected]
+	GO111MODULE=on go install honnef.co/go/tools/cmd/staticcheck@v0.3.2
 	touch .get-deps-stamp
 
 get-deps: .get-deps-stamp
@@ -351,13 +354,12 @@ get-deps-init:
 	go get golang.org/x/tools/cmd/cover
 	go get github.com/golang/mock/mockgen
 	cd "${GOPATH}/src/github.com/golang/mock/mockgen" && git checkout 1.3.1 && go get ./... && go install ./... && cd -
-	GO111MODULE=on go get github.com/fzipp/gocyclo/cmd/[email protected]
+	GO111MODULE=on go install github.com/fzipp/gocyclo/cmd/[email protected]
 	go get golang.org/x/tools/cmd/goimports
-	GO111MODULE=on go get honnef.co/go/tools/cmd/staticcheck@v0.2.1
+	GO111MODULE=on go install honnef.co/go/tools/cmd/staticcheck@v0.3.2
 
 amazon-linux-sources.tgz:
 	./scripts/update-version.sh
-	cp packaging/amazon-linux-ami-integrated/ecs-init.spec ecs-init.spec
 	cp packaging/amazon-linux-ami-integrated/ecs-agent.spec ecs-agent.spec
 	cp packaging/amazon-linux-ami-integrated/ecs.conf ecs.conf
 	cp packaging/amazon-linux-ami-integrated/ecs.service ecs.service

VERSION

@@ -1 +1 @@
-1.61.3
+1.62.0

agent/api/task/task_windows.go

@@ -141,8 +141,9 @@ func (task *Task) requiresCredentialSpecResource() bool {
 // initializeCredentialSpecResource builds the resource dependency map for the credentialspec resource
 func (task *Task) initializeCredentialSpecResource(config *config.Config, credentialsManager credentials.Manager,
 	resourceFields *taskresource.ResourceFields) error {
-	credentialspecResource, err := credentialspec.NewCredentialSpecResource(task.Arn, config.AWSRegion, task.getAllCredentialSpecRequirements(),
-		task.ExecutionCredentialsID, credentialsManager, resourceFields.SSMClientCreator, resourceFields.S3ClientCreator)
+	credspecContainerMapping := task.getAllCredentialSpecRequirements()
+	credentialspecResource, err := credentialspec.NewCredentialSpecResource(task.Arn, config.AWSRegion, task.ExecutionCredentialsID,
+		credentialsManager, resourceFields.SSMClientCreator, resourceFields.S3ClientCreator, credspecContainerMapping)
 	if err != nil {
 		return err
 	}
@@ -162,17 +163,15 @@ func (task *Task) initializeCredentialSpecResource(config *config.Config, creden
 }
 
 // getAllCredentialSpecRequirements is used to build all the credential spec requirements for the task
-func (task *Task) getAllCredentialSpecRequirements() []string {
-	reqs := []string{}
-
+func (task *Task) getAllCredentialSpecRequirements() map[string]string {
+	reqsContainerMap := make(map[string]string)
 	for _, container := range task.Containers {
 		credentialSpec, err := container.GetCredentialSpec()
-		if err == nil && credentialSpec != "" && !utils.StrSliceContains(reqs, credentialSpec) {
-			reqs = append(reqs, credentialSpec)
+		if err == nil && credentialSpec != "" {
+			reqsContainerMap[credentialSpec] = container.Name
 		}
 	}
-
-	return reqs
+	return reqsContainerMap
 }
 
 // GetCredentialSpecResource retrieves credentialspec resource from resource map

agent/api/task/task_windows_test.go

@@ -19,6 +19,7 @@ package task
 import (
 	"encoding/json"
 	"fmt"
+	"reflect"
 	"runtime"
 	"testing"
 
@@ -396,70 +397,70 @@ func TestRequiresCredentialSpecResource(t *testing.T) {
 
 func TestGetAllCredentialSpecRequirements(t *testing.T) {
 	hostConfig := "{\"SecurityOpt\": [\"credentialspec:file://gmsa_gmsa-acct.json\"]}"
-	container := &apicontainer.Container{}
+	container := &apicontainer.Container{Name: "webapp1"}
 	container.DockerConfig.HostConfig = &hostConfig
 
 	task := &Task{
 		Arn:        "test",
 		Containers: []*apicontainer.Container{container},
 	}
 
-	allCredSpecReq := task.getAllCredentialSpecRequirements()
+	credentialSpecContainerMap := task.getAllCredentialSpecRequirements()
 
-	credentialspec := "credentialspec:file://gmsa_gmsa-acct.json"
-	expectedCredSpecReq := []string{credentialspec}
+	credentialspecFileLocation := "credentialspec:file://gmsa_gmsa-acct.json"
+	expectedCredentialSpecContainerMap := map[string]string{credentialspecFileLocation: "webapp1"}
 
-	assert.EqualValues(t, expectedCredSpecReq, allCredSpecReq)
+	assert.True(t, reflect.DeepEqual(expectedCredentialSpecContainerMap, credentialSpecContainerMap))
 }
 
 func TestGetAllCredentialSpecRequirementsWithMultipleContainersUsingSameSpec(t *testing.T) {
 	hostConfig := "{\"SecurityOpt\": [\"credentialspec:file://gmsa_gmsa-acct.json\"]}"
-	c1 := &apicontainer.Container{}
+	c1 := &apicontainer.Container{Name: "webapp1"}
 	c1.DockerConfig.HostConfig = &hostConfig
 
-	c2 := &apicontainer.Container{}
+	c2 := &apicontainer.Container{Name: "webapp2"}
 	c2.DockerConfig.HostConfig = &hostConfig
 
 	task := &Task{
 		Arn:        "test",
 		Containers: []*apicontainer.Container{c1, c2},
 	}
 
-	allCredSpecReq := task.getAllCredentialSpecRequirements()
+	credentialSpecContainerMap := task.getAllCredentialSpecRequirements()
 
-	credentialspec := "credentialspec:file://gmsa_gmsa-acct.json"
-	expectedCredSpecReq := []string{credentialspec}
+	credentialspecFileLocation := "credentialspec:file://gmsa_gmsa-acct.json"
+	expectedCredentialSpecContainerMap := map[string]string{credentialspecFileLocation: "webapp2"}
 
-	assert.Equal(t, len(expectedCredSpecReq), len(allCredSpecReq))
-	assert.EqualValues(t, expectedCredSpecReq, allCredSpecReq)
+	assert.Equal(t, len(expectedCredentialSpecContainerMap), len(credentialSpecContainerMap))
+	assert.True(t, reflect.DeepEqual(expectedCredentialSpecContainerMap, credentialSpecContainerMap))
 }
 
 func TestGetAllCredentialSpecRequirementsWithMultipleContainers(t *testing.T) {
 	hostConfig1 := "{\"SecurityOpt\": [\"credentialspec:file://gmsa_gmsa-acct-1.json\"]}"
 	hostConfig2 := "{\"SecurityOpt\": [\"credentialspec:file://gmsa_gmsa-acct-2.json\"]}"
 
-	c1 := &apicontainer.Container{}
+	c1 := &apicontainer.Container{Name: "webapp1"}
 	c1.DockerConfig.HostConfig = &hostConfig1
 
-	c2 := &apicontainer.Container{}
+	c2 := &apicontainer.Container{Name: "webapp2"}
 	c2.DockerConfig.HostConfig = &hostConfig1
 
-	c3 := &apicontainer.Container{}
+	c3 := &apicontainer.Container{Name: "webapp3"}
 	c3.DockerConfig.HostConfig = &hostConfig2
 
 	task := &Task{
 		Arn:        "test",
 		Containers: []*apicontainer.Container{c1, c2, c3},
 	}
 
-	allCredSpecReq := task.getAllCredentialSpecRequirements()
+	credentialSpecContainerMap := task.getAllCredentialSpecRequirements()
 
 	credentialspec1 := "credentialspec:file://gmsa_gmsa-acct-1.json"
 	credentialspec2 := "credentialspec:file://gmsa_gmsa-acct-2.json"
 
-	expectedCredSpecReq := []string{credentialspec1, credentialspec2}
+	expectedCredentialSpecContainerMap := map[string]string{credentialspec1: "webapp2", credentialspec2: "webapp3"}
 
-	assert.EqualValues(t, expectedCredSpecReq, allCredSpecReq)
+	assert.True(t, reflect.DeepEqual(expectedCredentialSpecContainerMap, credentialSpecContainerMap))
 }
 
 func TestInitializeAndGetCredentialSpecResource(t *testing.T) {

agent/credentials/manager.go

@@ -68,14 +68,10 @@ type IAMRoleCredentials struct {
 type TaskIAMRoleCredentials struct {
 	ARN                string
 	IAMRoleCredentials IAMRoleCredentials
-	lock               sync.RWMutex
 }
 
 // GetIAMRoleCredentials returns the IAM role credentials in the task IAM role struct
 func (role *TaskIAMRoleCredentials) GetIAMRoleCredentials() IAMRoleCredentials {
-	role.lock.RLock()
-	defer role.lock.RUnlock()
-
 	return role.IAMRoleCredentials
 }
 

agent/ecscni/plugin_test.go

@@ -29,14 +29,14 @@ import (
 const (
 	// ECSCNIVersion, ECSCNIGitHash, VPCCNIGitHash needs to be updated every time CNI plugin is updated.
 	currentECSCNIVersion = "2020.09.0"
-	currentECSCNIGitHash = "55b2ae77ee0bf22321b14f2d4ebbcc04f77322e1"
+	currentECSCNIGitHash = "db5864722987c34ba309e6e7a7628fd1ccad1520"
 	currentVPCCNIGitHash = "199bfc65cced4951cbb6a38e6e828afa8c2b023c"
 )
 
 // Asserts that CNI plugin version matches the expected version
 func TestCNIPluginVersionNumber(t *testing.T) {
 	versionStr := getCNIVersionString(t)
-	assert.Equal(t, versionStr, currentECSCNIVersion)
+	assert.Equal(t, currentECSCNIVersion, versionStr)
 }
 
 // Asserts that CNI plugin version is upgraded when new commits are made to CNI plugin submodule

agent/engine/docker_task_engine.go

@@ -25,11 +25,6 @@ import (
 	"sync"
 	"time"
 
-	"github.com/aws/aws-sdk-go/aws"
-
-	"github.com/aws/amazon-ecs-agent/agent/logger"
-	"github.com/aws/amazon-ecs-agent/agent/logger/field"
-
 	"github.com/aws/amazon-ecs-agent/agent/api"
 	apicontainer "github.com/aws/amazon-ecs-agent/agent/api/container"
 	apicontainerstatus "github.com/aws/amazon-ecs-agent/agent/api/container/status"
@@ -47,6 +42,8 @@ import (
 	"github.com/aws/amazon-ecs-agent/agent/engine/dockerstate"
 	"github.com/aws/amazon-ecs-agent/agent/engine/execcmd"
 	"github.com/aws/amazon-ecs-agent/agent/eventstream"
+	"github.com/aws/amazon-ecs-agent/agent/logger"
+	"github.com/aws/amazon-ecs-agent/agent/logger/field"
 	"github.com/aws/amazon-ecs-agent/agent/metrics"
 	"github.com/aws/amazon-ecs-agent/agent/statechange"
 	"github.com/aws/amazon-ecs-agent/agent/taskresource"
@@ -56,9 +53,9 @@ import (
 	"github.com/aws/amazon-ecs-agent/agent/utils/retry"
 	utilsync "github.com/aws/amazon-ecs-agent/agent/utils/sync"
 	"github.com/aws/amazon-ecs-agent/agent/utils/ttime"
-	dockercontainer "github.com/docker/docker/api/types/container"
-
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/docker/docker/api/types"
+	dockercontainer "github.com/docker/docker/api/types/container"
 	"github.com/pkg/errors"
 )
 

agent/engine/docker_task_engine_windows.go

@@ -19,11 +19,11 @@ package engine
 import (
 	"time"
 
+	apicontainer "github.com/aws/amazon-ecs-agent/agent/api/container"
+	apitask "github.com/aws/amazon-ecs-agent/agent/api/task"
 	"github.com/aws/amazon-ecs-agent/agent/logger"
 	"github.com/aws/amazon-ecs-agent/agent/logger/field"
 
-	apicontainer "github.com/aws/amazon-ecs-agent/agent/api/container"
-	apitask "github.com/aws/amazon-ecs-agent/agent/api/task"
 	"github.com/pkg/errors"
 )
 

agent/engine/docker_task_engine_windows_test.go

@@ -38,7 +38,6 @@ import (
 	mock_ssm_factory "github.com/aws/amazon-ecs-agent/agent/ssm/factory/mocks"
 	"github.com/aws/amazon-ecs-agent/agent/taskresource"
 	"github.com/aws/amazon-ecs-agent/agent/taskresource/credentialspec"
-
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/docker/docker/api/types"
 	dockercontainer "github.com/docker/docker/api/types/container"
@@ -134,16 +133,14 @@ func TestCredentialSpecResourceTaskFile(t *testing.T) {
 	ssmClientCreator := mock_ssm_factory.NewMockSSMClientCreator(ctrl)
 	s3ClientCreator := mock_s3_factory.NewMockS3ClientCreator(ctrl)
 
-	credentialSpecReq := []string{credentialspecFile}
-
 	credentialSpecRes, cerr := credentialspec.NewCredentialSpecResource(
 		testTask.Arn,
 		defaultConfig.AWSRegion,
-		credentialSpecReq,
 		credentialsID,
 		credentialsManager,
 		ssmClientCreator,
-		s3ClientCreator)
+		s3ClientCreator,
+		nil)
 	assert.NoError(t, cerr)
 
 	credSpecdata := map[string]string{
@@ -215,16 +212,14 @@ func TestCredentialSpecResourceTaskFileErr(t *testing.T) {
 	ssmClientCreator := mock_ssm_factory.NewMockSSMClientCreator(ctrl)
 	s3ClientCreator := mock_s3_factory.NewMockS3ClientCreator(ctrl)
 
-	credentialSpecReq := []string{credentialspecFile}
-
 	credentialSpecRes, cerr := credentialspec.NewCredentialSpecResource(
 		testTask.Arn,
 		defaultConfig.AWSRegion,
-		credentialSpecReq,
 		credentialsID,
 		credentialsManager,
 		ssmClientCreator,
-		s3ClientCreator)
+		s3ClientCreator,
+		nil)
 	assert.NoError(t, cerr)
 
 	credSpecdata := map[string]string{

agent/engine/engine_windows_integ_test.go

@@ -29,12 +29,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/aws/amazon-ecs-agent/agent/ecs_client/model/ecs"
-
-	"github.com/cihub/seelog"
-
-	"github.com/docker/docker/api/types"
-
 	"github.com/aws/amazon-ecs-agent/agent/api"
 	apicontainer "github.com/aws/amazon-ecs-agent/agent/api/container"
 	apicontainerstatus "github.com/aws/amazon-ecs-agent/agent/api/container/status"
@@ -47,6 +41,7 @@ import (
 	"github.com/aws/amazon-ecs-agent/agent/dockerclient/dockerapi"
 	"github.com/aws/amazon-ecs-agent/agent/dockerclient/sdkclientfactory"
 	"github.com/aws/amazon-ecs-agent/agent/ec2"
+	"github.com/aws/amazon-ecs-agent/agent/ecs_client/model/ecs"
 	"github.com/aws/amazon-ecs-agent/agent/engine/dockerstate"
 	"github.com/aws/amazon-ecs-agent/agent/engine/execcmd"
 	"github.com/aws/amazon-ecs-agent/agent/eventstream"
@@ -55,7 +50,10 @@ import (
 	"github.com/aws/amazon-ecs-agent/agent/taskresource"
 	taskresourcevolume "github.com/aws/amazon-ecs-agent/agent/taskresource/volume"
 	"github.com/aws/amazon-ecs-agent/agent/utils"
+
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/cihub/seelog"
+	"github.com/docker/docker/api/types"
 	sdkClient "github.com/docker/docker/client"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"