Merge branch 'dev' into aws-sdk-go-v2/ecs

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+# 1.90.0
+* Enhancement - Upgrade to latest NVIDIA NVML package [#4469](https://github.com/aws/amazon-ecs-agent/pull/4469)
+* Enhancement - Update SSM GPG key for ECS anywhere installation [#4474](https://github.com/aws/amazon-ecs-agent/pull/4474)
+
 # 1.89.3
 * Enhancement - Migrate ec2 package to aws-sdk-go-v2 [#4446](https://github.com/aws/amazon-ecs-agent/pull/4446)
 * Enhancement - Handle specific exception codes on RCI call [#4457](https://github.com/aws/amazon-ecs-agent/pull/4457)

VERSION

@@ -1 +1 @@
-1.89.3
+1.90.0

agent/version/version.go

@@ -22,10 +22,10 @@ package version
 // repository. Only the 'Version' const should change in checked-in source code
 
 // Version is the version of the Agent
-const Version = "1.89.3"
+const Version = "1.90.0"
 
 // GitDirty indicates the cleanliness of the git repo when this agent was built
 const GitDirty = true
 
 // GitShortHash is the short hash of this agent build
-const GitShortHash = "5dc635ce"
+const GitShortHash = "be041380"

ecs-init/ECSVERSION

@@ -1 +1 @@
-1.89.3
+1.90.0

ecs-init/apparmor/apparmor.go

@@ -92,7 +92,6 @@ var (
 	isProfileLoaded = aaprofile.IsLoaded
 	loadPath        = loadProfile
 	createFile      = os.Create
-	statFile        = os.Stat
 )
 
 // loadPath runs `apparmor_parser -Kr` on a specified apparmor profile to
@@ -152,7 +151,7 @@ func LoadDefaultProfile(profileName string) error {
 }
 
 func fileExists(path string) (bool, error) {
-	_, err := statFile(path)
+	_, err := config.OsStat(path)
 	if err != nil {
 		if errors.Is(err, os.ErrNotExist) {
 			return false, nil

ecs-init/apparmor/apparmor_test.go

@@ -19,6 +19,7 @@ import (
 	"path/filepath"
 	"testing"
 
+	"github.com/aws/amazon-ecs-agent/ecs-init/config"
 	aaprofile "github.com/docker/docker/profiles/apparmor"
 
 	"github.com/stretchr/testify/assert"
@@ -108,7 +109,7 @@ func TestLoadDefaultProfile(t *testing.T) {
 		isProfileLoaded = aaprofile.IsLoaded
 		loadPath = loadProfile
 		createFile = os.Create
-		statFile = os.Stat
+		config.OsStat = os.Stat
 	}()
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
@@ -123,7 +124,7 @@ func TestLoadDefaultProfile(t *testing.T) {
 				return f, err
 			}
 
-			statFile = func(fileName string) (os.FileInfo, error) {
+			config.OsStat = func(fileName string) (os.FileInfo, error) {
 				relativePath, err := filepath.Rel(appArmorProfileDir, fileName)
 				require.NoError(t, err)
 				return nil, tc.statErrors[relativePath]

ecs-init/cache/dependencies.go

@@ -26,6 +26,8 @@ import (
 	"os"
 	"path/filepath"
 
+	cfg "github.com/aws/amazon-ecs-agent/ecs-init/config"
+
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
@@ -185,7 +187,7 @@ func (s *standardFS) Open(name string) (io.ReadCloser, error) {
 }
 
 func (s *standardFS) Stat(name string) (fileSizeInfo, error) {
-	return os.Stat(name)
+	return cfg.OsStat(name)
 }
 
 func (s *standardFS) Base(path string) string {

ecs-init/config/common.go

@@ -45,7 +45,7 @@ const (
 	// DefaultAgentVersion is the version of the agent that will be
 	// fetched if required. This should look like v1.2.3 or an
 	// 8-character sha, as is downloadable from S3.
-	DefaultAgentVersion = "v1.89.3"
+	DefaultAgentVersion = "v1.90.0"
 
 	// AgentPartitionBucketName is the name of the paritional s3 bucket that stores the agent
 	AgentPartitionBucketName = "amazon-ecs-agent"
@@ -110,6 +110,9 @@ const (
 	ECSAgentAppArmorDefaultProfileName = "ecs-agent-default"
 )
 
+// OsStat is useful for mocking in unit tests
+var OsStat = os.Stat
+
 // partitionBucketRegion provides the "partitional" bucket region
 // suitable for downloading agent from.
 var partitionBucketRegion = map[string]string{
@@ -256,17 +259,17 @@ func MountDirectoryEBS() string {
 	return directoryPrefix + "/mnt/ecs/ebs"
 }
 
-// HostCertsDirPath() returns the CA store path on the host
+// HostCertsDirPath returns the CA store path on the host
 func HostCertsDirPath() string {
-	if _, err := os.Stat(hostCertsDirPath); err != nil {
+	if _, err := OsStat(hostCertsDirPath); err != nil {
 		return ""
 	}
 	return hostCertsDirPath
 }
 
-// HostPKIDirPath() returns the CA store path on the host
+// HostPKIDirPath returns the CA store path on the host
 func HostPKIDirPath() string {
-	if _, err := os.Stat(hostPKIDirPath); err != nil {
+	if _, err := OsStat(hostPKIDirPath); err != nil {
 		return ""
 	}
 	return hostPKIDirPath

ecs-init/docker/docker.go

@@ -117,6 +117,19 @@ const (
 	// nvidiaGPUDevicesPresentMaxRetries specifies the maximum number of retries to attempt for checking if NVIDIA
 	// GPU devices are present.
 	nvidiaGPUDevicesPresentMaxRetries = 10
+
+	// lsblk lists information about block devices. This is used by the ECS agent for the EBS task attach functionality.
+	// Ref: https://man7.org/linux/man-pages/man8/lsblk.8.html
+	lsblkDir = "/usr/bin/lsblk"
+
+	// nsenter helps run program in different namespaces. This is used by the ECS agent for the fault inject functionality.
+	// Ref: https://man7.org/linux/man-pages/man1/nsenter.1.html
+	nsEnterDir = "/usr/bin/nsenter"
+
+	// modinfo is used to display information about a Linux kernel module. This is used by the ECS agent for the
+	// fault inject functionality. Ref: https://man7.org/linux/man-pages/man8/modinfo.8.html
+	modInfoSbinDir    = "/sbin/modinfo"
+	modInfoUsrSbinDir = "/usr/sbin/modinfo"
 )
 
 // Do NOT include "CAP_" in capability string
@@ -495,7 +508,7 @@ func getCredentialsFetcherSocketBind() (string, bool) {
 	credentialsFetcherUnixSocketHostPath, ok := config.HostCredentialsFetcherPath()
 	if ok && credentialsFetcherUnixSocketHostPath != "" {
 		// check whether the path to the credentials fetcher socket exists
-		_, err := os.Stat(credentialsFetcherUnixSocketHostPath)
+		_, err := config.OsStat(credentialsFetcherUnixSocketHostPath)
 		if err != nil {
 			if os.IsNotExist(err) {
 				return "", false
@@ -508,7 +521,7 @@ func getCredentialsFetcherSocketBind() (string, bool) {
 }
 
 // getDockerSocketBind returns the bind for Docker socket.
-// Value for the bind is as follow:
+// Value for the bind is as follows:
 //  1. DOCKER_HOST (as in os.Getenv) not set: source /var/run, dest /var/run
 //  2. DOCKER_HOST (as in os.Getenv) set: source DOCKER_HOST (as in os.Getenv, trim unix:// prefix),
 //     dest DOCKER_HOST (as in /etc/ecs/ecs.config, trim unix:// prefix)
@@ -562,7 +575,7 @@ func getCapabilityBinds() []string {
 }
 
 func defaultIsPathValid(path string, shouldBeDirectory bool) bool {
-	fileInfo, err := os.Stat(path)
+	fileInfo, err := config.OsStat(path)
 	if err != nil {
 		return false
 	}

ecs-init/docker/docker_config.go

@@ -45,10 +45,10 @@ func createHostConfig(binds []string) *godocker.HostConfig {
 		iptablesExecutableHostDir+":"+iptablesExecutableContainerDir+readOnly,
 		iptablesAltDir+":"+iptablesAltDir+readOnly,
 		iptablesLegacyDir+":"+iptablesLegacyDir+readOnly,
-		"/usr/bin/lsblk:/usr/bin/lsblk",
+		lsblkDir+":"+lsblkDir,
 	)
-	binds = append(binds, getNsenterBinds(os.Stat)...)
-	binds = append(binds, getModInfoBinds(os.Stat)...)
+	binds = append(binds, getNsenterBinds(config.OsStat)...)
+	binds = append(binds, getModInfoBinds(config.OsStat)...)
 
 	logConfig := config.AgentDockerLogDriverConfiguration()
 
@@ -89,12 +89,11 @@ func createHostConfig(binds []string) *godocker.HostConfig {
 // Returns an empty slice otherwise.
 func getNsenterBinds(statFn func(string) (os.FileInfo, error)) []string {
 	binds := []string{}
-	const nsenterPath = "/usr/bin/nsenter"
-	if _, err := statFn(nsenterPath); err == nil {
-		binds = append(binds, nsenterPath+":"+nsenterPath)
+	if _, err := statFn(nsEnterDir); err == nil {
+		binds = append(binds, nsEnterDir+":"+nsEnterDir)
 	} else {
 		seelog.Warnf("nsenter not found at %s, skip binding it to Agent container: %v",
-			nsenterPath, err)
+			nsEnterDir, err)
 	}
 	return binds
 }
@@ -104,8 +103,8 @@ func getNsenterBinds(statFn func(string) (os.FileInfo, error)) []string {
 func getModInfoBinds(statFn func(string) (os.FileInfo, error)) []string {
 	binds := []string{}
 	modInfoPathLocations := []string{
-		"/sbin/modinfo",
-		"/usr/sbin/modinfo",
+		modInfoSbinDir,
+		modInfoUsrSbinDir,
 	}
 	for _, path := range modInfoPathLocations {
 		if _, err := statFn(path); err == nil {