Skip to content

Commit

Permalink
Fixing Agent reports incorrect capabilities on windows (aws#2035)
Browse files Browse the repository at this point in the history
  • Loading branch information
mssrivas committed Jun 4, 2019
1 parent 334ba95 commit 382dfa1
Show file tree
Hide file tree
Showing 6 changed files with 253 additions and 29 deletions.
19 changes: 9 additions & 10 deletions agent/app/agent_capability.go
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,6 @@ func (agent *ecsAgent) capabilities() ([]*ecs.Attribute, error) {

capabilities = agent.appendTaskENICapabilities(capabilities)
capabilities = agent.appendENITrunkingCapabilities(capabilities)

capabilities = agent.appendDockerDependentCapabilities(capabilities, supportedVersions)

// TODO: gate this on docker api version when ecs supported docker includes
Expand All @@ -140,10 +139,6 @@ func (agent *ecsAgent) capabilities() ([]*ecs.Attribute, error) {
// ecs agent version 1.27.0 supports ecs secrets for logging drivers
capabilities = appendNameOnlyAttribute(capabilities, attributePrefix+capabilitySecretLogDriverSSM)

// ecs agent version 1.22.0 supports sharing PID namespaces and IPC resource namespaces
// with host EC2 instance and among containers within the task
capabilities = appendNameOnlyAttribute(capabilities, attributePrefix+capabiltyPIDAndIPCNamespaceSharing)

if agent.cfg.GPUSupportEnabled {
capabilities = agent.appendNvidiaDriverVersionAttribute(capabilities)
}
Expand All @@ -156,14 +151,18 @@ func (agent *ecsAgent) capabilities() ([]*ecs.Attribute, error) {
// ecs agent version 1.27.0 supports ecs secrets for logging drivers
capabilities = appendNameOnlyAttribute(capabilities, attributePrefix+capabilitySecretLogDriverASM)

// support container ordering in agent
capabilities = appendNameOnlyAttribute(capabilities, attributePrefix+capabilityContainerOrdering)

// ecs agent version 1.22.0 supports sharing PID namespaces and IPC resource namespaces
// with host EC2 instance and among containers within the task
capabilities = agent.appendPIDAndIPCNamespaceSharingCapabilities(capabilities)

// ecs agent version 1.26.0 supports aws-appmesh cni plugin
capabilities = appendNameOnlyAttribute(capabilities, attributePrefix+appMeshAttributeSuffix)
capabilities = agent.appendAppMeshCapabilities(capabilities)

// support elastic inference in agent
capabilities = appendNameOnlyAttribute(capabilities, attributePrefix+taskEIAAttributeSuffix)

// support container ordering in agent
capabilities = appendNameOnlyAttribute(capabilities, attributePrefix+capabilityContainerOrdering)
capabilities = agent.appendTaskEIACapabilities(capabilities)

return capabilities, nil
}
Expand Down
9 changes: 0 additions & 9 deletions agent/app/agent_capability_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -117,9 +117,6 @@ func TestCapabilities(t *testing.T) {
{
Name: aws.String(attributePrefix + capabilitySecretLogDriverSSM),
},
{
Name: aws.String(attributePrefix + capabiltyPIDAndIPCNamespaceSharing),
},
{
Name: aws.String(attributePrefix + capabilityECREndpoint),
},
Expand All @@ -129,12 +126,6 @@ func TestCapabilities(t *testing.T) {
{
Name: aws.String(attributePrefix + capabilitySecretLogDriverASM),
},
{
Name: aws.String(attributePrefix + appMeshAttributeSuffix),
},
{
Name: aws.String(attributePrefix + taskEIAAttributeSuffix),
},
{
Name: aws.String(attributePrefix + capabilityContainerOrdering),
},
Expand Down
12 changes: 12 additions & 0 deletions agent/app/agent_capability_unix.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,3 +102,15 @@ func (agent *ecsAgent) appendBranchENIPluginVersionAttribute(capabilities []*ecs
Value: aws.String(version),
})
}

func (agent *ecsAgent) appendPIDAndIPCNamespaceSharingCapabilities(capabilities []*ecs.Attribute) []*ecs.Attribute {
return appendNameOnlyAttribute(capabilities, attributePrefix+capabiltyPIDAndIPCNamespaceSharing)
}

func (agent *ecsAgent) appendAppMeshCapabilities(capabilities []*ecs.Attribute) []*ecs.Attribute {
return appendNameOnlyAttribute(capabilities, attributePrefix+appMeshAttributeSuffix)
}

func (agent *ecsAgent) appendTaskEIACapabilities(capabilities []*ecs.Attribute) []*ecs.Attribute {
return appendNameOnlyAttribute(capabilities, attributePrefix+taskEIAAttributeSuffix)
}
218 changes: 208 additions & 10 deletions agent/app/agent_capability_unix_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -188,9 +188,6 @@ func TestNvidiaDriverCapabilitiesUnix(t *testing.T) {
{
Name: aws.String(attributePrefix + capabilitySecretLogDriverSSM),
},
{
Name: aws.String(attributePrefix + capabiltyPIDAndIPCNamespaceSharing),
},
// nvidia driver version capability
{
Name: aws.String(attributePrefix + "nvidia-driver-version.396.44"),
Expand Down Expand Up @@ -270,9 +267,6 @@ func TestEmptyNvidiaDriverCapabilitiesUnix(t *testing.T) {
{
Name: aws.String(attributePrefix + capabilitySecretLogDriverSSM),
},
{
Name: aws.String(attributePrefix + capabiltyPIDAndIPCNamespaceSharing),
},
}...)

ctx, cancel := context.WithCancel(context.TODO())
Expand Down Expand Up @@ -363,9 +357,6 @@ func TestENITrunkingCapabilitiesUnix(t *testing.T) {
{
Name: aws.String(attributePrefix + capabilitySecretLogDriverSSM),
},
{
Name: aws.String(attributePrefix + capabiltyPIDAndIPCNamespaceSharing),
},
}...)

ctx, cancel := context.WithCancel(context.TODO())
Expand Down Expand Up @@ -444,6 +435,75 @@ func TestNoENITrunkingCapabilitiesUnix(t *testing.T) {
{
Name: aws.String(attributePrefix + capabilitySecretLogDriverSSM),
},
}...)

ctx, cancel := context.WithCancel(context.TODO())
// Cancel the context to cancel async routines
defer cancel()
agent := &ecsAgent{
ctx: ctx,
cfg: conf,
dockerClient: client,
cniClient: cniClient,
credentialProvider: aws_credentials.NewCredentials(mockCredentialsProvider),
mobyPlugins: mockMobyPlugins,
}
capabilities, err := agent.capabilities()
assert.NoError(t, err)

for i, expected := range expectedCapabilities {
assert.Equal(t, aws.StringValue(expected.Name), aws.StringValue(capabilities[i].Name))
assert.Equal(t, aws.StringValue(expected.Value), aws.StringValue(capabilities[i].Value))
}
}

func TestPIDAndIPCNamespaceSharingCapabilitiesUnix(t *testing.T) {
ctrl := gomock.NewController(t)
defer ctrl.Finish()

client := mock_dockerapi.NewMockDockerClient(ctrl)
mockMobyPlugins := mock_mobypkgwrapper.NewMockPlugins(ctrl)
mockCredentialsProvider := app_mocks.NewMockProvider(ctrl)
conf := &config.Config{
PrivilegedDisabled: true,
GPUSupportEnabled: true,
}

gomock.InOrder(
client.EXPECT().SupportedVersions().Return([]dockerclient.DockerVersion{
dockerclient.Version_1_17,
}),
client.EXPECT().KnownVersions().Return([]dockerclient.DockerVersion{
dockerclient.Version_1_17,
}),
mockMobyPlugins.EXPECT().Scan().AnyTimes().Return([]string{}, nil),
client.EXPECT().ListPluginsWithFilters(gomock.Any(), gomock.Any(), gomock.Any(),
gomock.Any()).AnyTimes().Return([]string{}, nil),
)

expectedCapabilityNames := []string{
/*"com.amazonaws.ecs.capability.docker-remote-api.1.17",
"ecs.capability.docker-plugin.local",
attributePrefix + capabilityPrivateRegistryAuthASM,
attributePrefix + capabilitySecretEnvSSM,
attributePrefix + capabilitySecretLogDriverSSM,
"ecs.capability.nvidia-driver-version.396.44",
attributePrefix + capabilityECREndpoint,
attributePrefix + capabilitySecretEnvASM,
attributePrefix + capabilitySecretLogDriverASM,
attributePrefix + capabilityContainerOrdering,*/
}


var expectedCapabilities []*ecs.Attribute
for _, name := range expectedCapabilityNames {
expectedCapabilities = append(expectedCapabilities,
&ecs.Attribute{Name: aws.String(name)})
}

expectedCapabilities = append(expectedCapabilities,
[]*ecs.Attribute{
// linux specific capabilities
{
Name: aws.String(attributePrefix + capabiltyPIDAndIPCNamespaceSharing),
},
Expand All @@ -456,7 +516,6 @@ func TestNoENITrunkingCapabilitiesUnix(t *testing.T) {
ctx: ctx,
cfg: conf,
dockerClient: client,
cniClient: cniClient,
credentialProvider: aws_credentials.NewCredentials(mockCredentialsProvider),
mobyPlugins: mockMobyPlugins,
}
Expand All @@ -468,3 +527,142 @@ func TestNoENITrunkingCapabilitiesUnix(t *testing.T) {
assert.Equal(t, aws.StringValue(expected.Value), aws.StringValue(capabilities[i].Value))
}
}

func TestAppMeshCapabilitiesUnix(t *testing.T) {
ctrl := gomock.NewController(t)
defer ctrl.Finish()

client := mock_dockerapi.NewMockDockerClient(ctrl)
mockMobyPlugins := mock_mobypkgwrapper.NewMockPlugins(ctrl)
mockCredentialsProvider := app_mocks.NewMockProvider(ctrl)
conf := &config.Config{
PrivilegedDisabled: true,
GPUSupportEnabled: true,
}

gomock.InOrder(
client.EXPECT().SupportedVersions().Return([]dockerclient.DockerVersion{
dockerclient.Version_1_17,
}),
client.EXPECT().KnownVersions().Return([]dockerclient.DockerVersion{
dockerclient.Version_1_17,
}),
mockMobyPlugins.EXPECT().Scan().AnyTimes().Return([]string{}, nil),
client.EXPECT().ListPluginsWithFilters(gomock.Any(), gomock.Any(), gomock.Any(),
gomock.Any()).AnyTimes().Return([]string{}, nil),
)

expectedCapabilityNames := []string{
"com.amazonaws.ecs.capability.docker-remote-api.1.17",
"ecs.capability.docker-plugin.local",
attributePrefix + capabilityPrivateRegistryAuthASM,
attributePrefix + capabilitySecretEnvSSM,
attributePrefix + capabilitySecretLogDriverSSM,
"ecs.capability.nvidia-driver-version.396.44",
attributePrefix + capabilityECREndpoint,
attributePrefix + capabilitySecretEnvASM,
attributePrefix + capabilitySecretLogDriverASM,
attributePrefix + capabilityContainerOrdering,
attributePrefix + capabiltyPIDAndIPCNamespaceSharing,
}

var expectedCapabilities []*ecs.Attribute
for _, name := range expectedCapabilityNames {
expectedCapabilities = append(expectedCapabilities,
&ecs.Attribute{Name: aws.String(name)})
}
expectedCapabilities = append(expectedCapabilities,
[]*ecs.Attribute{
// linux specific capabilities
{
Name: aws.String(attributePrefix + appMeshAttributeSuffix),
},
}...)
ctx, cancel := context.WithCancel(context.TODO())
// Cancel the context to cancel async routines
defer cancel()
agent := &ecsAgent{
ctx: ctx,
cfg: conf,
dockerClient: client,
credentialProvider: aws_credentials.NewCredentials(mockCredentialsProvider),
mobyPlugins: mockMobyPlugins,
}
capabilities, err := agent.capabilities()
assert.NoError(t, err)

for i, expected := range expectedCapabilities {
assert.Equal(t, aws.StringValue(expected.Name), aws.StringValue(capabilities[i].Name))
assert.Equal(t, aws.StringValue(expected.Value), aws.StringValue(capabilities[i].Value))
}
}

func TestTaskEIACapabilitiesUnix(t *testing.T) {
ctrl := gomock.NewController(t)
defer ctrl.Finish()

client := mock_dockerapi.NewMockDockerClient(ctrl)
mockMobyPlugins := mock_mobypkgwrapper.NewMockPlugins(ctrl)
mockCredentialsProvider := app_mocks.NewMockProvider(ctrl)
conf := &config.Config{
PrivilegedDisabled: true,
GPUSupportEnabled: true,
}

gomock.InOrder(
client.EXPECT().SupportedVersions().Return([]dockerclient.DockerVersion{
dockerclient.Version_1_17,
}),
client.EXPECT().KnownVersions().Return([]dockerclient.DockerVersion{
dockerclient.Version_1_17,
}),
mockMobyPlugins.EXPECT().Scan().AnyTimes().Return([]string{}, nil),
client.EXPECT().ListPluginsWithFilters(gomock.Any(), gomock.Any(), gomock.Any(),
gomock.Any()).AnyTimes().Return([]string{}, nil),
)

expectedCapabilityNames := []string{
"com.amazonaws.ecs.capability.docker-remote-api.1.17",
"ecs.capability.docker-plugin.local",
attributePrefix + capabilityPrivateRegistryAuthASM,
attributePrefix + capabilitySecretEnvSSM,
attributePrefix + capabilitySecretLogDriverSSM,
"ecs.capability.nvidia-driver-version.396.44",
attributePrefix + capabilityECREndpoint,
attributePrefix + capabilitySecretEnvASM,
attributePrefix + capabilitySecretLogDriverASM,
attributePrefix + capabilityContainerOrdering,
attributePrefix + capabiltyPIDAndIPCNamespaceSharing,
attributePrefix + appMeshAttributeSuffix,
}

var expectedCapabilities []*ecs.Attribute
for _, name := range expectedCapabilityNames {
expectedCapabilities = append(expectedCapabilities,
&ecs.Attribute{Name: aws.String(name)})
}
expectedCapabilities = append(expectedCapabilities,
[]*ecs.Attribute{
// linux specific capabilities
{
Name: aws.String(attributePrefix + taskEIAAttributeSuffix),
},
}...)
ctx, cancel := context.WithCancel(context.TODO())
// Cancel the context to cancel async routines
defer cancel()
agent := &ecsAgent{
ctx: ctx,
cfg: conf,
dockerClient: client,
credentialProvider: aws_credentials.NewCredentials(mockCredentialsProvider),
mobyPlugins: mockMobyPlugins,
}
capabilities, err := agent.capabilities()
assert.NoError(t, err)

for i, expected := range expectedCapabilities {
assert.Equal(t, aws.StringValue(expected.Name), aws.StringValue(capabilities[i].Name))
assert.Equal(t, aws.StringValue(expected.Value), aws.StringValue(capabilities[i].Value))
}
}
12 changes: 12 additions & 0 deletions agent/app/agent_capability_unspecified.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,3 +73,15 @@ func (agent *ecsAgent) appendNvidiaDriverVersionAttribute(capabilities []*ecs.At
func (agent *ecsAgent) appendENITrunkingCapabilities(capabilities []*ecs.Attribute) []*ecs.Attribute {
return capabilities
}

func (agent *ecsAgent) appendPIDAndIPCNamespaceSharingCapabilities(capabilities []*ecs.Attribute) []*ecs.Attribute {
return capabilities
}

func (agent *ecsAgent) appendAppMeshCapabilities(capabilities []*ecs.Attribute) []*ecs.Attribute {
return capabilities
}

func (agent *ecsAgent) appendTaskEIACapabilities(capabilities []*ecs.Attribute) []*ecs.Attribute {
return capabilities
}
12 changes: 12 additions & 0 deletions agent/app/agent_capability_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,15 @@ func (agent *ecsAgent) appendNvidiaDriverVersionAttribute(capabilities []*ecs.At
func (agent *ecsAgent) appendENITrunkingCapabilities(capabilities []*ecs.Attribute) []*ecs.Attribute {
return capabilities
}

func (agent *ecsAgent) appendPIDAndIPCNamespaceSharingCapabilities(capabilities []*ecs.Attribute) []*ecs.Attribute {
return capabilities
}

func (agent *ecsAgent) appendAppMeshCapabilities(capabilities []*ecs.Attribute) []*ecs.Attribute {
return capabilities
}

func (agent *ecsAgent) appendTaskEIACapabilities(capabilities []*ecs.Attribute) []*ecs.Attribute {
return capabilities
}

0 comments on commit 382dfa1

Please sign in to comment.