Merge pull request #252 from aws/sync

Sync Agent commits
aws · Jul 9, 2020 · 88f45b1 · 88f45b1
2 parents 7fdda95 + d08c706
commit 88f45b1
Show file tree

Hide file tree

Showing 13 changed files with 466 additions and 46 deletions.
diff --git a/Gemfile b/Gemfile
@@ -10,7 +10,7 @@ gem "codedeploy-commands", "1.0.0", :path => "#{File.expand_path(__FILE__)}/../v
 
 group :test do
   gem 'test-unit'
-  gem 'activesupport', :require => 'active_support'  
+  gem 'activesupport', :require => 'active_support'
   gem 'coveralls', require: false
   gem 'cucumber'
   gem 'fakefs', :require => 'fakefs/safe'

diff --git a/bin/install b/bin/install
@@ -5,6 +5,7 @@
 # than 2.0. Testing on multiple Ruby versions is required for
 # changes to this part of the code.
 ##################################################################
+require 'json'
 
 class Proxy
   instance_methods.each do |m|
@@ -134,9 +135,16 @@ EOF
     @sanity_check = false
     @reexeced = false
     @http_proxy = nil
+    @target_version_arg = nil
 
     @args = Array.new(ARGV)
-    opts = GetoptLong.new(['--sanity-check', GetoptLong::NO_ARGUMENT], ['--help', GetoptLong::NO_ARGUMENT], ['--re-execed', GetoptLong::NO_ARGUMENT], ['--proxy', GetoptLong::OPTIONAL_ARGUMENT])
+    opts = GetoptLong.new(
+      ['--sanity-check', GetoptLong::NO_ARGUMENT],
+      ['--help', GetoptLong::NO_ARGUMENT],
+      ['--re-execed', GetoptLong::NO_ARGUMENT],
+      ['--proxy', GetoptLong::OPTIONAL_ARGUMENT],
+      ['-v', '--version', GetoptLong::OPTIONAL_ARGUMENT]
+    )
     opts.each do |opt, args|
       case opt
       when '--sanity-check'
@@ -149,6 +157,8 @@ EOF
         if (args != '')
           @http_proxy = args
         end
+      when '-v' || '--version'
+        @target_version_arg = args
       end
     end
     if (ARGV.length < 1)
@@ -198,20 +208,14 @@ EOF
 
   def get_ec2_metadata_region
     begin
-      uri = URI.parse('http://169.254.169.254/latest/meta-data/placement/availability-zone')
-      az = uri.read(:read_timeout => 120)
-      az.strip
+      uri = URI.parse('http://169.254.169.254/latest/dynamic/instance-identity/document')
+      document_string = uri.read(:read_timeout => 120)
+      doc = JSON.parse(document_string.strip)
+      return doc['region'].strip
     rescue
       @log.warn("Could not get region from EC2 metadata service at '#{uri.to_s}'")
       return nil
     end
-
-    if (az !~ /[a-z]{2}-[a-z]+-\d+[a-z]/)
-      @log.warn("Invalid availability zone name: '#{az}'.")
-      return nil
-    else
-      return az.chop
-    end
   end
 
   def get_region
@@ -233,7 +237,7 @@ EOF
     elsif (region.split("-")[0] == 'cn')
       URI.parse("https://#{bucket}.s3.#{region}.amazonaws.com.cn/#{key}")
     else
-      URI.parse("https://#{bucket}.s3-#{region}.amazonaws.com/#{key}")
+      URI.parse("https://#{bucket}.s3.#{region}.amazonaws.com/#{key}")
     end
   end
 
@@ -278,10 +282,7 @@ end
     end
   end
 
-  def install_from_s3(region, bucket, version_file_key, type, install_cmd)
-    version_data = get_version_file_from_s3(region, bucket, version_file_key)
-
-    package_key = version_data[type]
+  def install_from_s3(region, bucket, package_key, install_cmd)
     package_base_name = File.basename(package_key)
     package_extension = File.extname(package_base_name)
     package_name = File.basename(package_base_name, package_extension)
@@ -314,6 +315,20 @@ end
     end
   end
 
+  def get_target_version(target_version, type, region, bucket)
+    if target_version.nil?
+      version_file_key = 'latest/LATEST_VERSION'
+      version_data = get_version_file_from_s3(region, bucket, version_file_key)
+      if version_data.include? type
+        return version_data[type]
+      else
+        @log.error("Unsupported package type '#{type}'")
+        exit(1)
+      end
+    end
+    return target_version
+  end
+
   @log.info("Starting update check.")
 
   if (@type == 'auto')
@@ -352,21 +367,21 @@ end
 
   region = get_region
   bucket = "aws-codedeploy-#{region}"
-  version_file_key = 'latest/VERSION'
+
+  target_version = get_target_version(@target_version_arg, @type, region, bucket)
 
   case @type
   when 'help'
     usage
   when 'rpm'
     running_version = `rpm -q codedeploy-agent`
     running_version.strip!
-    target_version = get_version_file_from_s3(region, bucket, version_file_key)['rpm']
     if target_version.include? running_version
       @log.info('Running version matches target version, skipping install')
     else
       #use -y to answer yes to confirmation prompts
       install_cmd = ['/usr/bin/yum', '-y', 'localinstall']
-      install_from_s3(region, bucket, version_file_key, @type, install_cmd)
+      install_from_s3(region, bucket, target_version, install_cmd)
       do_sanity_check('/sbin/service')
     end
   when 'deb'
@@ -379,20 +394,19 @@ end
       running_version = "No running version"
     end
     @log.info("Running version " + running_version)
-    target_version = get_version_file_from_s3(region, bucket, version_file_key)['deb']
     if target_version.include? running_version
       @log.info('Running version matches target version, skipping install')
     else
       #use -n for non-interactive mode
       #use -o to not overwrite config files unless they have not been changed
       install_cmd = ['/usr/bin/gdebi', '-n', '-o', 'Dpkg::Options::=--force-confdef', '-o', 'Dkpg::Options::=--force-confold']
-      install_from_s3(region, bucket, version_file_key, @type, install_cmd)
+      install_from_s3(region, bucket, target_version, install_cmd)
       do_sanity_check('/usr/sbin/service')
     end
   when 'zypper'
     #use -n for non-interactive mode
     install_cmd = ['/usr/bin/zypper', 'install', '-n']
-    install_from_s3(region, bucket, version_file_key, 'rpm', install_cmd)
+    install_from_s3(region, bucket, target_version, install_cmd)
   else
     @log.error("Unsupported package type '#{@type}'")
     exit(1)

diff --git a/bin/update b/bin/update
@@ -5,6 +5,7 @@
 # than 2.0. Testing on multiple Ruby versions is required for
 # changes to this part of the code.
 ##################################################################
+require 'json'
 
 class Proxy
   instance_methods.each do |m|
@@ -147,11 +148,13 @@ EOF
     @http_proxy = nil
     @downgrade = false
     @upgrade = false
+    @target_version_arg = nil
 
     @args = Array.new(ARGV)
     opts = GetoptLong.new(['--sanity-check', GetoptLong::NO_ARGUMENT], ['--help', GetoptLong::NO_ARGUMENT],
                           ['--re-execed', GetoptLong::NO_ARGUMENT], ['--proxy', GetoptLong::OPTIONAL_ARGUMENT],
-                          ['--downgrade', GetoptLong::NO_ARGUMENT], ['--upgrade', GetoptLong::NO_ARGUMENT])
+                          ['--downgrade', GetoptLong::NO_ARGUMENT], ['--upgrade', GetoptLong::NO_ARGUMENT],
+                          ['-v', '--version', GetoptLong::OPTIONAL_ARGUMENT])
     opts.each do |opt, args|
       case opt
       when '--sanity-check'
@@ -168,6 +171,8 @@ EOF
         if (args != '')
           @http_proxy = args
         end
+      when '-v' || '--version'
+        @target_version_arg = args
       end
     end
 
@@ -270,20 +275,14 @@ EOF
 
   def get_ec2_metadata_region
     begin
-      uri = URI.parse('http://169.254.169.254/latest/meta-data/placement/availability-zone')
-      az = uri.read(:read_timeout => 120)
-      az.strip
+      uri = URI.parse('http://169.254.169.254/latest/dynamic/instance-identity/document')
+      document_string = uri.read(:read_timeout => 120)
+      doc = JSON.parse(document_string.strip)
+      return doc['region'].strip
     rescue
       @log.warn("Could not get region from EC2 metadata service at '#{uri.to_s}'")
       return nil
     end
-
-    if (az !~ /[a-z]{2}-[a-z]+-\d+[a-z]/)
-      @log.warn("Invalid availability zone name: '#{az}'.")
-      return nil
-    else
-      return az.chop
-    end
   end
 
   def get_region
@@ -305,7 +304,7 @@ EOF
     elsif (REGION.split("-")[0] == 'cn')
       URI.parse("https://#{BUCKET}.s3.#{REGION}.amazonaws.com.cn/#{key}")
     else
-      URI.parse("https://#{BUCKET}.s3-#{REGION}.amazonaws.com/#{key}")
+      URI.parse("https://#{BUCKET}.s3.#{REGION}.amazonaws.com/#{key}")
     end
   end
 
@@ -440,7 +439,7 @@ EOF
 
   REGION = get_region
   BUCKET = "aws-codedeploy-#{REGION}"
-  VERSION_FILE_KEY = 'latest/VERSION'
+  VERSION_FILE_KEY = 'latest/LATEST_VERSION'
 
   NO_AGENT_INSTALLED_REPORTED_WINDOWS_VERSION = 'No Agent Installed'
   def running_agent_version_windows
@@ -555,7 +554,10 @@ EOF
   end
 
   running_version = running_version(@type)
-  target_version = target_version(@type)
+  target_version = @target_version_arg
+  if target_version.nil?
+    target_version = target_version(@type)
+  end
   if target_version.include? running_version
     @log.info("Running version, #{running_version}, matches target version, #{target_version}, skipping install")
   else

diff --git a/codedeploy_agent-1.1.0.gemspec → codedeploy_agent.gemspec b/codedeploy_agent-1.1.0.gemspec → codedeploy_agent.gemspec
@@ -1,13 +1,15 @@
 Gem::Specification.new do |spec|
   spec.name          = 'aws_codedeploy_agent'
-  spec.version       = 0.1
+  spec.version       = '1.1.0'
   spec.summary       = 'Packages AWS CodeDeploy agent libraries'
   spec.description   = 'AWS CodeDeploy agent is responsible for doing the actual work of deploying software on an individual EC2 instance'
   spec.author        = 'Amazon Web Services'
   spec.files         = Dir['{lib,bin,conf,vendor}/**/*']
   spec.homepage      = "https://github.com/aws/aws-codedeploy-agent"
   spec.bindir        = ['bin']
   spec.require_paths = ['lib']
+  spec.license        = 'Apache-2.0'
+  spec.required_ruby_version = '~> 2.0'
 
   spec.add_dependency('gli', '~> 2.5')
   spec.add_dependency('json_pure', '~> 1.6')

diff --git a/lib/instance_agent/config.rb b/lib/instance_agent/config.rb
@@ -43,7 +43,8 @@ def initialize
         :enable_deployments_log => true,
         :use_fips_mode => false,
         :deploy_control_endpoint => nil,
-        :s3_endpoint_override => nil
+        :s3_endpoint_override => nil,
+        :enable_auth_policy => false
       })
     end
 

diff --git a/lib/instance_agent/plugins/codedeploy/codedeploy_control.rb b/lib/instance_agent/plugins/codedeploy/codedeploy_control.rb
@@ -47,6 +47,7 @@ def ssl_verify_peer
 
         def verify_cert_fields
           deploy_control_endpoint = get_client.config.endpoint
+          InstanceAgent::Log.debug("Current deploy control endpoint: #{deploy_control_endpoint}")
           begin
             cert_verifier = InstanceAgent::Plugins::CodeDeployPlugin::CodeDeployControlCertVerifier.new(deploy_control_endpoint)
             cert_verifier.verify_cert

diff --git a/lib/instance_agent/plugins/codedeploy/command_poller.rb b/lib/instance_agent/plugins/codedeploy/command_poller.rb
@@ -40,6 +40,7 @@ def initialize
 
           log(:debug, "Configuring deploy control client: Region=#{region.inspect}")
           log(:debug, "Deploy control endpoint override=#{InstanceAgent::Config.config[:deploy_control_endpoint]}")
+          log(:debug, "Enable auth policy = #{InstanceAgent::Config.config[:enable_auth_policy]}")
 
           @deploy_control = InstanceAgent::Plugins::CodeDeployPlugin::CodeDeployControl.new(:region => region, :logger => InstanceAgent::Log, :ssl_ca_directory => ENV['AWS_SSL_CA_DIRECTORY'])
           @deploy_control_client = @deploy_control.get_client

diff --git a/test/instance_agent/config_test.rb b/test/instance_agent/config_test.rb
@@ -34,7 +34,8 @@ class InstanceAgentConfigTest < InstanceAgentTestCase
         :kill_agent_max_wait_time_seconds => 7200,
         :use_fips_mode => false,
         :deploy_control_endpoint => nil,
-        :s3_endpoint_override => nil
+        :s3_endpoint_override => nil,
+        :enable_auth_policy => false
       }, InstanceAgent::Config.config)
     end
 

diff --git a/test/instance_agent/plugins/codedeploy/codedeploy_control_test.rb b/test/instance_agent/plugins/codedeploy/codedeploy_control_test.rb
@@ -83,6 +83,29 @@ class CodeDeployControlTest < InstanceAgentTestCase
             assert_equal "codedeploy-commands-fips.us-west-2.amazonaws.com", codedeploy_control_client.get_client.config.endpoint.host
         end
       end
+
+      context "with enable_auth_policy set" do
+        setup do
+          InstanceAgent::Config.config[:enable_auth_policy] = true
+        end
+
+        should "use secure endpoint" do
+          codedeploy_control_client = CodeDeployControl.new :region => "us-west-2"
+          assert_equal "codedeploy-commands-secure.us-west-2.amazonaws.com", codedeploy_control_client.get_client.config.endpoint.host
+        end
+      end
+
+      context "with both of use_fips_mode and enable_auth_policy set" do
+        setup do
+          InstanceAgent::Config.config[:use_fips_mode] = true
+          InstanceAgent::Config.config[:enable_auth_policy] = true
+        end
+
+        should "use secure Fips endpoint" do
+          codedeploy_control_client = CodeDeployControl.new :region => "us-west-2"
+          assert_equal "codedeploy-commands-secure-fips.us-west-2.amazonaws.com", codedeploy_control_client.get_client.config.endpoint.host
+        end
+      end
 
     end
   end

diff --git a/vendor/gems/codedeploy-commands-1.0.0/apis/CodeDeployCommand.api.json b/vendor/gems/codedeploy-commands-1.0.0/apis/CodeDeployCommand.api.json
@@ -4,10 +4,6 @@
     "apiVersion": "2014-10-06",
     "endpointPrefix": "codedeploy-commands",
     "jsonVersion": "1.1",
-    "regionalEndpoints": {
-      "us-east-1": "codedeploy-commands.us-east-1.amazonaws.com",
-      "us-west-2": "codedeploy-commands.us-west-2.amazonaws.com"
-    },
     "serviceAbbreviation": "CodeDeployCommand",
     "serviceFullName": "AWS CodeDeploy Command Service",
     "signatureVersion": "v4",