Finish NVIDIA GPU

aws · Sep 6, 2022 · 3c59d44 · 3c59d44
1 parent 9ed05b3
commit 3c59d44
Show file tree

Hide file tree

Showing 7 changed files with 26 additions and 35 deletions.
diff --git a/.github/workflows/integrationTest.yml b/.github/workflows/integrationTest.yml
@@ -75,13 +75,6 @@ jobs:
 
       - uses: olafurpg/setup-gpg@v3
 
-      - name: Sign packages
-        if: steps.cached_binaries.outputs.cache-hit != 'true'
-        run: |
-          echo "${GPG_PRIVATE_KEY}" | gpg --batch --import -
-          for f in $(find build/bin/); do if [ ! -d $f ]; then echo "Signing file $f" && echo "${PASSPHRASE}" | gpg --detach-sign  --passphrase-fd 0 --batch --default-key "${GPG_KEY_NAME}" $f ; fi ; done
-
-
       - name: Upload to s3
         if: steps.cached_binaries.outputs.cache-hit != 'true'
         run: aws s3 cp build/bin s3://${S3_INTEGRATION_BUCKET}/integration-test/binary/${{ github.sha }} --recursive
@@ -334,11 +327,6 @@ jobs:
           aws s3 cp s3://${S3_INTEGRATION_BUCKET}/integration-test/packaging/${{ github.sha }}/amazon-cloudwatch-agent.msi ./packages/amazon-cloudwatch-agent.msi
           aws s3 cp s3://${S3_INTEGRATION_BUCKET}/integration-test/packaging/${{ github.sha }}/amazon-cloudwatch-agent.pkg ./packages/amazon-cloudwatch-agent.pkg
 
-      - name: Sign packages
-        if: steps.cached_sig.outputs.cache-hit != 'true'
-        run: |
-          echo "${GPG_PRIVATE_KEY}" | gpg --batch --import -
-          for f in $(find packages/); do if [ ! -d $f ]; then echo "Signing file $f" && echo "${PASSPHRASE}" | gpg --detach-sign  --passphrase-fd 0 --batch --default-key "${GPG_KEY_NAME}" $f ; fi ; done
 
       - name: Upload to s3
         if: steps.cached_sig.outputs.cache-hit != 'true'

diff --git a/cmd/amazon-cloudwatch-agent/amazon-cloudwatch-agent.go b/cmd/amazon-cloudwatch-agent/amazon-cloudwatch-agent.go
@@ -465,7 +465,7 @@ func main() {
 		}
 		return
 	}
-		log.Printf("test only: %v",inputFilters)
+
 	if runtime.GOOS == "windows" && windowsRunAsService() {
 		programFiles := os.Getenv("ProgramFiles")
 		if programFiles == "" { // Should never happen

diff --git a/integration/terraform/ec2/win/vpc.tf b/integration/terraform/ec2/win/vpc.tf
@@ -21,9 +21,9 @@ resource "aws_security_group" "ec2_security_group" {
   }
 
   ingress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "TCP"
     cidr_blocks = ["0.0.0.0/0"]
   }
 }
diff --git a/integration/terraform/ecs/linux/README.md b/integration/terraform/ecs/linux/README.md
@@ -1,7 +1,7 @@
 Running ECS Fargate Integration Tests
 =========================
 ## Prerequisite
-* ECR Repository with the docker image
+* [ECR Repository with the docker image](https://docs.aws.amazon.com/AmazonECR/latest/userguide/getting-started-console.html)
 
 ## How ECS Fargate are set up?
 **Step 1:** Create a Fargate ECS Cluster with the default VPC Network.   

diff --git a/integration/test/nvidia_gpu/metrics_nvidia_gpu_linux_test.go b/integration/test/nvidia_gpu/metrics_nvidia_gpu_linux_test.go
@@ -10,8 +10,6 @@ import (
 	"fmt"
 	"github.com/aws/amazon-cloudwatch-agent/integration/test"
 	"github.com/aws/amazon-cloudwatch-agent/internal/util/security"
-	"os/user"
-	"syscall"
 	"testing"
 	"time"
 )
@@ -46,24 +44,11 @@ func TestNvidiaGPU(t *testing.T) {
 			t.Fatalf("CloudWatchAgent does not have privellege to write and read CWA's log: %v", err)
 		}
 
-		if err := CheckFileOwnerRights(agentLinuxLogPath); err != nil {
+		if err := security.CheckFileOwnerRights(agentLinuxLogPath,agentLinuxPermission); err != nil {
 			t.Fatalf("CloudWatchAgent does not have right to CWA's log: %v", err)
 		}
 
 	})
 }
 
-func CheckFileOwnerRights(filePath string) error {
-	var stat syscall.Stat_t
-	if err := syscall.Stat(filePath, &stat); err != nil {
-		return fmt.Errorf("Cannot get file's stat %s: %v", filePath, err)
-	}
 
-	if owner, err := user.LookupId(fmt.Sprintf("%d", stat.Uid)); err != nil {
-		return fmt.Errorf("Cannot look up file owner's name %s: %v", filePath, err)
-	} else if owner.Name != agentLinuxPermission {
-		return fmt.Errorf("Agent does not have permission to protect file %s", filePath)
-	}
-
-	return nil
-}
diff --git a/internal/util/security/unix_permission.go b/internal/util/security/unix_permission.go
@@ -9,9 +9,10 @@ package security
 import (
 	"fmt"
 	"syscall"
+	"os/user"
 )
 
-// CheckFileRights check that the given filename has been protected by the owner.
+// CheckFileRights check that the given file path has been protected by the owner.
 // If the owner is changed, they need at least the sudo permission to override the owner.
 func CheckFileRights(filePath string) error {
 	var stat syscall.Stat_t
@@ -31,3 +32,20 @@ func CheckFileRights(filePath string) error {
 
 	return fmt.Errorf("File's owner does not have enough permission at path %s", filePath)
 }
+
+
+// CheckFileOwnerRights check that the given owner is the same owner of the given filepath
+func CheckFileOwnerRights(filePath, requiredOwner string) error {
+	var stat syscall.Stat_t
+	if err := syscall.Stat(filePath, &stat); err != nil {
+		return fmt.Errorf("Cannot get file's stat %s: %v", filePath, err)
+	}
+
+	if owner, err := user.LookupId(fmt.Sprintf("%d", stat.Uid)); err != nil {
+		return fmt.Errorf("Cannot look up file owner's name %s: %v", filePath, err)
+	} else if owner.Name != requiredOwner {
+		return fmt.Errorf("Agent does not have permission to protect file %s", filePath)
+	}
+
+	return nil
+}
diff --git a/internal/util/security/windows_permission.go b/internal/util/security/windows_permission.go
@@ -94,7 +94,7 @@ func CheckFileRights(filePath string) error {
 			if compareIsLocalSystem {
 				hasFileAllAccessLocalSystem = true
 			}
-			if compareIsLocalSystem {
+			if compareIsAdministrators {
 				hasFileAllAccessAdministrators = true
 			}
 		}