Lets to get security credentials if run on AWS FarGate

[petlitskiy]

PMM-0

Link to the Feature Build: SUBMODULES-0

If this PR adds or removes or alters one or more API endpoints, please review and add or update the relevant API documents as well:

• API Docs updated

If this PR is related to some other PRs in this or other repositories, please provide links to those PRs:

• Links to related pull requests (optional).

[it-percona-cla]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ petlitskiy
❌ anonymous

---

anonymous seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[BupycHuk]

Hi @petlitskiy,
thank you for your contribution.

Could you please sign the CLA, add to description what this PR is about and how it will help you?

I left a few comments what can be improved

Thank you

[BupycHuk]

Suggested change

	p, err := procfs.NewProc(1)
	if err != nil {
	log.Fatalf("could not get process: %s", err)
	}
	envs, err := p.Environ()
	if err != nil {
	log.Fatalf("could not get process stat: %s", err)
	}
	env := os.Environ()
	if err != nil {
	log.Fatalf("could not get process stat: %s", err)
	}

[BupycHuk]

It can be replaced with just strings.HasPrefix

[BupycHuk]

Do we know the exact environment variable? we can use os.GetEnv for it

[petlitskiy]

The exactly env variable ("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI") ALWAYS is present only on AWS Fargate for PID 1 - i.e. only for "supervisord" process. It not available for "managed" process - that is why i use procfs but not os.GetEnv(). It is my opinion.

[petlitskiy]

But yes - we can use os.GetEnv. I checked. It works well.

[BupycHuk]

Suggested change

	if result != "" {
	return &agentpb.SetStateRequest_AgentProcess{
	Type: inventorypb.AgentType_RDS_EXPORTER,
	TemplateLeftDelim: tdp.Left,
	TemplateRightDelim: tdp.Right,
	Args: args,
	Env: []string{
	fmt.Sprintf("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI=%s", result),
	},
	TextFiles: map[string]string{
	"config": "---\n" + string(b),
	},
	RedactWords: words,
	}, nil
	} else {
	return &agentpb.SetStateRequest_AgentProcess{
	Type: inventorypb.AgentType_RDS_EXPORTER,
	TemplateLeftDelim: tdp.Left,
	TemplateRightDelim: tdp.Right,
	Args: args,
	TextFiles: map[string]string{
	"config": "---\n" + string(b),
	},
	RedactWords: words,
	}, nil
	}
	var env []string
	if result != "" {
	env = []string{fmt.Sprintf("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI=%s", result)}
	}
	return &agentpb.SetStateRequest_AgentProcess{
	Type: inventorypb.AgentType_RDS_EXPORTER,
	TemplateLeftDelim: tdp.Left,
	TemplateRightDelim: tdp.Right,
	Args: args,
	Env: env,
	TextFiles: map[string]string{
	"config": "---\n" + string(b),
	},
	RedactWords: words,
	}, nil

[artemgavrilov]

Hi @petlitskiy , sorry for the delay. Are you still interested in this contribution? We would like to merge this change, can you please reopen this PR?

[petlitskiy]

Yes. I'll reopen. But i confused with your CLA assistant plugin. I have no idea what it wants from me. ср, 28 черв. 2023, 15:58 користувач Artem Gavrilov ***@***.***> пише:

…

Hi @petlitskiy <https://github.com/petlitskiy> , sorry for the delay. Are you still interested in this contribution? We would like to merge this change, can you please reopen this PR? — Reply to this email directly, view it on GitHub <#2174 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ATLN5D6O4PZ46ULYXRWIUMTXNQS73ANCNFSM6AAAAAAYNEB5QU> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[artemgavrilov]

@petlitskiy Please check that your email in git setting matches email specified in Github account, most likely this is the case.

[petlitskiy]

Created again. #2334 чт, 29 черв. 2023 р. о 11:59 Artem Gavrilov ***@***.***> пише:

…

@petlitskiy <https://github.com/petlitskiy> Please check that your email in git setting matches email specified in Github account, most likely this is the case. — Reply to this email directly, view it on GitHub <#2174 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ATLN5D3PFOXUTFZU23KDIXTXNU7Y3ANCNFSM6AAAAAAYNEB5QU> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[petlitskiy]

This a pretty small but meaningful improvement can make our work much more convenient. P.S. my colleague/chief like to update from PMM console. But to update from PMM console it the rds agent has to work inside ECS Fargate. пт, 30 черв. 2023 р. о 11:22 Олексій Петлицький ***@***.***> пише:

…

Created again. #2334 чт, 29 черв. 2023 р. о 11:59 Artem Gavrilov ***@***.***> пише: > @petlitskiy <https://github.com/petlitskiy> Please check that your email > in git setting matches email specified in Github account, most likely this > is the case. > > — > Reply to this email directly, view it on GitHub > <#2174 (comment)>, or > unsubscribe > <https://github.com/notifications/unsubscribe-auth/ATLN5D3PFOXUTFZU23KDIXTXNU7Y3ANCNFSM6AAAAAAYNEB5QU> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> >