aws · sparrc · Dec 19, 2019 · Dec 12, 2019 · Dec 13, 2019 · Dec 13, 2019
@@ -31,7 +31,7 @@ required = ["github.com/golang/mock/mockgen/model"]
 
 [[constraint]]
   name = "github.com/cihub/seelog"
-  version ="2.6"
+  revision = "f561c5e57575bb1e0a2167028b7339b3a8d16fb4"
 
 [[constraint]]
   name = "github.com/containerd/cgroups"

@@ -29,7 +29,6 @@ import (
 	"github.com/aws/amazon-ecs-agent/agent/config"
 	"github.com/aws/amazon-ecs-agent/agent/engine"
 	"github.com/aws/amazon-ecs-agent/agent/httpclient"
-	"github.com/aws/amazon-ecs-agent/agent/logger"
 	"github.com/aws/amazon-ecs-agent/agent/sighandlers"
 	"github.com/aws/amazon-ecs-agent/agent/sighandlers/exitcodes"
 	"github.com/aws/amazon-ecs-agent/agent/statemanager"
@@ -40,8 +39,6 @@ import (
 	"github.com/cihub/seelog"
 )
 
-var log = logger.ForModule("updater")
-
 const desiredImageFile = "desired-image"
 
 // update describes metadata around an update 2-phase request
@@ -93,7 +90,7 @@ func (u *updater) stageUpdateHandler() func(req *ecsacs.StageUpdateMessage) {
 		defer u.Unlock()
 
 		if req == nil || req.MessageId == nil {
-			log.Error("Nil request to stage update or missing MessageID")
+			seelog.Error("Nil request to stage update or missing MessageID")
 			return
 		}
 
@@ -118,11 +115,11 @@ func (u *updater) stageUpdateHandler() func(req *ecsacs.StageUpdateMessage) {
 			return
 		}
 
-		log.Debug("Staging update", "update", req)
+		seelog.Debug("Staging update", "update", req)
 
 		if u.stage != updateNone {
 			if u.updateID != "" && u.updateID == *req.UpdateInfo.Signature {
-				log.Debug("Update already in progress, acking duplicate message", "id", u.updateID)
+				seelog.Debug("Update already in progress, acking duplicate message", "id", u.updateID)
 				// Acking here is safe as any currently-downloading update will already be holding
 				// the update lock.  A failed download will nack and clear state (while holding the
 				// update lock) before this code is reached, meaning that the above conditional will
@@ -215,7 +212,7 @@ func (u *updater) performUpdateHandler(saver statemanager.Saver, taskEngine engi
 		u.Lock()
 		defer u.Unlock()
 
-		log.Debug("Got perform update request")
+		seelog.Debug("Got perform update request")
 
 		if !u.config.UpdatesEnabled {
 			reason := "Updates are disabled"
@@ -230,7 +227,7 @@ func (u *updater) performUpdateHandler(saver statemanager.Saver, taskEngine engi
 		}
 
 		if u.stage != updateDownloaded {
-			log.Error("Nacking PerformUpdate; not downloaded")
+			seelog.Error("Nacking PerformUpdate; not downloaded")
 			reason := "Cannot perform update; update not downloaded"
 			u.acs.MakeRequest(&ecsacs.NackRequest{
 				Cluster:           req.ClusterArn,
@@ -248,9 +245,9 @@ func (u *updater) performUpdateHandler(saver statemanager.Saver, taskEngine engi
 
 		err := sighandlers.FinalSave(saver, taskEngine)
 		if err != nil {
-			log.Crit("Error saving before update exit", "err", err)
+			seelog.Critical("Error saving before update exit", "err", err)
 		} else {
-			log.Debug("Saved state!")
+			seelog.Debug("Saved state!")
 		}
 		u.fs.Exit(exitcodes.ExitUpdate)
 	}

@@ -22,12 +22,9 @@ import (
 	apieni "github.com/aws/amazon-ecs-agent/agent/api/eni"
 	apitask "github.com/aws/amazon-ecs-agent/agent/api/task"
 	"github.com/aws/amazon-ecs-agent/agent/engine/image"
-	"github.com/aws/amazon-ecs-agent/agent/logger"
 	"github.com/cihub/seelog"
 )
 
-var log = logger.ForModule("dockerstate")
-
 // TaskEngineState keeps track of all mappings between tasks we know about
 // and containers docker runs
 type TaskEngineState interface {
@@ -201,7 +198,7 @@ func (state *DockerTaskEngineState) ENIByMac(mac string) (*apieni.ENIAttachment,
 // AddENIAttachment adds the eni into the state
 func (state *DockerTaskEngineState) AddENIAttachment(eniAttachment *apieni.ENIAttachment) {
 	if eniAttachment == nil {
-		log.Debug("Cannot add empty eni attachment information")
+		seelog.Debug("Cannot add empty eni attachment information")
 		return
 	}
 
@@ -219,7 +216,7 @@ func (state *DockerTaskEngineState) AddENIAttachment(eniAttachment *apieni.ENIAt
 // RemoveENIAttachment removes the eni from state and stop managing
 func (state *DockerTaskEngineState) RemoveENIAttachment(mac string) {
 	if mac == "" {
-		log.Debug("Cannot remove empty eni attachment information")
+		seelog.Debug("Cannot remove empty eni attachment information")
 		return
 	}
 	state.lock.Lock()
@@ -326,13 +323,13 @@ func (state *DockerTaskEngineState) AddContainer(container *apicontainer.DockerC
 	state.lock.Lock()
 	defer state.lock.Unlock()
 	if task == nil || container == nil {
-		log.Crit("Addcontainer called with nil task/container")
+		seelog.Critical("Addcontainer called with nil task/container")
 		return
 	}
 
 	_, exists := state.tasks[task.Arn]
 	if !exists {
-		log.Debug("AddContainer called with unknown task; adding", "arn", task.Arn)
+		seelog.Debug("AddContainer called with unknown task; adding", "arn", task.Arn)
 		state.tasks[task.Arn] = task
 	}
 
@@ -357,11 +354,11 @@ func (state *DockerTaskEngineState) AddContainer(container *apicontainer.DockerC
 // AddImageState adds an image.ImageState to be stored
 func (state *DockerTaskEngineState) AddImageState(imageState *image.ImageState) {
 	if imageState == nil {
-		log.Debug("Cannot add empty image state")
+		seelog.Debug("Cannot add empty image state")
 		return
 	}
 	if imageState.Image.ImageID == "" {
-		log.Debug("Cannot add image state with empty image id")
+		seelog.Debug("Cannot add image state with empty image id")
 		return
 	}
 	state.lock.Lock()
@@ -455,15 +452,15 @@ func (state *DockerTaskEngineState) removeV3EndpointIDToTaskContainerUnsafe(v3En
 // RemoveImageState removes an image.ImageState
 func (state *DockerTaskEngineState) RemoveImageState(imageState *image.ImageState) {
 	if imageState == nil {
-		log.Debug("Cannot remove empty image state")
+		seelog.Debug("Cannot remove empty image state")
 		return
 	}
 	state.lock.Lock()
 	defer state.lock.Unlock()
 
 	imageState, ok := state.imageStates[imageState.Image.ImageID]
 	if !ok {
-		log.Debug("Image State is not found. Cannot be removed")
+		seelog.Debug("Image State is not found. Cannot be removed")
 		return
 	}
 	delete(state.imageStates, imageState.Image.ImageID)

@@ -459,7 +459,7 @@ func taskIAMRoles(networkMode string, agent *TestAgent, t *testing.T) {
 	require.Equal(t, 0, containerMetaData.State.ExitCode, fmt.Sprintf("Container exit code non-zero: %v", containerMetaData.State.ExitCode))
 
 	// Search the audit log to verify the credential request
-	err = utils.SearchStrInDir(filepath.Join(agent.TestDir, "log"), "audit.log.", *task.TaskArn)
+	err = utils.SearchStrInDir(filepath.Join(agent.TestDir, "log"), "audit.log", *task.TaskArn)
 	require.NoError(t, err, "Verify credential request failed")
 }
 
@@ -807,8 +807,8 @@ func TestExecutionRole(t *testing.T) {
 	assert.Len(t, resp.Events, 1, fmt.Sprintf("Get unexpected number of log events: %d", len(resp.Events)))
 	assert.Equal(t, *resp.Events[0].Message, "hello world", fmt.Sprintf("Got log events message unexpected: %s", *resp.Events[0].Message))
 	// Search the audit log to verify the credential request from awslogs driver
-	err = utils.SearchStrInDir(filepath.Join(agent.TestDir, "log"), "audit.log.", "GetCredentialsExecutionRole")
-	err = utils.SearchStrInDir(filepath.Join(agent.TestDir, "log"), "audit.log.", *testTask.TaskArn)
+	err = utils.SearchStrInDir(filepath.Join(agent.TestDir, "log"), "audit.log", "GetCredentialsExecutionRole")
+	err = utils.SearchStrInDir(filepath.Join(agent.TestDir, "log"), "audit.log", *testTask.TaskArn)
 	require.NoError(t, err, "Verify credential request failed")
 }
 

@@ -15,11 +15,23 @@ package audit
 
 import (
 	"fmt"
+	"strconv"
 
 	"github.com/aws/amazon-ecs-agent/agent/config"
+	"github.com/aws/amazon-ecs-agent/agent/logger"
 	"github.com/aws/amazon-ecs-agent/agent/logger/audit/request"
 )
 
+type AuditLogger interface {
+	Log(r request.LogRequest, httpResponseCode int, eventType string)
+	GetContainerInstanceArn() string
+	GetCluster() string
+}
+
+type InfoLogger interface {
+	Info(i ...interface{})
+}
+
 type auditLog struct {
 	containerInstanceArn string
 	cluster              string
@@ -62,3 +74,29 @@ func (a *auditLog) GetCluster() string {
 func (a *auditLog) GetContainerInstanceArn() string {
 	return a.containerInstanceArn
 }
+
+func AuditLoggerConfig(cfg *config.Config) string {
+	config := `
+<seelog type="asyncloop" minlevel="info">
+	<outputs formatid="main">
+		<console />`
+	if cfg.CredentialsAuditLogFile != "" {
+		if logger.Config.RolloverType == "size" {
+			config += `
+		<rollingfile filename="` + cfg.CredentialsAuditLogFile + `" type="size"
+		 maxsize="` + strconv.Itoa(int(logger.Config.MaxFileSizeMB*1000000)) + `" archivetype="none" maxrolls="` + strconv.Itoa(logger.Config.MaxRollCount) + `" />`
+		} else {
+			config += `
+		<rollingfile filename="` + cfg.CredentialsAuditLogFile + `" type="date"
+		 datepattern="2006-01-02-15" archivetype="none" maxrolls="` + strconv.Itoa(logger.Config.MaxRollCount) + `" />`
+		}
+	}
+	config += `
+	</outputs>
+	<formats>
+		<format id="main" format="%Msg%n" />
+	</formats>
+</seelog>
+`
+	return config
+}