Skip to content

Commit 2de888d

Browse files
gusfcarvalhogusfcarvalho
committed
fix: copilot issues
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
1 parent fa14924 commit 2de888d

2 files changed

Lines changed: 80 additions & 8 deletions

File tree

main.go

Lines changed: 41 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ const (
4444
nonComplianceMessageField = "non_compliance_message"
4545
custodianWatchInterval = 30 * time.Second
4646
custodianOutputTailBytes = 4096
47+
custodianLogTailMaxSections = 5
4748
)
4849

4950
var lookPath = exec.LookPath
@@ -1116,12 +1117,18 @@ func processSocketInodes(pid int) (map[string]bool, error) {
11161117
fdDir := filepath.Join("/proc", strconv.Itoa(pid), "fd")
11171118
entries, err := os.ReadDir(fdDir)
11181119
if err != nil {
1120+
if errors.Is(err, fs.ErrNotExist) || errors.Is(err, os.ErrNotExist) {
1121+
return map[string]bool{}, nil
1122+
}
11191123
return nil, err
11201124
}
11211125
inodes := map[string]bool{}
11221126
for _, entry := range entries {
11231127
target, err := os.Readlink(filepath.Join(fdDir, entry.Name()))
11241128
if err != nil {
1129+
if errors.Is(err, fs.ErrNotExist) || errors.Is(err, os.ErrNotExist) {
1130+
continue
1131+
}
11251132
continue
11261133
}
11271134
if strings.HasPrefix(target, "socket:[") && strings.HasSuffix(target, "]") {
@@ -1255,8 +1262,13 @@ func readCustodianLogArtifactsForPaths(logPaths []string, maxBytes int) ([]strin
12551262
return nil, "", nil
12561263
}
12571264

1258-
sections := make([]string, 0, len(logPaths))
1259-
for _, logPath := range logPaths {
1265+
sections := make([]string, 0, min(len(logPaths), custodianLogTailMaxSections))
1266+
for i, logPath := range logPaths {
1267+
if i >= custodianLogTailMaxSections {
1268+
remaining := len(logPaths) - custodianLogTailMaxSections
1269+
sections = append(sections, fmt.Sprintf("custodian log tail truncated: %d additional custodian-run.log file(s) omitted", remaining))
1270+
break
1271+
}
12601272
content, err := readFileTail(logPath, maxBytes)
12611273
if err != nil {
12621274
return logPaths, "", fmt.Errorf("failed to read custodian log %s: %w", logPath, err)
@@ -2828,16 +2840,18 @@ func awsResourceExplorerURLWithReason(payload *StandardizedResourcePayload) (str
28282840
return "", reason
28292841
}
28302842

2843+
partition := awsPartitionFromARN(resourceARN)
28312844
region := awsRegionFromARN(resourceARN)
2832-
if region == "" && payload.Resource.Region != "" && payload.Resource.Region != "global" {
2845+
if region == "" && payload.Resource.Region != "" && payload.Resource.Region != "global" && awsPartitionForRegion(payload.Resource.Region) == partition {
28332846
region = payload.Resource.Region
28342847
}
28352848
if region == "" {
2836-
region = "us-east-1"
2849+
region = awsDefaultConsoleRegionForPartition(partition)
28372850
}
28382851

28392852
query := "id:" + resourceARN
2840-
return "https://console.aws.amazon.com/resource-explorer/home?region=" + url.QueryEscape(region) + "#/search?query=" + url.QueryEscape(query), ""
2853+
consoleDomain := awsConsoleDomainForPartition(partition)
2854+
return "https://" + consoleDomain + "/resource-explorer/home?region=" + url.QueryEscape(region) + "#/search?query=" + url.QueryEscape(query), ""
28412855
}
28422856

28432857
func awsResourceExplorerResourceARN(payload *StandardizedResourcePayload) (string, string) {
@@ -2880,6 +2894,28 @@ func awsPartitionFromARN(arnValue string) string {
28802894
return ""
28812895
}
28822896

2897+
func awsConsoleDomainForPartition(partition string) string {
2898+
switch partition {
2899+
case "aws-cn":
2900+
return "console.amazonaws.cn"
2901+
case "aws-us-gov":
2902+
return "console.amazonaws-us-gov.com"
2903+
default:
2904+
return "console.aws.amazon.com"
2905+
}
2906+
}
2907+
2908+
func awsDefaultConsoleRegionForPartition(partition string) string {
2909+
switch partition {
2910+
case "aws-cn":
2911+
return "cn-north-1"
2912+
case "aws-us-gov":
2913+
return "us-gov-west-1"
2914+
default:
2915+
return "us-east-1"
2916+
}
2917+
}
2918+
28832919
func awsPartitionForRegion(region string) string {
28842920
region = strings.TrimSpace(strings.ToLower(region))
28852921
switch {

main_test.go

Lines changed: 39 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -883,6 +883,32 @@ exit 3
883883
}
884884
})
885885

886+
t.Run("limits custodian log artifact tails", func(t *testing.T) {
887+
root := t.TempDir()
888+
logPaths := make([]string, 0, custodianLogTailMaxSections+2)
889+
for i := 0; i < custodianLogTailMaxSections+2; i++ {
890+
logPath := filepath.Join(root, fmt.Sprintf("log-%02d", i), "custodian-run.log")
891+
if err := os.MkdirAll(filepath.Dir(logPath), 0o755); err != nil {
892+
t.Fatalf("failed to create log dir: %v", err)
893+
}
894+
if err := os.WriteFile(logPath, []byte(fmt.Sprintf("log detail %02d", i)), 0o600); err != nil {
895+
t.Fatalf("failed to write log: %v", err)
896+
}
897+
logPaths = append(logPaths, logPath)
898+
}
899+
900+
_, logTail, err := readCustodianLogArtifactsForPaths(logPaths, custodianOutputTailBytes)
901+
if err != nil {
902+
t.Fatalf("unexpected log tail error: %v", err)
903+
}
904+
if got := strings.Count(logTail, "custodian log tail from"); got != custodianLogTailMaxSections {
905+
t.Fatalf("expected %d log sections, got %d in:\n%s", custodianLogTailMaxSections, got, logTail)
906+
}
907+
if !strings.Contains(logTail, "2 additional custodian-run.log file(s) omitted") {
908+
t.Fatalf("expected truncation marker, got:\n%s", logTail)
909+
}
910+
})
911+
886912
t.Run("does not read custodian log artifacts on success by default", func(t *testing.T) {
887913
script := `#!/bin/sh
888914
set -eu
@@ -973,6 +999,16 @@ printf '[]' > "$out/test-policy/resources.json"
973999
}
9741000
})
9751001

1002+
t.Run("treats missing proc fd directory as empty socket snapshot", func(t *testing.T) {
1003+
inodes, err := processSocketInodes(-1)
1004+
if err != nil {
1005+
t.Fatalf("expected missing process fd directory to be non-fatal, got %v", err)
1006+
}
1007+
if len(inodes) != 0 {
1008+
t.Fatalf("expected no socket inodes for missing process, got %#v", inodes)
1009+
}
1010+
})
1011+
9761012
t.Run("strips plugin-only policy fields before custodian execution", func(t *testing.T) {
9771013
script := `#!/bin/sh
9781014
set -eu
@@ -1828,7 +1864,7 @@ func TestAWSResourceExplorerURL(t *testing.T) {
18281864
Region: "cn-north-1",
18291865
},
18301866
},
1831-
want: "https://console.aws.amazon.com/resource-explorer/home?region=cn-north-1#/search?query=id%3Aarn%3Aaws-cn%3As3%3A%3A%3Aexample-bucket",
1867+
want: "https://console.amazonaws.cn/resource-explorer/home?region=cn-north-1#/search?query=id%3Aarn%3Aaws-cn%3As3%3A%3A%3Aexample-bucket",
18321868
wantLink: true,
18331869
},
18341870
{
@@ -1841,7 +1877,7 @@ func TestAWSResourceExplorerURL(t *testing.T) {
18411877
Region: "us-gov-west-1",
18421878
},
18431879
},
1844-
want: "https://console.aws.amazon.com/resource-explorer/home?region=us-gov-west-1#/search?query=id%3Aarn%3Aaws-us-gov%3As3%3A%3A%3Aexample-bucket",
1880+
want: "https://console.amazonaws-us-gov.com/resource-explorer/home?region=us-gov-west-1#/search?query=id%3Aarn%3Aaws-us-gov%3As3%3A%3A%3Aexample-bucket",
18451881
wantLink: true,
18461882
},
18471883
{
@@ -1855,7 +1891,7 @@ func TestAWSResourceExplorerURL(t *testing.T) {
18551891
Region: "us-east-1",
18561892
},
18571893
},
1858-
want: "https://console.aws.amazon.com/resource-explorer/home?region=us-east-1#/search?query=id%3Aarn%3Aaws-us-gov%3As3%3A%3A%3Aexample-bucket",
1894+
want: "https://console.amazonaws-us-gov.com/resource-explorer/home?region=us-gov-west-1#/search?query=id%3Aarn%3Aaws-us-gov%3As3%3A%3A%3Aexample-bucket",
18591895
wantLink: true,
18601896
},
18611897
{

0 commit comments

Comments
 (0)