From b8709cf2f363d92e4c658a486b6b56233557e7b3 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Tue, 15 Sep 2020 11:30:52 -0600 Subject: [PATCH 1/2] Fix index out of range error when getting AWS account name --- x-pack/metricbeat/module/aws/aws.go | 50 ++++++++++++++++++----------- 1 file changed, 31 insertions(+), 19 deletions(-) diff --git a/x-pack/metricbeat/module/aws/aws.go b/x-pack/metricbeat/module/aws/aws.go index a49e04c010b3..faf0368950e4 100644 --- a/x-pack/metricbeat/module/aws/aws.go +++ b/x-pack/metricbeat/module/aws/aws.go @@ -8,6 +8,8 @@ import ( "context" "time" + "github.com/aws/aws-sdk-go-v2/service/iam/iamiface" + awssdk "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/ec2" "github.com/aws/aws-sdk-go-v2/service/ec2/ec2iface" @@ -105,25 +107,6 @@ func NewMetricSet(base mb.BaseMetricSet) (*MetricSet, error) { awsConfig.Region = "us-east-1" } - svcIam := iam.New(awscommon.EnrichAWSConfigWithEndpoint( - config.AWSConfig.Endpoint, "iam", "", awsConfig)) - req := svcIam.ListAccountAliasesRequest(&iam.ListAccountAliasesInput{}) - output, err := req.Send(context.TODO()) - if err != nil { - base.Logger().Warn("failed to list account aliases, please check permission setting: ", err) - metricSet.AccountName = metricSet.AccountID - } else { - // When there is no account alias, account ID will be used as cloud.account.name - if len(output.AccountAliases) == 0 { - metricSet.AccountName = metricSet.AccountID - } - - // There can be more than one aliases for each account, for now we are only - // collecting the first one. - metricSet.AccountName = output.AccountAliases[0] - base.Logger().Debug("AWS Credentials belong to account name: ", metricSet.AccountName) - } - // Get IAM account id svcSts := sts.New(awscommon.EnrichAWSConfigWithEndpoint( config.AWSConfig.Endpoint, "sts", "", awsConfig)) @@ -136,6 +119,11 @@ func NewMetricSet(base mb.BaseMetricSet) (*MetricSet, error) { base.Logger().Debug("AWS Credentials belong to account ID: ", metricSet.AccountID) } + // Get account name/alias + svcIam := iam.New(awscommon.EnrichAWSConfigWithEndpoint( + config.AWSConfig.Endpoint, "iam", "", awsConfig)) + metricSet.AccountName = getAccountName(svcIam, base, metricSet) + // Construct MetricSet with a full regions list if config.Regions == nil { svcEC2 := ec2.New(awscommon.EnrichAWSConfigWithEndpoint( @@ -170,6 +158,30 @@ func getRegions(svc ec2iface.ClientAPI) (completeRegionsList []string, err error return } +func getAccountName(svc iamiface.ClientAPI, base mb.BaseMetricSet, metricSet MetricSet) string { + req := svc.ListAccountAliasesRequest(&iam.ListAccountAliasesInput{}) + output, err := req.Send(context.TODO()) + + accountName := metricSet.AccountID + if err != nil { + base.Logger().Warn("failed to list account aliases, please check permission setting: ", err) + return accountName + } + + // When there is no account alias, account ID will be used as cloud.account.name + if len(output.AccountAliases) == 0 { + accountName = metricSet.AccountID + base.Logger().Debug("AWS Credentials belong to account ID: ", metricSet.AccountID) + return accountName + } + + // There can be more than one aliases for each account, for now we are only + // collecting the first one. + accountName = output.AccountAliases[0] + base.Logger().Debug("AWS Credentials belong to account name: ", metricSet.AccountName) + return accountName +} + // StringInSlice checks if a string is already exists in list and its location func StringInSlice(str string, list []string) (bool, int) { for idx, v := range list { From dbaf4d43cb20811cf97924111cc98a8376593239 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Tue, 15 Sep 2020 11:38:46 -0600 Subject: [PATCH 2/2] add changelog --- CHANGELOG.next.asciidoc | 1 + x-pack/metricbeat/module/aws/aws.go | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 90df1fbbd35b..7cdacaf31ccd 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -342,6 +342,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Update fields.yml in the azure module, missing metrics field. {pull}20918[20918] - The `elasticsearch/index` metricset only requests wildcard expansion for hidden indices if the monitored Elasticsearch cluster supports it. {pull}20938[20938] - Disable Kafka metricsets based on Jolokia by default. They require a different configuration. {pull}20989[20989] +- Fix panic index out of range error when getting AWS account name. {pull}21101[21101] {issue}21095[21095] *Packetbeat* diff --git a/x-pack/metricbeat/module/aws/aws.go b/x-pack/metricbeat/module/aws/aws.go index faf0368950e4..f7b744c27cba 100644 --- a/x-pack/metricbeat/module/aws/aws.go +++ b/x-pack/metricbeat/module/aws/aws.go @@ -8,12 +8,11 @@ import ( "context" "time" - "github.com/aws/aws-sdk-go-v2/service/iam/iamiface" - awssdk "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/ec2" "github.com/aws/aws-sdk-go-v2/service/ec2/ec2iface" "github.com/aws/aws-sdk-go-v2/service/iam" + "github.com/aws/aws-sdk-go-v2/service/iam/iamiface" "github.com/aws/aws-sdk-go-v2/service/rds" "github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi" "github.com/aws/aws-sdk-go-v2/service/sts"