From 0aea7d5932652ff3b35df847d94a12615db35e6d Mon Sep 17 00:00:00 2001 From: Hyunsoo Kim Date: Wed, 10 Dec 2025 16:42:38 +0000 Subject: [PATCH 01/13] add onprem --- generator/test_case_generator.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/generator/test_case_generator.go b/generator/test_case_generator.go index 79cb55ade..678cdcf0e 100644 --- a/generator/test_case_generator.go +++ b/generator/test_case_generator.go @@ -435,7 +435,11 @@ func copyAllEC2LinuxTestForOnpremTesting() { */ testTypeToTestConfig["ec2_linux_onprem"] = []testConfig{ { - testDir: "./test/lvm", + testDir: "./test/cloudwatchlogs", + targets: map[string]map[string]struct{}{"os": {"al2": {}}}, + }, + { + testDir: "./test/metrics_number_dimension", targets: map[string]map[string]struct{}{"os": {"al2": {}}}, }, } From 362d8b13f58dc4f8935b8ce397582e47f9954f9b Mon Sep 17 00:00:00 2001 From: Hyunsoo Kim Date: Wed, 10 Dec 2025 20:18:43 +0000 Subject: [PATCH 02/13] sync ec2 test into onprem --- terraform/ec2/linux_onprem/main.tf | 106 ++++++++++++++++++++---- terraform/ec2/linux_onprem/variables.tf | 21 +++++ 2 files changed, 111 insertions(+), 16 deletions(-) diff --git a/terraform/ec2/linux_onprem/main.tf b/terraform/ec2/linux_onprem/main.tf index 5e19ec2c2..879e25532 100644 --- a/terraform/ec2/linux_onprem/main.tf +++ b/terraform/ec2/linux_onprem/main.tf @@ -1,6 +1,8 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: MIT + + module "linux_common" { source = "../common/linux" @@ -31,14 +33,14 @@ module "reboot_common" { } locals { - // list of test that require instance reboot - reboot_required_tests = tolist(["./test/restart"]) // Canary downloads latest binary. Integration test downloads binary connect to git hash. binary_uri = var.is_canary ? "${var.s3_bucket}/release/amazon_linux/${var.arc}/latest/${var.binary_name}" : "${var.s3_bucket}/integration-test/binary/${var.cwa_github_sha}/linux/${var.arc}/${var.binary_name}" + // list of test that require instance reboot + reboot_required_tests = tolist(["./test/restart"]) } ##################################################################### -# Execute test +# Execute tests ##################################################################### resource "null_resource" "integration_test_setup" { @@ -49,20 +51,26 @@ resource "null_resource" "integration_test_setup" { host = module.linux_common.cwagent_public_ip } - # Prepare Integration Test. + # Prepare Integration Test ## Disabling imds endpoint here in order to keep the ability to ssh. If launching an instance with it disabled, ssh doesn't work. ## If imds is not accessible, and RUN_IN_AWS env variable isn't set to true, then the agent considers it being in an onprem host. provisioner "remote-exec" { inline = [ "echo sha ${var.cwa_github_sha}", "sudo cloud-init status --wait", - "echo clone and install agent", - "git clone --branch ${var.github_test_repo_branch} ${var.github_test_repo}", + "echo clone ${var.github_test_repo} branch ${var.github_test_repo_branch} and install agent", + # check for vendor directory specifically instead of overall test repo to avoid issues with SELinux + "if [ ! -d amazon-cloudwatch-agent-test/vendor ]; then", + "echo 'Vendor directory (test repo dependencies) not found, cloning...'", + "sudo rm -r amazon-cloudwatch-agent-test", + "git clone --branch ${var.github_test_repo_branch} ${var.github_test_repo} -q", + "else", + "echo 'Test repo already exists, skipping clone'", + "fi", "cd amazon-cloudwatch-agent-test", - "aws s3 cp s3://${local.binary_uri} .", + "git rev-parse --short HEAD", + "aws s3 cp --no-progress s3://${local.binary_uri} .", "export PATH=$PATH:/snap/bin:/usr/local/go/bin", - "echo installing agent", - var.install_agent, "sudo mkdir -p ~/.aws", "sudo mkdir -p /.aws", "echo creating credentials file that the agent uses by default for onprem", @@ -74,6 +82,37 @@ resource "null_resource" "integration_test_setup" { "printf '\n[default]\naws_access_key_id=%s\naws_secret_access_key=%s\naws_session_token=%s' $(aws sts assume-role --role-arn ${module.linux_common.cwa_onprem_assumed_iam_role_arm} --role-session-name test --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' --output text) | sudo tee -a ~/.aws/credentials>/dev/null", "echo turning off imds access in order to make agent start with onprem mode", "aws ec2 modify-instance-metadata-options --instance-id ${module.linux_common.cwagent_id} --http-endpoint disabled", + var.install_agent, + ] + } + + depends_on = [ + module.linux_common, + null_resource.download_test_repo_and_vendor_from_s3, + ] +} + +# Download vendor directory and cloned test repo from S3 for CN region tests +resource "null_resource" "download_test_repo_and_vendor_from_s3" { + # set to only run in CN region + count = startswith(var.region, "cn-") ? 1 : 0 + + connection { + type = "ssh" + user = var.user + private_key = module.linux_common.private_key_content + host = module.linux_common.cwagent_public_ip + } + provisioner "remote-exec" { + inline = [ + "echo Downloading cloned test repo from S3...", + "aws s3 cp s3://${var.s3_bucket}/integration-test/cloudwatch-agent-test-repo/${var.cwa_github_sha}.tar.gz ./amazon-cloudwatch-agent-test.tar.gz --quiet", + "mkdir amazon-cloudwatch-agent-test", + "tar -xzf amazon-cloudwatch-agent-test.tar.gz -C amazon-cloudwatch-agent-test", + "cd amazon-cloudwatch-agent-test", + "export GO111MODULE=on", + "export GOFLAGS=-mod=vendor", + "echo 'Vendor directory copied from S3'" ] } @@ -82,6 +121,14 @@ resource "null_resource" "integration_test_setup" { ] } +module "amp" { + count = length(regexall("/amp", var.test_dir)) > 0 ? 1 : 0 + source = "terraform-aws-modules/managed-service-prometheus/aws" + workspace_alias = "cwagent-integ-test-${module.linux_common.testing_id}" + retention_period_in_days = 7 + limits_per_label_set = [] +} + resource "null_resource" "integration_test_run" { connection { type = "ssh" @@ -90,23 +137,50 @@ resource "null_resource" "integration_test_run" { host = module.linux_common.cwagent_public_ip } - #Run sanity check and integration test provisioner "remote-exec" { - inline = [ - "echo prepare environment", + inline = concat( + [ + "echo Preparing environment...", + "sudo yum install amazon-cloudwatch-agent -y", + ], + + # SELinux test setup (if enabled) + var.is_selinux_test ? [ + "echo Running SELinux test setup...", + "sudo yum install selinux-policy selinux-policy-targeted policycoreutils-python-utils selinux-policy-devel -y", + "sudo setenforce 1", + "echo below is either Permissive/Enforcing", + "sudo getenforce", + "sudo rm -r amazon-cloudwatch-agent-selinux", + "git clone --branch ${var.selinux_branch} https://github.com/aws/amazon-cloudwatch-agent-selinux.git", + "cd amazon-cloudwatch-agent-selinux", + "cat amazon_cloudwatch_agent.te", + "chmod +x ./amazon_cloudwatch_agent.sh", + "sudo ./amazon_cloudwatch_agent.sh -y", + ] : [ + "echo SELinux test not enabled" + ], + + # General testing setup + [ "export LOCAL_STACK_HOST_NAME=${var.local_stack_host_name}", "export AWS_REGION=${var.region}", "export PATH=$PATH:/snap/bin:/usr/local/go/bin", - "echo run integration test", + "echo Running integration test...", "cd ~/amazon-cloudwatch-agent-test", "nohup bash -c 'while true; do sudo shutdown -c; sleep 30; done' >/dev/null 2>&1 &", - "echo run sanity test && go test ./test/sanity -p 1 -v", - "go test ${var.test_dir} -p 1 -timeout 1h -computeType=EC2 -bucket=${var.s3_bucket} -plugins='${var.plugin_tests}' -cwaCommitSha=${var.cwa_github_sha} -caCertPath=${var.ca_cert_path} -proxyUrl=${module.linux_common.proxy_instance_proxy_ip} -instanceId=${module.linux_common.cwagent_id} -agentStartCommand='${var.agent_start}' -v", - ] + "echo Running sanity test...", + "go test ./test/sanity -p 1 -v", + var.pre_test_setup, + # Integration test execution + "go test ${var.test_dir} -p 1 -timeout 1h -computeType=EC2 -bucket=${var.s3_bucket} -plugins='${var.plugin_tests}' -excludedTests='${var.excluded_tests}' -cwaCommitSha=${var.cwa_github_sha} -caCertPath=${var.ca_cert_path} -proxyUrl=${module.linux_common.proxy_instance_proxy_ip} -instanceId=${module.linux_common.cwagent_id} ${length(regexall("/amp", var.test_dir)) > 0 ? "-ampWorkspaceId=${module.amp[0].workspace_id} " : ""}-v" + ], + ) } depends_on = [ null_resource.integration_test_setup, + null_resource.download_test_repo_and_vendor_from_s3, module.reboot_common, ] } \ No newline at end of file diff --git a/terraform/ec2/linux_onprem/variables.tf b/terraform/ec2/linux_onprem/variables.tf index 6a6017683..b25f0babf 100644 --- a/terraform/ec2/linux_onprem/variables.tf +++ b/terraform/ec2/linux_onprem/variables.tf @@ -62,6 +62,11 @@ variable "local_stack_host_name" { default = "localhost.localstack.cloud" } +variable "is_selinux_test" { + type = bool + default = false +} + variable "s3_bucket" { type = string default = "" @@ -77,6 +82,11 @@ variable "test_dir" { default = "" } +variable "selinux_branch" { + type = string + default = "main" +} + variable "cwa_github_sha" { type = string default = "" @@ -102,6 +112,17 @@ variable "plugin_tests" { default = "" } + +variable "excluded_tests" { + type = string + default = "" +} + +variable "pre_test_setup" { + type = string + default = "echo no pre-test setup" +} + variable "agent_start" { description = "default command is for onprem with linux" type = string From 367ccf831ac131f4365837b3c01cfbc37190be31 Mon Sep 17 00:00:00 2001 From: Hyunsoo Kim Date: Thu, 11 Dec 2025 19:48:37 +0000 Subject: [PATCH 03/13] get instanceId from env --- test/cloudwatchlogs/publish_logs_test.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/test/cloudwatchlogs/publish_logs_test.go b/test/cloudwatchlogs/publish_logs_test.go index faa166b18..928e5a5e5 100644 --- a/test/cloudwatchlogs/publish_logs_test.go +++ b/test/cloudwatchlogs/publish_logs_test.go @@ -95,7 +95,12 @@ func init() { func TestWriteLogsToCloudWatch(t *testing.T) { // this uses the {instance_id} placeholder in the agent configuration, // so we need to determine the host's instance ID for validation - instanceId := awsservice.GetInstanceId() + env := environment.GetEnvironmentMetaData() + instanceId := env.InstanceId + if instanceId == "" { + // Fallback to IMDS if not provided via command line (for backward compatibility) + instanceId = awsservice.GetInstanceId() + } log.Printf("Found instance id %s", instanceId) defer awsservice.DeleteLogGroupAndStream(instanceId, instanceId) From e749be43247ac544820f31616640d81baaf1c884 Mon Sep 17 00:00:00 2001 From: Hyunsoo Kim Date: Thu, 11 Dec 2025 20:18:15 +0000 Subject: [PATCH 04/13] more imds --- test/cloudwatchlogs/publish_logs_test.go | 28 ++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/test/cloudwatchlogs/publish_logs_test.go b/test/cloudwatchlogs/publish_logs_test.go index 928e5a5e5..f02bd3d05 100644 --- a/test/cloudwatchlogs/publish_logs_test.go +++ b/test/cloudwatchlogs/publish_logs_test.go @@ -186,7 +186,12 @@ func TestAutoRemovalFileRotation(t *testing.T) { // 3. The file should be rotated again, and a new log line of size GREATER THAN N should be written // 4. All three log lines, in full, should be visible in CloudWatch Logs func TestRotatingLogsDoesNotSkipLines(t *testing.T) { - instanceId := awsservice.GetInstanceId() + env := environment.GetEnvironmentMetaData() + instanceId := env.InstanceId + if instanceId == "" { + // Fallback to IMDS if not provided via command line (for backward compatibility) + instanceId = awsservice.GetInstanceId() + } cfgFilePath := "resources/config_log_rotated.json" log.Printf("Found instance id %s", instanceId) @@ -243,7 +248,12 @@ func TestRotatingLogsDoesNotSkipLines(t *testing.T) { } func TestLogGroupClass(t *testing.T) { - instanceId := awsservice.GetInstanceId() + env := environment.GetEnvironmentMetaData() + instanceId := env.InstanceId + if instanceId == "" { + // Fallback to IMDS if not provided via command line (for backward compatibility) + instanceId = awsservice.GetInstanceId() + } logFile, err := os.Create(logFilePath) agentRuntime := 20 * time.Second // default flush interval is 5 seconds if err != nil { @@ -315,7 +325,12 @@ func writeSleepRestart(t *testing.T, f *os.File, configPath string, linesPerLoop } func autoRemovalTestCleanup() { - instanceId := awsservice.GetInstanceId() + env := environment.GetEnvironmentMetaData() + instanceId := env.InstanceId + if instanceId == "" { + // Fallback to IMDS if not provided via command line (for backward compatibility) + instanceId = awsservice.GetInstanceId() + } awsservice.DeleteLogGroupAndStream(instanceId, instanceId) paths, _ := filepath.Glob(logFilePath + "*") for _, p := range paths { @@ -325,7 +340,12 @@ func autoRemovalTestCleanup() { // checkData queries CWL and verifies the number of log lines. func checkData(t *testing.T, start time.Time, lineCount int) { - instanceId := awsservice.GetInstanceId() + env := environment.GetEnvironmentMetaData() + instanceId := env.InstanceId + if instanceId == "" { + // Fallback to IMDS if not provided via command line (for backward compatibility) + instanceId = awsservice.GetInstanceId() + } end := time.Now() // Sleep to ensure backend stores logs. time.Sleep(time.Second * 60) From 0861cbaf2acb6d264f757caebd93476f274ac80c Mon Sep 17 00:00:00 2001 From: Hyunsoo Kim Date: Fri, 12 Dec 2025 00:29:09 +0000 Subject: [PATCH 05/13] imds --- .../metrics_number_dimension_test.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/test/metrics_number_dimension/metrics_number_dimension_test.go b/test/metrics_number_dimension/metrics_number_dimension_test.go index c05e21256..251a59e94 100644 --- a/test/metrics_number_dimension/metrics_number_dimension_test.go +++ b/test/metrics_number_dimension/metrics_number_dimension_test.go @@ -6,8 +6,10 @@ package metrics_number_dimension import ( + "flag" "fmt" "log" + "os" "testing" "time" @@ -105,7 +107,12 @@ func buildDimensionFilterList(appendDimension int) []types.DimensionFilter { // we append dimension from 0 to max number - 2 // then we add dimension instance id // thus for max dimension 10, 0 to 8 + instance id = 10 dimension - ec2InstanceId := awsservice.GetInstanceId() + env := environment.GetEnvironmentMetaData() + ec2InstanceId := env.InstanceId + if ec2InstanceId == "" { + // Fallback to IMDS if not provided via command line (for backward compatibility) + ec2InstanceId = awsservice.GetInstanceId() + } dimensionFilter := make([]types.DimensionFilter, appendDimension) for i := 0; i < appendDimension-1; i++ { dimensionFilter[i] = types.DimensionFilter{ From a35c21d56b83fb12fd9fbc502cd868ecf010a03b Mon Sep 17 00:00:00 2001 From: Hyunsoo Kim Date: Fri, 12 Dec 2025 00:37:30 +0000 Subject: [PATCH 06/13] imports --- test/metrics_number_dimension/metrics_number_dimension_test.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/test/metrics_number_dimension/metrics_number_dimension_test.go b/test/metrics_number_dimension/metrics_number_dimension_test.go index 251a59e94..9897eb875 100644 --- a/test/metrics_number_dimension/metrics_number_dimension_test.go +++ b/test/metrics_number_dimension/metrics_number_dimension_test.go @@ -6,10 +6,8 @@ package metrics_number_dimension import ( - "flag" "fmt" "log" - "os" "testing" "time" From f3a8bef8b89f0e053698b493148990e3958e02d4 Mon Sep 17 00:00:00 2001 From: Hyunsoo Kim Date: Fri, 12 Dec 2025 01:54:36 +0000 Subject: [PATCH 07/13] onprem test --- .../ec2_linux_onprem_test_matrix.json | 40 ++++++++++++---- generator/test_case_generator.go | 7 +-- terraform/ec2/linux_onprem/main.tf | 47 +++++++++++++++---- terraform/ec2/linux_onprem/variables.tf | 4 +- 4 files changed, 75 insertions(+), 23 deletions(-) diff --git a/generator/resources/ec2_linux_onprem_test_matrix.json b/generator/resources/ec2_linux_onprem_test_matrix.json index fa16915df..272e1d2a9 100644 --- a/generator/resources/ec2_linux_onprem_test_matrix.json +++ b/generator/resources/ec2_linux_onprem_test_matrix.json @@ -1,14 +1,38 @@ [ { - "os": "al2", - "username": "ec2-user", + "os": "ubuntu-22.04", + "username": "ubuntu", "instanceType":"t3a.medium", - "installAgentCommand": "go run ./install/install_agent.go rpm", - "agentStartCommand": "sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m onPremise -s -c ", - "ami": "cloudwatch-agent-integration-test-al2*", - "caCertPath": "/etc/ssl/certs/ca-bundle.crt", + "installAgentCommand": "go run ./install/install_agent.go deb", + "ami": "cloudwatch-agent-integration-test-ubuntu-LTS-22*", + "caCertPath": "/etc/ssl/certs/ca-certificates.crt", "arc": "amd64", - "binaryName": "amazon-cloudwatch-agent.rpm", - "family": "linux" + "binaryName": "amazon-cloudwatch-agent.deb", + "family": "linux", + "agentStartCommand": "sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m onPremise -s -c " + }, + { + "os": "ubuntu-24", + "username": "ubuntu", + "instanceType":"t3a.medium", + "installAgentCommand": "go run ./install/install_agent.go deb", + "ami": "cloudwatch-agent-integration-test-ubuntu-24*", + "caCertPath": "/etc/ssl/certs/ca-certificates.crt", + "arc": "amd64", + "binaryName": "amazon-cloudwatch-agent.deb", + "family": "linux", + "agentStartCommand": "sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m onPremise -s -c " + }, + { + "os": "ubuntu-25", + "username": "ubuntu", + "instanceType":"t3a.medium", + "installAgentCommand": "go run ./install/install_agent.go deb", + "ami": "cloudwatch-agent-integration-test-ubuntu-25*", + "caCertPath": "/etc/ssl/certs/ca-certificates.crt", + "arc": "amd64", + "binaryName": "amazon-cloudwatch-agent.deb", + "family": "linux", + "agentStartCommand": "sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m onPremise -s -c " } ] \ No newline at end of file diff --git a/generator/test_case_generator.go b/generator/test_case_generator.go index 678cdcf0e..ba3b3c4f7 100644 --- a/generator/test_case_generator.go +++ b/generator/test_case_generator.go @@ -77,6 +77,9 @@ var testTypeToTestConfig = map[string][]testConfig{ "ec2_linux_wd_nvidia": { {testDir: "./test/workload_discovery"}, }, + "ec2_linux_onprem": { + {testDir: "./test/cloudwatchlogs"}, + } testTypeKeyEc2Linux: { {testDir: "./test/ca_bundle"}, {testDir: "./test/cloudwatchlogs"}, @@ -450,9 +453,7 @@ func main() { flag.Parse() configMap := testTypeToTestConfig - if !*useE2E { - copyAllEC2LinuxTestForOnpremTesting() - } else { + if *useE2E { configMap = testTypeToTestConfigE2E } diff --git a/terraform/ec2/linux_onprem/main.tf b/terraform/ec2/linux_onprem/main.tf index 879e25532..2ae52614b 100644 --- a/terraform/ec2/linux_onprem/main.tf +++ b/terraform/ec2/linux_onprem/main.tf @@ -37,6 +37,8 @@ locals { binary_uri = var.is_canary ? "${var.s3_bucket}/release/amazon_linux/${var.arc}/latest/${var.binary_name}" : "${var.s3_bucket}/integration-test/binary/${var.cwa_github_sha}/linux/${var.arc}/${var.binary_name}" // list of test that require instance reboot reboot_required_tests = tolist(["./test/restart"]) + // Pre-test setup command to replace {instance_id} and ${aws:InstanceId} placeholders in source configs + pre_test_setup_cmd = "echo 'Pre-test setup: Replacing {instance_id} and $${aws:InstanceId} placeholders in test resource configs'; find . -path '*/resources/*.json' -exec sed -i 's/{instance_id}/${module.linux_common.cwagent_id}/g' {} \\; -exec sed -i 's/$${aws:InstanceId}/${module.linux_common.cwagent_id}/g' {} \\; && echo 'Updated all config files in resources directories'" } ##################################################################### @@ -72,16 +74,26 @@ resource "null_resource" "integration_test_setup" { "aws s3 cp --no-progress s3://${local.binary_uri} .", "export PATH=$PATH:/snap/bin:/usr/local/go/bin", "sudo mkdir -p ~/.aws", - "sudo mkdir -p /.aws", "echo creating credentials file that the agent uses by default for onprem", - "printf '\n[profile AmazonCloudWatchAgent]\nregion = us-west-2' | sudo tee -a /.aws/config", - "printf '\n[AmazonCloudWatchAgent]\naws_access_key_id=%s\naws_secret_access_key=%s\naws_session_token=%s' $(aws sts assume-role --role-arn ${module.linux_common.cwa_onprem_assumed_iam_role_arm} --role-session-name onpremtest --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' --output text) | sudo tee -a /.aws/credentials>/dev/null", - "printf '[credentials]\n shared_credential_profile = \"AmazonCloudWatchAgent\"\n shared_credential_file = \"/.aws/credentials\"' | sudo tee /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml>/dev/null", - "echo write the same credentials as default profile as well. AWS SDK clients used for testing looks for default. Without this, would have needed to specify profile name in the test code", - "printf '\n[default]\nregion = us-west-2' | sudo tee -a ~/.aws/config", - "printf '\n[default]\naws_access_key_id=%s\naws_secret_access_key=%s\naws_session_token=%s' $(aws sts assume-role --role-arn ${module.linux_common.cwa_onprem_assumed_iam_role_arm} --role-session-name test --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' --output text) | sudo tee -a ~/.aws/credentials>/dev/null", + "printf '[default]\nregion = us-west-2\n' | sudo tee ~/.aws/config", + "echo attempting to assume role for on-premises credentials", + "ASSUME_ROLE_OUTPUT=$(aws sts assume-role --role-arn ${module.linux_common.cwa_onprem_assumed_iam_role_arm} --role-session-name onpremtest --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' --output text)", + "if [ $? -ne 0 ]; then echo 'Failed to assume role'; exit 1; fi", + "echo 'Creating default credentials'", + "printf '[default]\naws_access_key_id=%s\naws_secret_access_key=%s\naws_session_token=%s\n' $ASSUME_ROLE_OUTPUT | sudo tee ~/.aws/credentials>/dev/null", + "echo verifying credentials are working", + "aws sts get-caller-identity || echo 'Credentials test failed'", "echo turning off imds access in order to make agent start with onprem mode", "aws ec2 modify-instance-metadata-options --instance-id ${module.linux_common.cwagent_id} --http-endpoint disabled", + "echo waiting for IMDS to be fully disabled", + "sleep 10", + "sudo mkdir -p /opt/aws/amazon-cloudwatch-agent/etc", + "printf '[credentials]\n shared_credential_profile = \"default\"\n shared_credential_file = \"/home/ubuntu/.aws/credentials\"\n' | sudo tee /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml>/dev/null", + "echo setting environment variables for agent", + "echo 'RUN_IN_AWS=false' | sudo tee -a /opt/aws/amazon-cloudwatch-agent/etc/env-config", + "echo 'INSTANCE_ID=${module.linux_common.cwagent_id}' | sudo tee -a /opt/aws/amazon-cloudwatch-agent/etc/env-config", + "echo 'export RUN_IN_AWS=false' | sudo tee -a /etc/environment", + "echo 'export INSTANCE_ID=${module.linux_common.cwagent_id}' | sudo tee -a /etc/environment", var.install_agent, ] } @@ -165,15 +177,30 @@ resource "null_resource" "integration_test_run" { [ "export LOCAL_STACK_HOST_NAME=${var.local_stack_host_name}", "export AWS_REGION=${var.region}", + "export RUN_IN_AWS=false", + "export AWS_EC2_METADATA_DISABLED=true", + "export AWS_PROFILE=default", + "export AWS_SHARED_CREDENTIALS_FILE=~/.aws/credentials", + "export AWS_CONFIG_FILE=~/.aws/config", "export PATH=$PATH:/snap/bin:/usr/local/go/bin", "echo Running integration test...", "cd ~/amazon-cloudwatch-agent-test", "nohup bash -c 'while true; do sudo shutdown -c; sleep 30; done' >/dev/null 2>&1 &", - "echo Running sanity test...", - "go test ./test/sanity -p 1 -v", + "echo 'Environment variables for test:'", + "echo 'AWS_REGION='$AWS_REGION", + "echo 'RUN_IN_AWS='$RUN_IN_AWS", + "echo 'AWS_EC2_METADATA_DISABLED='$AWS_EC2_METADATA_DISABLED", + "echo 'AWS_PROFILE='$AWS_PROFILE", + "echo 'Instance ID parameter: ${module.linux_common.cwagent_id}'", + "echo 'Agent start command: ${var.agent_start}'", + "echo 'Testing AWS credentials:'", + "aws sts get-caller-identity || echo 'AWS credentials test failed'", + "echo 'Testing agent credentials:'", + "sudo aws sts get-caller-identity || echo 'Agent credentials test failed'", + local.pre_test_setup_cmd, var.pre_test_setup, # Integration test execution - "go test ${var.test_dir} -p 1 -timeout 1h -computeType=EC2 -bucket=${var.s3_bucket} -plugins='${var.plugin_tests}' -excludedTests='${var.excluded_tests}' -cwaCommitSha=${var.cwa_github_sha} -caCertPath=${var.ca_cert_path} -proxyUrl=${module.linux_common.proxy_instance_proxy_ip} -instanceId=${module.linux_common.cwagent_id} ${length(regexall("/amp", var.test_dir)) > 0 ? "-ampWorkspaceId=${module.amp[0].workspace_id} " : ""}-v" + "go test ${var.test_dir} -p 1 -timeout 1h -computeType=EC2 -bucket=${var.s3_bucket} -plugins='${var.plugin_tests}' -excludedTests='${var.excluded_tests}' -cwaCommitSha=${var.cwa_github_sha} -caCertPath=${var.ca_cert_path} -proxyUrl=${module.linux_common.proxy_instance_proxy_ip} -instanceId=${module.linux_common.cwagent_id} -agentStartCommand='${var.agent_start}' ${length(regexall("/amp", var.test_dir)) > 0 ? "-ampWorkspaceId=${module.amp[0].workspace_id} " : ""}-v" ], ) } diff --git a/terraform/ec2/linux_onprem/variables.tf b/terraform/ec2/linux_onprem/variables.tf index b25f0babf..d31d1a1e0 100644 --- a/terraform/ec2/linux_onprem/variables.tf +++ b/terraform/ec2/linux_onprem/variables.tf @@ -28,13 +28,13 @@ variable "ssh_key_value" { variable "user" { type = string - default = "" + default = "ubuntu" } variable "install_agent" { description = "go run ./install/install_agent.go deb or go run ./install/install_agent.go rpm" type = string - default = "go run ./install/install_agent.go rpm" + default = "go run ./install/install_agent.go deb" } variable "ca_cert_path" { From bbbb94e1da7e7429e64b1fd5ffa7b2f0d48018a9 Mon Sep 17 00:00:00 2001 From: Hyunsoo Kim Date: Tue, 16 Dec 2025 16:30:22 +0000 Subject: [PATCH 08/13] support onprem --- generator/test_case_generator.go | 12 ++-- terraform/ec2/linux/main.tf | 107 ++++++++++++++++++++++++------- terraform/ec2/linux/variables.tf | 6 ++ 3 files changed, 97 insertions(+), 28 deletions(-) diff --git a/generator/test_case_generator.go b/generator/test_case_generator.go index ba3b3c4f7..64769b696 100644 --- a/generator/test_case_generator.go +++ b/generator/test_case_generator.go @@ -81,12 +81,12 @@ var testTypeToTestConfig = map[string][]testConfig{ {testDir: "./test/cloudwatchlogs"}, } testTypeKeyEc2Linux: { - {testDir: "./test/ca_bundle"}, - {testDir: "./test/cloudwatchlogs"}, - { - testDir: "./test/log_state/logfile", - targets: map[string]map[string]struct{}{"os": {"al2": {}}}, - }, + // {testDir: "./test/ca_bundle"}, + // {testDir: "./test/cloudwatchlogs"}, + // { + // testDir: "./test/log_state/logfile", + // targets: map[string]map[string]struct{}{"os": {"al2": {}}}, + // }, { testDir: "./test/metrics_number_dimension", targets: map[string]map[string]struct{}{"os": {"al2": {}}}, diff --git a/terraform/ec2/linux/main.tf b/terraform/ec2/linux/main.tf index 747c500fb..4820fc4b2 100644 --- a/terraform/ec2/linux/main.tf +++ b/terraform/ec2/linux/main.tf @@ -37,6 +37,12 @@ locals { binary_uri = var.is_canary ? "${var.s3_bucket}/release/amazon_linux/${var.arc}/latest/${var.binary_name}" : "${var.s3_bucket}/integration-test/binary/${var.cwa_github_sha}/linux/${var.arc}/${var.binary_name}" // list of test that require instance reboot reboot_required_tests = tolist(["./test/restart"]) + + // On-premises specific configuration + is_onprem = var.is_onprem + + // Pre-test setup command + pre_test_setup_cmd = local.is_onprem ? "echo 'Pre-test setup: Replacing {instance_id} and $${aws:InstanceId} placeholders in test resource configs'; find . -path '*/resources/*.json' -exec sed -i 's/{instance_id}/${module.linux_common.cwagent_id}/g' {} \\; -exec sed -i 's/$${aws:InstanceId}/${module.linux_common.cwagent_id}/g' {} \\; && echo 'Updated all config files in resources directories'" : var.pre_test_setup } ##################################################################### @@ -53,24 +59,54 @@ resource "null_resource" "integration_test_setup" { # Prepare Integration Test provisioner "remote-exec" { - inline = [ - "echo sha ${var.cwa_github_sha}", - "sudo cloud-init status --wait", - "echo clone ${var.github_test_repo} branch ${var.github_test_repo_branch} and install agent", - # check for vendor directory specifically instead of overall test repo to avoid issues with SELinux - "if [ ! -d amazon-cloudwatch-agent-test/vendor ]; then", - "echo 'Vendor directory (test repo dependencies) not found, cloning...'", - "sudo rm -r amazon-cloudwatch-agent-test", - "git clone --branch ${var.github_test_repo_branch} ${var.github_test_repo} -q", - "else", - "echo 'Test repo already exists, skipping clone'", - "fi", - "cd amazon-cloudwatch-agent-test", - "git rev-parse --short HEAD", - "aws s3 cp --no-progress s3://${local.binary_uri} .", - "export PATH=$PATH:/snap/bin:/usr/local/go/bin", - var.install_agent, - ] + inline = concat( + [ + "echo sha ${var.cwa_github_sha}", + "sudo cloud-init status --wait", + "echo clone ${var.github_test_repo} branch ${var.github_test_repo_branch} and install agent", + # check for vendor directory specifically instead of overall test repo to avoid issues with SELinux + "if [ ! -d amazon-cloudwatch-agent-test/vendor ]; then", + "echo 'Vendor directory (test repo dependencies) not found, cloning...'", + "sudo rm -r amazon-cloudwatch-agent-test", + "git clone --branch ${var.github_test_repo_branch} ${var.github_test_repo} -q", + "else", + "echo 'Test repo already exists, skipping clone'", + "fi", + "cd amazon-cloudwatch-agent-test", + "git rev-parse --short HEAD", + "aws s3 cp --no-progress s3://${local.binary_uri} .", + "export PATH=$PATH:/snap/bin:/usr/local/go/bin", + ], + + # On-premises specific setup + local.is_onprem ? [ + "sudo mkdir -p ~/.aws", + "echo creating credentials file that the agent uses by default for onprem", + "printf '[default]\\nregion = us-west-2\\n' | sudo tee ~/.aws/config", + "echo attempting to assume role for on-premises credentials", + "ASSUME_ROLE_OUTPUT=$(aws sts assume-role --role-arn ${module.linux_common.cwa_onprem_assumed_iam_role_arm} --role-session-name onpremtest --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' --output text)", + "if [ $? -ne 0 ]; then echo 'Failed to assume role'; exit 1; fi", + "echo 'Creating default credentials'", + "printf '[default]\\naws_access_key_id=%s\\naws_secret_access_key=%s\\naws_session_token=%s\\n' $ASSUME_ROLE_OUTPUT | sudo tee ~/.aws/credentials>/dev/null", + "echo verifying credentials are working", + "aws sts get-caller-identity || echo 'Credentials test failed'", + "echo turning off imds access in order to make agent start with onprem mode", + "aws ec2 modify-instance-metadata-options --instance-id ${module.linux_common.cwagent_id} --http-endpoint disabled", + "echo waiting for IMDS to be fully disabled", + "sleep 10", + "sudo mkdir -p /opt/aws/amazon-cloudwatch-agent/etc", + "printf '[credentials]\\n shared_credential_profile = \"default\"\\n shared_credential_file = \"/home/ubuntu/.aws/credentials\"\\n' | sudo tee /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml>/dev/null", + "echo setting environment variables for agent", + "echo 'RUN_IN_AWS=false' | sudo tee -a /opt/aws/amazon-cloudwatch-agent/etc/env-config", + "echo 'INSTANCE_ID=${module.linux_common.cwagent_id}' | sudo tee -a /opt/aws/amazon-cloudwatch-agent/etc/env-config", + "echo 'export RUN_IN_AWS=false' | sudo tee -a /etc/environment", + "echo 'export INSTANCE_ID=${module.linux_common.cwagent_id}' | sudo tee -a /etc/environment", + ] : [], + + [ + var.install_agent, + ] + ) } depends_on = [ @@ -128,11 +164,12 @@ resource "null_resource" "integration_test_run" { inline = concat( [ "echo Preparing environment...", - "sudo yum install amazon-cloudwatch-agent -y", + "nohup bash -c 'while true; do sudo shutdown -c; sleep 30; done' >/dev/null 2>&1 &", ], # SELinux test setup (if enabled) var.is_selinux_test ? [ + "sudo yum install amazon-cloudwatch-agent -y", "echo Running SELinux test setup...", "sudo yum install selinux-policy selinux-policy-targeted policycoreutils-python-utils selinux-policy-devel -y", "sudo setenforce 1", @@ -153,14 +190,40 @@ resource "null_resource" "integration_test_run" { "export LOCAL_STACK_HOST_NAME=${var.local_stack_host_name}", "export AWS_REGION=${var.region}", "export PATH=$PATH:/snap/bin:/usr/local/go/bin", + ], + + [ "echo Running integration test...", "cd ~/amazon-cloudwatch-agent-test", - "nohup bash -c 'while true; do sudo shutdown -c; sleep 30; done' >/dev/null 2>&1 &", + ], + + # On-premises specific environment variables + local.is_onprem ? [ + "export RUN_IN_AWS=false", + "export AWS_EC2_METADATA_DISABLED=true", + "export AWS_PROFILE=default", + "export AWS_SHARED_CREDENTIALS_FILE=~/.aws/credentials", + "export AWS_CONFIG_FILE=~/.aws/config", + "echo 'Environment variables for on-premises test:'", + "echo 'AWS_REGION='$AWS_REGION", + "echo 'RUN_IN_AWS='$RUN_IN_AWS", + "echo 'AWS_EC2_METADATA_DISABLED='$AWS_EC2_METADATA_DISABLED", + "echo 'AWS_PROFILE='$AWS_PROFILE", + "echo 'Instance ID parameter: ${module.linux_common.cwagent_id}'", + "echo 'Testing AWS credentials:'", + "aws sts get-caller-identity || echo 'AWS credentials test failed'", + "echo 'Testing agent credentials:'", + "sudo aws sts get-caller-identity || echo 'Agent credentials test failed'", + "echo 'Pre-test setup: Replacing {instance_id} and $${aws:InstanceId} placeholders in test resource configs'; find . -path '${var.test_dir}/resources/*.json' -exec sed -i 's/{instance_id}/${module.linux_common.cwagent_id}/g' {} \\; -exec sed -i 's/$${aws:InstanceId}/${module.linux_common.cwagent_id}/g' {} \\; && echo 'Updated all config files in resources directories'" + ] : [ "echo Running sanity test...", "go test ./test/sanity -p 1 -v", + ], + + [ var.pre_test_setup, - # Integration test execution - "go test ${var.test_dir} -p 1 -timeout 1h -computeType=EC2 -bucket=${var.s3_bucket} -plugins='${var.plugin_tests}' -excludedTests='${var.excluded_tests}' -cwaCommitSha=${var.cwa_github_sha} -caCertPath=${var.ca_cert_path} -proxyUrl=${module.linux_common.proxy_instance_proxy_ip} -instanceId=${module.linux_common.cwagent_id} ${length(regexall("/amp", var.test_dir)) > 0 ? "-ampWorkspaceId=${module.amp[0].workspace_id} " : ""}-v" + # Integration test execution with conditional agent start command + "go test ${var.test_dir} -p 1 -timeout 1h -computeType=EC2 -bucket=${var.s3_bucket} -plugins='${var.plugin_tests}' -excludedTests='${var.excluded_tests}' -cwaCommitSha=${var.cwa_github_sha} -caCertPath=${var.ca_cert_path} -proxyUrl=${module.linux_common.proxy_instance_proxy_ip} -instanceId=${module.linux_common.cwagent_id} ${local.is_onprem ? "-agentStartCommand='${var.agent_start}'" : ""} ${length(regexall("/amp", var.test_dir)) > 0 ? "-ampWorkspaceId=${module.amp[0].workspace_id} " : ""}-v" ], ) } diff --git a/terraform/ec2/linux/variables.tf b/terraform/ec2/linux/variables.tf index 6038b2ed8..3eb84350c 100644 --- a/terraform/ec2/linux/variables.tf +++ b/terraform/ec2/linux/variables.tf @@ -127,4 +127,10 @@ variable "agent_start" { description = "default command should be for ec2 with linux" type = string default = "sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c " +} + +variable "is_onprem" { + description = "Whether to run in on-premises mode instead of EC2 mode" + type = bool + default = false } \ No newline at end of file From 073cdfbf67922a800cc999077fc2fbd194d447a9 Mon Sep 17 00:00:00 2001 From: Hyunsoo Kim Date: Fri, 12 Dec 2025 20:09:15 +0000 Subject: [PATCH 09/13] typo --- generator/test_case_generator.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generator/test_case_generator.go b/generator/test_case_generator.go index 64769b696..0cd3ef141 100644 --- a/generator/test_case_generator.go +++ b/generator/test_case_generator.go @@ -79,7 +79,7 @@ var testTypeToTestConfig = map[string][]testConfig{ }, "ec2_linux_onprem": { {testDir: "./test/cloudwatchlogs"}, - } + }, testTypeKeyEc2Linux: { // {testDir: "./test/ca_bundle"}, // {testDir: "./test/cloudwatchlogs"}, From 8c851cf1a16bea7c7c2a121ab738810fe814cd58 Mon Sep 17 00:00:00 2001 From: Hyunsoo Kim Date: Fri, 12 Dec 2025 20:48:04 +0000 Subject: [PATCH 10/13] remove onprem --- terraform/ec2/linux_onprem/main.tf | 213 ------------------------ terraform/ec2/linux_onprem/providers.tf | 6 - terraform/ec2/linux_onprem/variables.tf | 130 --------------- 3 files changed, 349 deletions(-) delete mode 100644 terraform/ec2/linux_onprem/main.tf delete mode 100644 terraform/ec2/linux_onprem/providers.tf delete mode 100644 terraform/ec2/linux_onprem/variables.tf diff --git a/terraform/ec2/linux_onprem/main.tf b/terraform/ec2/linux_onprem/main.tf deleted file mode 100644 index 2ae52614b..000000000 --- a/terraform/ec2/linux_onprem/main.tf +++ /dev/null @@ -1,213 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: MIT - - - -module "linux_common" { - source = "../common/linux" - - region = var.region - ec2_instance_type = var.ec2_instance_type - ssh_key_name = var.ssh_key_name - ami = var.ami - ssh_key_value = var.ssh_key_value - user = var.user - arc = var.arc - test_name = var.test_name - test_dir = var.test_dir - is_canary = var.is_canary -} - -module "reboot_common" { - source = "../common/linux_reboot" - - test_dir = var.test_dir - reboot_required_tests = local.reboot_required_tests - private_key_content = module.linux_common.private_key_content - cwagent_public_ip = module.linux_common.cwagent_public_ip - user = var.user - - depends_on = [ - null_resource.integration_test_setup, - ] -} - -locals { - // Canary downloads latest binary. Integration test downloads binary connect to git hash. - binary_uri = var.is_canary ? "${var.s3_bucket}/release/amazon_linux/${var.arc}/latest/${var.binary_name}" : "${var.s3_bucket}/integration-test/binary/${var.cwa_github_sha}/linux/${var.arc}/${var.binary_name}" - // list of test that require instance reboot - reboot_required_tests = tolist(["./test/restart"]) - // Pre-test setup command to replace {instance_id} and ${aws:InstanceId} placeholders in source configs - pre_test_setup_cmd = "echo 'Pre-test setup: Replacing {instance_id} and $${aws:InstanceId} placeholders in test resource configs'; find . -path '*/resources/*.json' -exec sed -i 's/{instance_id}/${module.linux_common.cwagent_id}/g' {} \\; -exec sed -i 's/$${aws:InstanceId}/${module.linux_common.cwagent_id}/g' {} \\; && echo 'Updated all config files in resources directories'" -} - -##################################################################### -# Execute tests -##################################################################### - -resource "null_resource" "integration_test_setup" { - connection { - type = "ssh" - user = var.user - private_key = module.linux_common.private_key_content - host = module.linux_common.cwagent_public_ip - } - - # Prepare Integration Test - ## Disabling imds endpoint here in order to keep the ability to ssh. If launching an instance with it disabled, ssh doesn't work. - ## If imds is not accessible, and RUN_IN_AWS env variable isn't set to true, then the agent considers it being in an onprem host. - provisioner "remote-exec" { - inline = [ - "echo sha ${var.cwa_github_sha}", - "sudo cloud-init status --wait", - "echo clone ${var.github_test_repo} branch ${var.github_test_repo_branch} and install agent", - # check for vendor directory specifically instead of overall test repo to avoid issues with SELinux - "if [ ! -d amazon-cloudwatch-agent-test/vendor ]; then", - "echo 'Vendor directory (test repo dependencies) not found, cloning...'", - "sudo rm -r amazon-cloudwatch-agent-test", - "git clone --branch ${var.github_test_repo_branch} ${var.github_test_repo} -q", - "else", - "echo 'Test repo already exists, skipping clone'", - "fi", - "cd amazon-cloudwatch-agent-test", - "git rev-parse --short HEAD", - "aws s3 cp --no-progress s3://${local.binary_uri} .", - "export PATH=$PATH:/snap/bin:/usr/local/go/bin", - "sudo mkdir -p ~/.aws", - "echo creating credentials file that the agent uses by default for onprem", - "printf '[default]\nregion = us-west-2\n' | sudo tee ~/.aws/config", - "echo attempting to assume role for on-premises credentials", - "ASSUME_ROLE_OUTPUT=$(aws sts assume-role --role-arn ${module.linux_common.cwa_onprem_assumed_iam_role_arm} --role-session-name onpremtest --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' --output text)", - "if [ $? -ne 0 ]; then echo 'Failed to assume role'; exit 1; fi", - "echo 'Creating default credentials'", - "printf '[default]\naws_access_key_id=%s\naws_secret_access_key=%s\naws_session_token=%s\n' $ASSUME_ROLE_OUTPUT | sudo tee ~/.aws/credentials>/dev/null", - "echo verifying credentials are working", - "aws sts get-caller-identity || echo 'Credentials test failed'", - "echo turning off imds access in order to make agent start with onprem mode", - "aws ec2 modify-instance-metadata-options --instance-id ${module.linux_common.cwagent_id} --http-endpoint disabled", - "echo waiting for IMDS to be fully disabled", - "sleep 10", - "sudo mkdir -p /opt/aws/amazon-cloudwatch-agent/etc", - "printf '[credentials]\n shared_credential_profile = \"default\"\n shared_credential_file = \"/home/ubuntu/.aws/credentials\"\n' | sudo tee /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml>/dev/null", - "echo setting environment variables for agent", - "echo 'RUN_IN_AWS=false' | sudo tee -a /opt/aws/amazon-cloudwatch-agent/etc/env-config", - "echo 'INSTANCE_ID=${module.linux_common.cwagent_id}' | sudo tee -a /opt/aws/amazon-cloudwatch-agent/etc/env-config", - "echo 'export RUN_IN_AWS=false' | sudo tee -a /etc/environment", - "echo 'export INSTANCE_ID=${module.linux_common.cwagent_id}' | sudo tee -a /etc/environment", - var.install_agent, - ] - } - - depends_on = [ - module.linux_common, - null_resource.download_test_repo_and_vendor_from_s3, - ] -} - -# Download vendor directory and cloned test repo from S3 for CN region tests -resource "null_resource" "download_test_repo_and_vendor_from_s3" { - # set to only run in CN region - count = startswith(var.region, "cn-") ? 1 : 0 - - connection { - type = "ssh" - user = var.user - private_key = module.linux_common.private_key_content - host = module.linux_common.cwagent_public_ip - } - provisioner "remote-exec" { - inline = [ - "echo Downloading cloned test repo from S3...", - "aws s3 cp s3://${var.s3_bucket}/integration-test/cloudwatch-agent-test-repo/${var.cwa_github_sha}.tar.gz ./amazon-cloudwatch-agent-test.tar.gz --quiet", - "mkdir amazon-cloudwatch-agent-test", - "tar -xzf amazon-cloudwatch-agent-test.tar.gz -C amazon-cloudwatch-agent-test", - "cd amazon-cloudwatch-agent-test", - "export GO111MODULE=on", - "export GOFLAGS=-mod=vendor", - "echo 'Vendor directory copied from S3'" - ] - } - - depends_on = [ - module.linux_common, - ] -} - -module "amp" { - count = length(regexall("/amp", var.test_dir)) > 0 ? 1 : 0 - source = "terraform-aws-modules/managed-service-prometheus/aws" - workspace_alias = "cwagent-integ-test-${module.linux_common.testing_id}" - retention_period_in_days = 7 - limits_per_label_set = [] -} - -resource "null_resource" "integration_test_run" { - connection { - type = "ssh" - user = var.user - private_key = module.linux_common.private_key_content - host = module.linux_common.cwagent_public_ip - } - - provisioner "remote-exec" { - inline = concat( - [ - "echo Preparing environment...", - "sudo yum install amazon-cloudwatch-agent -y", - ], - - # SELinux test setup (if enabled) - var.is_selinux_test ? [ - "echo Running SELinux test setup...", - "sudo yum install selinux-policy selinux-policy-targeted policycoreutils-python-utils selinux-policy-devel -y", - "sudo setenforce 1", - "echo below is either Permissive/Enforcing", - "sudo getenforce", - "sudo rm -r amazon-cloudwatch-agent-selinux", - "git clone --branch ${var.selinux_branch} https://github.com/aws/amazon-cloudwatch-agent-selinux.git", - "cd amazon-cloudwatch-agent-selinux", - "cat amazon_cloudwatch_agent.te", - "chmod +x ./amazon_cloudwatch_agent.sh", - "sudo ./amazon_cloudwatch_agent.sh -y", - ] : [ - "echo SELinux test not enabled" - ], - - # General testing setup - [ - "export LOCAL_STACK_HOST_NAME=${var.local_stack_host_name}", - "export AWS_REGION=${var.region}", - "export RUN_IN_AWS=false", - "export AWS_EC2_METADATA_DISABLED=true", - "export AWS_PROFILE=default", - "export AWS_SHARED_CREDENTIALS_FILE=~/.aws/credentials", - "export AWS_CONFIG_FILE=~/.aws/config", - "export PATH=$PATH:/snap/bin:/usr/local/go/bin", - "echo Running integration test...", - "cd ~/amazon-cloudwatch-agent-test", - "nohup bash -c 'while true; do sudo shutdown -c; sleep 30; done' >/dev/null 2>&1 &", - "echo 'Environment variables for test:'", - "echo 'AWS_REGION='$AWS_REGION", - "echo 'RUN_IN_AWS='$RUN_IN_AWS", - "echo 'AWS_EC2_METADATA_DISABLED='$AWS_EC2_METADATA_DISABLED", - "echo 'AWS_PROFILE='$AWS_PROFILE", - "echo 'Instance ID parameter: ${module.linux_common.cwagent_id}'", - "echo 'Agent start command: ${var.agent_start}'", - "echo 'Testing AWS credentials:'", - "aws sts get-caller-identity || echo 'AWS credentials test failed'", - "echo 'Testing agent credentials:'", - "sudo aws sts get-caller-identity || echo 'Agent credentials test failed'", - local.pre_test_setup_cmd, - var.pre_test_setup, - # Integration test execution - "go test ${var.test_dir} -p 1 -timeout 1h -computeType=EC2 -bucket=${var.s3_bucket} -plugins='${var.plugin_tests}' -excludedTests='${var.excluded_tests}' -cwaCommitSha=${var.cwa_github_sha} -caCertPath=${var.ca_cert_path} -proxyUrl=${module.linux_common.proxy_instance_proxy_ip} -instanceId=${module.linux_common.cwagent_id} -agentStartCommand='${var.agent_start}' ${length(regexall("/amp", var.test_dir)) > 0 ? "-ampWorkspaceId=${module.amp[0].workspace_id} " : ""}-v" - ], - ) - } - - depends_on = [ - null_resource.integration_test_setup, - null_resource.download_test_repo_and_vendor_from_s3, - module.reboot_common, - ] -} \ No newline at end of file diff --git a/terraform/ec2/linux_onprem/providers.tf b/terraform/ec2/linux_onprem/providers.tf deleted file mode 100644 index d8a1f722b..000000000 --- a/terraform/ec2/linux_onprem/providers.tf +++ /dev/null @@ -1,6 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: MIT - -provider "aws" { - region = var.region -} \ No newline at end of file diff --git a/terraform/ec2/linux_onprem/variables.tf b/terraform/ec2/linux_onprem/variables.tf deleted file mode 100644 index d31d1a1e0..000000000 --- a/terraform/ec2/linux_onprem/variables.tf +++ /dev/null @@ -1,130 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: MIT - -variable "region" { - type = string - default = "us-west-2" -} - -variable "ec2_instance_type" { - type = string - default = "t3a.medium" -} - -variable "ssh_key_name" { - type = string - default = "" -} - -variable "ami" { - type = string - default = "cloudwatch-agent-integration-test-ubuntu*" -} - -variable "ssh_key_value" { - type = string - default = "" -} - -variable "user" { - type = string - default = "ubuntu" -} - -variable "install_agent" { - description = "go run ./install/install_agent.go deb or go run ./install/install_agent.go rpm" - type = string - default = "go run ./install/install_agent.go deb" -} - -variable "ca_cert_path" { - type = string - default = "" -} - -variable "arc" { - type = string - default = "amd64" - - validation { - condition = contains(["amd64", "arm64"], var.arc) - error_message = "Valid values for arc are (amd64, arm64)." - } -} - -variable "binary_name" { - type = string - default = "" -} - -variable "local_stack_host_name" { - type = string - default = "localhost.localstack.cloud" -} - -variable "is_selinux_test" { - type = bool - default = false -} - -variable "s3_bucket" { - type = string - default = "" -} - -variable "test_name" { - type = string - default = "" -} - -variable "test_dir" { - type = string - default = "" -} - -variable "selinux_branch" { - type = string - default = "main" -} - -variable "cwa_github_sha" { - type = string - default = "" -} - -variable "github_test_repo" { - type = string - default = "https://github.com/aws/amazon-cloudwatch-agent-test.git" -} - -variable "github_test_repo_branch" { - type = string - default = "main" -} - -variable "is_canary" { - type = bool - default = false -} - -variable "plugin_tests" { - type = string - default = "" -} - - -variable "excluded_tests" { - type = string - default = "" -} - -variable "pre_test_setup" { - type = string - default = "echo no pre-test setup" -} - -variable "agent_start" { - description = "default command is for onprem with linux" - type = string - default = "sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m onPremise -s -c " -} \ No newline at end of file From ae8ee737be282e6e00e56db55698cc41ff033047 Mon Sep 17 00:00:00 2001 From: Hyunsoo Kim Date: Tue, 16 Dec 2025 16:31:57 +0000 Subject: [PATCH 11/13] clean up --- .../ec2_linux_onprem_test_matrix.json | 26 +++++------------ generator/test_case_generator.go | 28 ++++--------------- .../metrics_number_dimension_test.go | 7 +---- 3 files changed, 14 insertions(+), 47 deletions(-) diff --git a/generator/resources/ec2_linux_onprem_test_matrix.json b/generator/resources/ec2_linux_onprem_test_matrix.json index 272e1d2a9..fa86860dc 100644 --- a/generator/resources/ec2_linux_onprem_test_matrix.json +++ b/generator/resources/ec2_linux_onprem_test_matrix.json @@ -1,22 +1,10 @@ [ { - "os": "ubuntu-22.04", - "username": "ubuntu", - "instanceType":"t3a.medium", - "installAgentCommand": "go run ./install/install_agent.go deb", - "ami": "cloudwatch-agent-integration-test-ubuntu-LTS-22*", - "caCertPath": "/etc/ssl/certs/ca-certificates.crt", - "arc": "amd64", - "binaryName": "amazon-cloudwatch-agent.deb", - "family": "linux", - "agentStartCommand": "sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m onPremise -s -c " - }, - { - "os": "ubuntu-24", + "os": "ubuntu-25", "username": "ubuntu", "instanceType":"t3a.medium", "installAgentCommand": "go run ./install/install_agent.go deb", - "ami": "cloudwatch-agent-integration-test-ubuntu-24*", + "ami": "cloudwatch-agent-integration-test-ubuntu-25*", "caCertPath": "/etc/ssl/certs/ca-certificates.crt", "arc": "amd64", "binaryName": "amazon-cloudwatch-agent.deb", @@ -24,13 +12,13 @@ "agentStartCommand": "sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m onPremise -s -c " }, { - "os": "ubuntu-25", - "username": "ubuntu", - "instanceType":"t3a.medium", + "os": "debian-12", + "username": "admin", + "instanceType": "c6g.large", "installAgentCommand": "go run ./install/install_agent.go deb", - "ami": "cloudwatch-agent-integration-test-ubuntu-25*", + "ami": "cloudwatch-agent-integration-test-debian-12-arm64*", "caCertPath": "/etc/ssl/certs/ca-certificates.crt", - "arc": "amd64", + "arc": "arm64", "binaryName": "amazon-cloudwatch-agent.deb", "family": "linux", "agentStartCommand": "sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m onPremise -s -c " diff --git a/generator/test_case_generator.go b/generator/test_case_generator.go index 0cd3ef141..2cdbef074 100644 --- a/generator/test_case_generator.go +++ b/generator/test_case_generator.go @@ -81,12 +81,12 @@ var testTypeToTestConfig = map[string][]testConfig{ {testDir: "./test/cloudwatchlogs"}, }, testTypeKeyEc2Linux: { - // {testDir: "./test/ca_bundle"}, - // {testDir: "./test/cloudwatchlogs"}, - // { - // testDir: "./test/log_state/logfile", - // targets: map[string]map[string]struct{}{"os": {"al2": {}}}, - // }, + {testDir: "./test/ca_bundle"}, + {testDir: "./test/cloudwatchlogs"}, + { + testDir: "./test/log_state/logfile", + targets: map[string]map[string]struct{}{"os": {"al2": {}}}, + }, { testDir: "./test/metrics_number_dimension", targets: map[string]map[string]struct{}{"os": {"al2": {}}}, @@ -432,22 +432,6 @@ var partitionTests = map[string]partition{ }, } -func copyAllEC2LinuxTestForOnpremTesting() { - /* Some tests need to be fixed in order to run in both environment, so for now for PoC, run one that works. - testTypeToTestConfig["ec2_linux_onprem"] = testTypeToTestConfig[testTypeKeyEc2Linux] - */ - testTypeToTestConfig["ec2_linux_onprem"] = []testConfig{ - { - testDir: "./test/cloudwatchlogs", - targets: map[string]map[string]struct{}{"os": {"al2": {}}}, - }, - { - testDir: "./test/metrics_number_dimension", - targets: map[string]map[string]struct{}{"os": {"al2": {}}}, - }, - } -} - func main() { useE2E := flag.Bool("e2e", false, "Use e2e test matrix generation") flag.Parse() diff --git a/test/metrics_number_dimension/metrics_number_dimension_test.go b/test/metrics_number_dimension/metrics_number_dimension_test.go index 9897eb875..c05e21256 100644 --- a/test/metrics_number_dimension/metrics_number_dimension_test.go +++ b/test/metrics_number_dimension/metrics_number_dimension_test.go @@ -105,12 +105,7 @@ func buildDimensionFilterList(appendDimension int) []types.DimensionFilter { // we append dimension from 0 to max number - 2 // then we add dimension instance id // thus for max dimension 10, 0 to 8 + instance id = 10 dimension - env := environment.GetEnvironmentMetaData() - ec2InstanceId := env.InstanceId - if ec2InstanceId == "" { - // Fallback to IMDS if not provided via command line (for backward compatibility) - ec2InstanceId = awsservice.GetInstanceId() - } + ec2InstanceId := awsservice.GetInstanceId() dimensionFilter := make([]types.DimensionFilter, appendDimension) for i := 0; i < appendDimension-1; i++ { dimensionFilter[i] = types.DimensionFilter{ From 2effcbf682daae2a78848e840be45482ccf4d616 Mon Sep 17 00:00:00 2001 From: Hyunsoo Kim Date: Tue, 16 Dec 2025 16:35:09 +0000 Subject: [PATCH 12/13] use configured user for creds file path --- terraform/ec2/linux/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/ec2/linux/main.tf b/terraform/ec2/linux/main.tf index 4820fc4b2..7dcbe464d 100644 --- a/terraform/ec2/linux/main.tf +++ b/terraform/ec2/linux/main.tf @@ -95,7 +95,7 @@ resource "null_resource" "integration_test_setup" { "echo waiting for IMDS to be fully disabled", "sleep 10", "sudo mkdir -p /opt/aws/amazon-cloudwatch-agent/etc", - "printf '[credentials]\\n shared_credential_profile = \"default\"\\n shared_credential_file = \"/home/ubuntu/.aws/credentials\"\\n' | sudo tee /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml>/dev/null", + "printf '[credentials]\\n shared_credential_profile = \"default\"\\n shared_credential_file = \"/home/${var.user}/.aws/credentials\"\\n' | sudo tee /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml>/dev/null", "echo setting environment variables for agent", "echo 'RUN_IN_AWS=false' | sudo tee -a /opt/aws/amazon-cloudwatch-agent/etc/env-config", "echo 'INSTANCE_ID=${module.linux_common.cwagent_id}' | sudo tee -a /opt/aws/amazon-cloudwatch-agent/etc/env-config", From 8589d8e158627cddbb3c5fd976dc9eaca3af2054 Mon Sep 17 00:00:00 2001 From: Hyunsoo Kim Date: Tue, 16 Dec 2025 16:37:09 +0000 Subject: [PATCH 13/13] fmt --- terraform/ec2/linux/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/ec2/linux/main.tf b/terraform/ec2/linux/main.tf index 7dcbe464d..6d88a5b96 100644 --- a/terraform/ec2/linux/main.tf +++ b/terraform/ec2/linux/main.tf @@ -215,7 +215,7 @@ resource "null_resource" "integration_test_run" { "echo 'Testing agent credentials:'", "sudo aws sts get-caller-identity || echo 'Agent credentials test failed'", "echo 'Pre-test setup: Replacing {instance_id} and $${aws:InstanceId} placeholders in test resource configs'; find . -path '${var.test_dir}/resources/*.json' -exec sed -i 's/{instance_id}/${module.linux_common.cwagent_id}/g' {} \\; -exec sed -i 's/$${aws:InstanceId}/${module.linux_common.cwagent_id}/g' {} \\; && echo 'Updated all config files in resources directories'" - ] : [ + ] : [ "echo Running sanity test...", "go test ./test/sanity -p 1 -v", ],