From 568fbff61742d82b185bf37b3333077bbc2855bd Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Thu, 17 Sep 2020 09:42:31 -0600 Subject: [PATCH] Fix index out of range error when getting AWS account name (#21101) * Fix index out of range error when getting AWS account name --- CHANGELOG.next.asciidoc | 1 + x-pack/metricbeat/module/aws/aws.go | 49 ++++++++++++++++++----------- 2 files changed, 31 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 70a269be6a0f..ea288f1c2f37 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -342,6 +342,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Update fields.yml in the azure module, missing metrics field. {pull}20918[20918] - The `elasticsearch/index` metricset only requests wildcard expansion for hidden indices if the monitored Elasticsearch cluster supports it. {pull}20938[20938] - Disable Kafka metricsets based on Jolokia by default. They require a different configuration. {pull}20989[20989] +- Fix panic index out of range error when getting AWS account name. {pull}21101[21101] {issue}21095[21095] - Handle missing counters in the application_pool metricset. {pull}21071[21071] *Packetbeat* diff --git a/x-pack/metricbeat/module/aws/aws.go b/x-pack/metricbeat/module/aws/aws.go index a49e04c010b3..f7b744c27cba 100644 --- a/x-pack/metricbeat/module/aws/aws.go +++ b/x-pack/metricbeat/module/aws/aws.go @@ -12,6 +12,7 @@ import ( "github.com/aws/aws-sdk-go-v2/service/ec2" "github.com/aws/aws-sdk-go-v2/service/ec2/ec2iface" "github.com/aws/aws-sdk-go-v2/service/iam" + "github.com/aws/aws-sdk-go-v2/service/iam/iamiface" "github.com/aws/aws-sdk-go-v2/service/rds" "github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi" "github.com/aws/aws-sdk-go-v2/service/sts" @@ -105,25 +106,6 @@ func NewMetricSet(base mb.BaseMetricSet) (*MetricSet, error) { awsConfig.Region = "us-east-1" } - svcIam := iam.New(awscommon.EnrichAWSConfigWithEndpoint( - config.AWSConfig.Endpoint, "iam", "", awsConfig)) - req := svcIam.ListAccountAliasesRequest(&iam.ListAccountAliasesInput{}) - output, err := req.Send(context.TODO()) - if err != nil { - base.Logger().Warn("failed to list account aliases, please check permission setting: ", err) - metricSet.AccountName = metricSet.AccountID - } else { - // When there is no account alias, account ID will be used as cloud.account.name - if len(output.AccountAliases) == 0 { - metricSet.AccountName = metricSet.AccountID - } - - // There can be more than one aliases for each account, for now we are only - // collecting the first one. - metricSet.AccountName = output.AccountAliases[0] - base.Logger().Debug("AWS Credentials belong to account name: ", metricSet.AccountName) - } - // Get IAM account id svcSts := sts.New(awscommon.EnrichAWSConfigWithEndpoint( config.AWSConfig.Endpoint, "sts", "", awsConfig)) @@ -136,6 +118,11 @@ func NewMetricSet(base mb.BaseMetricSet) (*MetricSet, error) { base.Logger().Debug("AWS Credentials belong to account ID: ", metricSet.AccountID) } + // Get account name/alias + svcIam := iam.New(awscommon.EnrichAWSConfigWithEndpoint( + config.AWSConfig.Endpoint, "iam", "", awsConfig)) + metricSet.AccountName = getAccountName(svcIam, base, metricSet) + // Construct MetricSet with a full regions list if config.Regions == nil { svcEC2 := ec2.New(awscommon.EnrichAWSConfigWithEndpoint( @@ -170,6 +157,30 @@ func getRegions(svc ec2iface.ClientAPI) (completeRegionsList []string, err error return } +func getAccountName(svc iamiface.ClientAPI, base mb.BaseMetricSet, metricSet MetricSet) string { + req := svc.ListAccountAliasesRequest(&iam.ListAccountAliasesInput{}) + output, err := req.Send(context.TODO()) + + accountName := metricSet.AccountID + if err != nil { + base.Logger().Warn("failed to list account aliases, please check permission setting: ", err) + return accountName + } + + // When there is no account alias, account ID will be used as cloud.account.name + if len(output.AccountAliases) == 0 { + accountName = metricSet.AccountID + base.Logger().Debug("AWS Credentials belong to account ID: ", metricSet.AccountID) + return accountName + } + + // There can be more than one aliases for each account, for now we are only + // collecting the first one. + accountName = output.AccountAliases[0] + base.Logger().Debug("AWS Credentials belong to account name: ", metricSet.AccountName) + return accountName +} + // StringInSlice checks if a string is already exists in list and its location func StringInSlice(str string, list []string) (bool, int) { for idx, v := range list {