From 5f9fafd828f27283eb285b4850f19a9ff1a01583 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Thu, 17 Sep 2020 11:40:26 -0600 Subject: [PATCH] Cherry-pick #21101 to 7.9: Fix index out of range error when getting AWS account name (#21144) * Fix index out of range error when getting AWS account name (#21101) (cherry picked from commit 568fbff61742d82b185bf37b3333077bbc2855bd) --- CHANGELOG.next.asciidoc | 1 + x-pack/metricbeat/module/aws/aws.go | 49 ++++++++++++++++++----------- 2 files changed, 31 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 9586d3fa84f..0b799cb12be 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -102,6 +102,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix overflow on Prometheus rates when new buckets are added on the go. {pull}17753[17753] - Add a switch to the driver definition on SQL module to use pretty names {pull}17378[17378] - The `elasticsearch/index` metricset only requests wildcard expansion for hidden indices if the monitored Elasticsearch cluster supports it. {pull}20938[20938] +- Fix panic index out of range error when getting AWS account name. {pull}21101[21101] {issue}21095[21095] - Handle missing counters in the application_pool metricset. {pull}21071[21071] *Packetbeat* diff --git a/x-pack/metricbeat/module/aws/aws.go b/x-pack/metricbeat/module/aws/aws.go index 1d7b059a2df..ad7be48ec77 100644 --- a/x-pack/metricbeat/module/aws/aws.go +++ b/x-pack/metricbeat/module/aws/aws.go @@ -12,6 +12,7 @@ import ( "github.com/aws/aws-sdk-go-v2/service/ec2" "github.com/aws/aws-sdk-go-v2/service/ec2/ec2iface" "github.com/aws/aws-sdk-go-v2/service/iam" + "github.com/aws/aws-sdk-go-v2/service/iam/iamiface" "github.com/aws/aws-sdk-go-v2/service/rds" "github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi" "github.com/aws/aws-sdk-go-v2/service/sts" @@ -104,25 +105,6 @@ func NewMetricSet(base mb.BaseMetricSet) (*MetricSet, error) { awsConfig.Region = "us-east-1" } - svcIam := iam.New(awscommon.EnrichAWSConfigWithEndpoint( - config.AWSConfig.Endpoint, "iam", "", awsConfig)) - req := svcIam.ListAccountAliasesRequest(&iam.ListAccountAliasesInput{}) - output, err := req.Send(context.TODO()) - if err != nil { - base.Logger().Warn("failed to list account aliases, please check permission setting: ", err) - metricSet.AccountName = metricSet.AccountID - } else { - // When there is no account alias, account ID will be used as cloud.account.name - if len(output.AccountAliases) == 0 { - metricSet.AccountName = metricSet.AccountID - } - - // There can be more than one aliases for each account, for now we are only - // collecting the first one. - metricSet.AccountName = output.AccountAliases[0] - base.Logger().Debug("AWS Credentials belong to account name: ", metricSet.AccountName) - } - // Get IAM account id svcSts := sts.New(awscommon.EnrichAWSConfigWithEndpoint( config.AWSConfig.Endpoint, "sts", "", awsConfig)) @@ -135,6 +117,11 @@ func NewMetricSet(base mb.BaseMetricSet) (*MetricSet, error) { base.Logger().Debug("AWS Credentials belong to account ID: ", metricSet.AccountID) } + // Get account name/alias + svcIam := iam.New(awscommon.EnrichAWSConfigWithEndpoint( + config.AWSConfig.Endpoint, "iam", "", awsConfig)) + metricSet.AccountName = getAccountName(svcIam, base, metricSet) + // Construct MetricSet with a full regions list if config.Regions == nil { svcEC2 := ec2.New(awscommon.EnrichAWSConfigWithEndpoint( @@ -169,6 +156,30 @@ func getRegions(svc ec2iface.ClientAPI) (completeRegionsList []string, err error return } +func getAccountName(svc iamiface.ClientAPI, base mb.BaseMetricSet, metricSet MetricSet) string { + req := svc.ListAccountAliasesRequest(&iam.ListAccountAliasesInput{}) + output, err := req.Send(context.TODO()) + + accountName := metricSet.AccountID + if err != nil { + base.Logger().Warn("failed to list account aliases, please check permission setting: ", err) + return accountName + } + + // When there is no account alias, account ID will be used as cloud.account.name + if len(output.AccountAliases) == 0 { + accountName = metricSet.AccountID + base.Logger().Debug("AWS Credentials belong to account ID: ", metricSet.AccountID) + return accountName + } + + // There can be more than one aliases for each account, for now we are only + // collecting the first one. + accountName = output.AccountAliases[0] + base.Logger().Debug("AWS Credentials belong to account name: ", metricSet.AccountName) + return accountName +} + // StringInSlice checks if a string is already exists in list and its location func StringInSlice(str string, list []string) (bool, int) { for idx, v := range list {