Cherry pick - release 1.2: Iotedge check proxy-settings (#5581) (#5927)

* Iotedge check proxy-settings (#5581) * proxy settings scaffolding * Implement proxy settings tests * First version of proxy settings check * Proxy check logic * Proxy settings check logic * Update tests to mock systemd env settings * Update tests + check for matching proxy values * Remove trailing whitespaces * Fix clippy issues * cargo fmt * Refactor bools into enums * fix style issues * More style fixes * Add Identity service check * Change the error status to warning * cargo fmt * Fix clippy * Fix clippy * Fix clippy * Fix clippy
Azure · Dec 13, 2021 · 4983128 · 4983128
1 parent 27a14d8
commit 4983128
Show file tree

Hide file tree

Showing 5 changed files with 417 additions and 1 deletion.
diff --git a/edgelet/edgelet-docker/test/linux/config.d/empty.toml b/edgelet/edgelet-docker/test/linux/config.d/empty.toml
@@ -0,0 +1,5 @@
+# /etc/aziot/edged/config.d might not be available for all users (e.g. permissions issues).
+# To prevent tests from failing when trying to access /etc/aziot/edged/config.d, we will use
+# this directory as AZIOT_EDGED_CONFIG_DIR.
+
+# Git doesn't allow empty directories to be committed, so add this empty config file.
diff --git a/edgelet/edgelet-docker/test/linux/sample_settings_with_proxy_uri.toml b/edgelet/edgelet-docker/test/linux/sample_settings_with_proxy_uri.toml
@@ -0,0 +1,29 @@
+hostname = "localhost"
+homedir = "/tmp"
+
+[agent]
+name = "edgeAgent"
+type = "docker"
+
+[agent.config]
+image = "microsoft/azureiotedge-agent:1.0"
+
+[agent.env]
+abc = "value1"
+acd = "value2"
+https_proxy = "https://config:123"
+
+[connect]
+workload_uri = "http://localhost:8081"
+management_uri = "http://localhost:8080"
+
+[listen]
+workload_uri = "http://0.0.0.0:8081"
+management_uri = "http://0.0.0.0:8080"
+
+[watchdog]
+max_retries = 3
+
+[moby_runtime]
+uri = "http://localhost:2375"
+network = "azure-iot-edge"
diff --git a/edgelet/iotedge/src/check/checks/mod.rs b/edgelet/iotedge/src/check/checks/mod.rs
@@ -9,6 +9,7 @@ mod container_engine_logrotate;
 mod container_local_time;
 mod container_resolve_parent_hostname;
 mod parent_hostname;
+mod proxy_settings;
 mod storage_mounted_from_host;
 mod up_to_date_config;
 mod well_formed_config;
@@ -24,6 +25,7 @@ pub(crate) use self::container_engine_logrotate::ContainerEngineLogrotate;
 pub(crate) use self::container_local_time::ContainerLocalTime;
 pub(crate) use self::container_resolve_parent_hostname::ContainerResolveParentHostname;
 pub(crate) use self::parent_hostname::ParentHostname;
+pub(crate) use self::proxy_settings::ProxySettings;
 pub(crate) use self::storage_mounted_from_host::{EdgeAgentStorageMounted, EdgeHubStorageMounted};
 pub(crate) use self::up_to_date_config::UpToDateConfig;
 pub(crate) use self::well_formed_config::WellFormedConfig;
@@ -90,6 +92,7 @@ pub(crate) fn built_in_checks() -> [(&'static str, Vec<Box<dyn Checker>>); 2] {
  Box::new(EdgeAgentStorageMounted::default()),
  Box::new(EdgeHubStorageMounted::default()),
  Box::new(CheckAgentImage::default()),
+ Box::new(ProxySettings::default()),
  ],
  ),
  ("Connectivity checks", {

diff --git a/edgelet/iotedge/src/check/checks/proxy_settings.rs b/edgelet/iotedge/src/check/checks/proxy_settings.rs
@@ -0,0 +1,71 @@
+use failure::{self, Context};
+
+use crate::check::{Check, CheckResult, Checker};
+
+#[derive(Default, serde_derive::Serialize)]
+pub(crate) struct ProxySettings {}
+
+impl Checker for ProxySettings {
+ fn id(&self) -> &'static str {
+ "proxy-settings"
+ }
+ fn description(&self) -> &'static str {
+ "proxy settings are consistent in aziot-edged, aziot-identityd, moby daemon and config.toml"
+ }
+ fn execute(&mut self, check: &mut Check, _: &mut tokio::runtime::Runtime) -> CheckResult {
+ Self::inner_execute(check).unwrap_or_else(CheckResult::Failed)
+ }
+ fn get_json(&self) -> serde_json::Value {
+ serde_json::to_value(self).unwrap()
+ }
+}
+
+impl ProxySettings {
+ fn inner_execute(check: &mut Check) -> Result<CheckResult, failure::Error> {
+ let settings = if let Some(settings) = &mut check.settings {
+ settings
+ } else {
+ return Ok(CheckResult::Skipped);
+ };
+
+ // Pull the proxy address from the aziot-edged settings
+ // for Edge Agent's environment variables.
+ let edge_agent_proxy_uri = match settings.base.agent.env().get("https_proxy") {
+ Some(edge_agent_proxy_uri) => edge_agent_proxy_uri.clone(),
+ None => "".into(),
+ };
+
+ // Pull local service env variables for Moby, Identity Daemon and Edge Daemon
+ let moby_proxy_uri = match check.docker_proxy.clone() {
+ Some(moby_proxy_uri) => moby_proxy_uri,
+ None => "".into(),
+ };
+
+ let edge_daemon_proxy_uri = match check.aziot_edge_proxy.clone() {
+ Some(edge_daemon_proxy_uri) => edge_daemon_proxy_uri,
+ None => "".into(),
+ };
+
+ let identity_daemon_proxy_uri = match check.aziot_identity_proxy.clone() {
+ Some(identity_daemon_proxy_uri) => identity_daemon_proxy_uri,
+ None => "".into(),
+ };
+
+ if edge_agent_proxy_uri.eq(&moby_proxy_uri)
+ && edge_agent_proxy_uri.eq(&edge_daemon_proxy_uri)
+ && edge_agent_proxy_uri.eq(&identity_daemon_proxy_uri)
+ {
+ Ok(CheckResult::Ok)
+ } else {
+ Ok(CheckResult::Warning(Context::new(
+ format!(
+ "The proxy setting for IoT Edge Agent {:?}, IoT Edge Daemon {:?}, IoT Identity Daemon {:?}, and Moby {:?} may need to be identical.",
+ edge_agent_proxy_uri,
+ edge_daemon_proxy_uri,
+ identity_daemon_proxy_uri,
+ moby_proxy_uri
+ )
+ ).into()))
+ }
+ }
+}