diff --git a/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/acs/session/attach_resource_responder.go b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/acs/session/attach_resource_responder.go index 4cd0bbdb205..f7785d5a87f 100644 --- a/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/acs/session/attach_resource_responder.go +++ b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/acs/session/attach_resource_responder.go @@ -202,6 +202,10 @@ func validateAttachmentAndReturnProperties(message *ecsacs.ConfirmAttachmentMess if err != nil { return nil, errors.Wrap(err, "resource attachment validation by attachment type failed") } + err = resource.ValidateFileSystemType(attachmentProperties[resource.FileSystemKey]) + if err != nil { + return nil, errors.Wrap(err, "resource attachment validation by attachment type failed") + } return attachmentProperties, nil } diff --git a/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/api/resource/ebs_discovery_linux.go b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/api/resource/ebs_discovery_linux.go index 9c0ff0860f3..54ab90049e6 100644 --- a/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/api/resource/ebs_discovery_linux.go +++ b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/api/resource/ebs_discovery_linux.go @@ -23,6 +23,8 @@ import ( "os/exec" "path/filepath" "strings" + + "github.com/aws/amazon-ecs-agent/ecs-agent/logger" ) // LsblkOutput is used to manage and track the output of `lsblk` @@ -50,6 +52,7 @@ func (api *EBSDiscoveryClient) ConfirmEBSVolumeIsAttached(deviceName, volumeID s err = fmt.Errorf("%w; failed to run lsblk %v", err, string(output)) return "", err } + // logger.Debug(fmt.Sprintf("lsblk output: %s", string(output))) err = json.Unmarshal(output, &lsblkOut) if err != nil { err = fmt.Errorf("%w; failed to unmarshal string: %v", err, string(output)) diff --git a/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/api/resource/resource_attachment.go b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/api/resource/resource_attachment.go index 39217718075..a9bccbfd8e6 100644 --- a/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/api/resource/resource_attachment.go +++ b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/api/resource/resource_attachment.go @@ -74,6 +74,16 @@ const ( FileSystemKey = "fileSystem" ) +var ( + AllowedFSTypes = map[string]bool{ + "xfs": true, + "ext2": true, + "ext3": true, + "ext4": true, + "ntfs": true, + } +) + // getCommonProperties returns the common properties as used for validating a resource. func getCommonProperties() (commonProperties []string) { commonProperties = []string{ diff --git a/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/api/resource/resource_validation.go b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/api/resource/resource_validation.go index e0b11b1463c..7ae8268dd84 100644 --- a/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/api/resource/resource_validation.go +++ b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/api/resource/resource_validation.go @@ -71,3 +71,10 @@ func ValidateRequiredProperties(actualProperties map[string]string, requiredProp } return nil } + +func ValidateFileSystemType(filesystemType string) error { + if !AllowedFSTypes[filesystemType] { + return errors.Errorf("invalid file system type: %s", filesystemType) + } + return nil +} diff --git a/ecs-agent/acs/session/attach_resource_responder.go b/ecs-agent/acs/session/attach_resource_responder.go index 4cd0bbdb205..f7785d5a87f 100644 --- a/ecs-agent/acs/session/attach_resource_responder.go +++ b/ecs-agent/acs/session/attach_resource_responder.go @@ -202,6 +202,10 @@ func validateAttachmentAndReturnProperties(message *ecsacs.ConfirmAttachmentMess if err != nil { return nil, errors.Wrap(err, "resource attachment validation by attachment type failed") } + err = resource.ValidateFileSystemType(attachmentProperties[resource.FileSystemKey]) + if err != nil { + return nil, errors.Wrap(err, "resource attachment validation by attachment type failed") + } return attachmentProperties, nil } diff --git a/ecs-agent/acs/session/attach_resource_responder_test.go b/ecs-agent/acs/session/attach_resource_responder_test.go index d269846eb7b..b8cefabb089 100644 --- a/ecs-agent/acs/session/attach_resource_responder_test.go +++ b/ecs-agent/acs/session/attach_resource_responder_test.go @@ -59,6 +59,10 @@ var ( Name: aws.String(resource.DeviceNameKey), Value: aws.String("device1"), }, + { + Name: aws.String(resource.FileSystemKey), + Value: aws.String(""), + }, } testAttachmentProperties = []*ecsacs.AttachmentProperty{ @@ -202,12 +206,6 @@ func testValidateAttachmentAndReturnPropertiesWithAttachmentType(t *testing.T) { _, err := validateAttachmentAndReturnProperties(&confirmAttachmentMessageCopy) require.Error(t, err) property.Name = originalPropertyName - - originalPropertyValue := property.Value - property.Value = aws.String("") - _, err = validateAttachmentAndReturnProperties(&confirmAttachmentMessageCopy) - require.Error(t, err) - property.Value = originalPropertyValue }) } @@ -244,6 +242,23 @@ func testValidateAttachmentAndReturnPropertiesWithAttachmentType(t *testing.T) { } require.True(t, verified, "Missing required property: %s", requiredProperty) } + + for _, property := range confirmAttachmentMessageCopy.Attachment.AttachmentProperties { + if aws.StringValue(property.Name) == resource.FileSystemKey { + originalPropertyValue := property.Value + property.Value = aws.String("SomeFilesystemType") + _, err = validateAttachmentAndReturnProperties(&confirmAttachmentMessageCopy) + require.Error(t, err) + property.Value = originalPropertyValue + + originalPropertyValue = property.Value + property.Value = aws.String("") + _, err = validateAttachmentAndReturnProperties(&confirmAttachmentMessageCopy) + require.Error(t, err) + property.Value = originalPropertyValue + } + } + } // TestResourceAckHappyPath tests the happy path for a typical ConfirmAttachmentMessage and confirms expected diff --git a/ecs-agent/api/resource/ebs_discovery_linux.go b/ecs-agent/api/resource/ebs_discovery_linux.go index cc0da1fe7fd..54ab90049e6 100644 --- a/ecs-agent/api/resource/ebs_discovery_linux.go +++ b/ecs-agent/api/resource/ebs_discovery_linux.go @@ -52,7 +52,7 @@ func (api *EBSDiscoveryClient) ConfirmEBSVolumeIsAttached(deviceName, volumeID s err = fmt.Errorf("%w; failed to run lsblk %v", err, string(output)) return "", err } - logger.Debug(fmt.Sprintf("lsblk output: %s", string(output))) + // logger.Debug(fmt.Sprintf("lsblk output: %s", string(output))) err = json.Unmarshal(output, &lsblkOut) if err != nil { err = fmt.Errorf("%w; failed to unmarshal string: %v", err, string(output)) diff --git a/ecs-agent/api/resource/resource_attachment.go b/ecs-agent/api/resource/resource_attachment.go index 39217718075..a9bccbfd8e6 100644 --- a/ecs-agent/api/resource/resource_attachment.go +++ b/ecs-agent/api/resource/resource_attachment.go @@ -74,6 +74,16 @@ const ( FileSystemKey = "fileSystem" ) +var ( + AllowedFSTypes = map[string]bool{ + "xfs": true, + "ext2": true, + "ext3": true, + "ext4": true, + "ntfs": true, + } +) + // getCommonProperties returns the common properties as used for validating a resource. func getCommonProperties() (commonProperties []string) { commonProperties = []string{ diff --git a/ecs-agent/api/resource/resource_validation.go b/ecs-agent/api/resource/resource_validation.go index e0b11b1463c..7ae8268dd84 100644 --- a/ecs-agent/api/resource/resource_validation.go +++ b/ecs-agent/api/resource/resource_validation.go @@ -71,3 +71,10 @@ func ValidateRequiredProperties(actualProperties map[string]string, requiredProp } return nil } + +func ValidateFileSystemType(filesystemType string) error { + if !AllowedFSTypes[filesystemType] { + return errors.Errorf("invalid file system type: %s", filesystemType) + } + return nil +}