forked from evergreen-ci/evergreen
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.go
More file actions
1008 lines (904 loc) · 39.7 KB
/
config.go
File metadata and controls
1008 lines (904 loc) · 39.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
package evergreen
import (
"context"
"fmt"
"net/http"
"os"
"reflect"
"strconv"
"time"
"github.com/evergreen-ci/evergreen/cloud/parameterstore"
"github.com/evergreen-ci/evergreen/util"
"github.com/evergreen-ci/utility"
"github.com/mongodb/amboy/logger"
"github.com/mongodb/anser/apm"
"github.com/mongodb/anser/bsonutil"
"github.com/mongodb/grip"
"github.com/mongodb/grip/level"
"github.com/mongodb/grip/message"
"github.com/mongodb/grip/send"
"github.com/pkg/errors"
"go.mongodb.org/mongo-driver/bson"
"go.mongodb.org/mongo-driver/mongo/options"
"go.mongodb.org/mongo-driver/mongo/readconcern"
"go.mongodb.org/mongo-driver/mongo/writeconcern"
"gopkg.in/yaml.v3"
)
var (
// BuildRevision should be specified with -ldflags at build time
BuildRevision = ""
// ClientVersion is the commandline version string used to control updating
// the CLI. The format is the calendar date (YYYY-MM-DD).
ClientVersion = "2026-04-14"
// Agent version to control agent rollover. The format is the calendar date
// (YYYY-MM-DD).
AgentVersion = "2026-04-15b"
)
const (
mongoTimeout = 5 * time.Minute
mongoConnectTimeout = 5 * time.Second
parameterStoreTimeout = 30 * time.Second
)
// ConfigSection defines a sub-document in the evergreen config
// any config sections must also be added to the registry in config_sections.go.
type ConfigSection interface {
// SectionId returns the ID of the section to be used in the database document and struct tag
SectionId() string
// Get populates the section from the DB
Get(context.Context) error
// Set upserts the section document into the DB
Set(context.Context) error
// ValidateAndDefault validates input and sets defaults
ValidateAndDefault() error
}
// Settings contains all configuration settings for running Evergreen. Settings
// with the "id" struct tag should implement the ConfigSection interface.
type Settings struct {
Id string `bson:"_id" json:"id" yaml:"id"`
Amboy AmboyConfig `yaml:"amboy" bson:"amboy" json:"amboy" id:"amboy"`
AmboyDB AmboyDBConfig `yaml:"amboy_db" bson:"amboy_db" json:"amboy_db" id:"amboy_db"`
Api APIConfig `yaml:"api" bson:"api" json:"api" id:"api"`
AuthConfig AuthConfig `yaml:"auth" bson:"auth" json:"auth" id:"auth"`
OktaServiceConfig OktaServiceConfig `yaml:"okta_service" bson:"okta_service" json:"okta_service" id:"okta_service"`
AWSInstanceRole string `yaml:"aws_instance_role" bson:"aws_instance_role" json:"aws_instance_role"`
Banner string `bson:"banner" json:"banner" yaml:"banner"`
BannerTheme BannerTheme `bson:"banner_theme" json:"banner_theme" yaml:"banner_theme"`
Buckets BucketsConfig `bson:"buckets" json:"buckets" yaml:"buckets" id:"buckets"`
Cedar CedarConfig `bson:"cedar" json:"cedar" yaml:"cedar" id:"cedar"`
ConfigDir string `yaml:"configdir" bson:"configdir" json:"configdir"`
ContainerPools ContainerPoolsConfig `yaml:"container_pools" bson:"container_pools" json:"container_pools" id:"container_pools"`
Database DBSettings `yaml:"database" json:"database" bson:"database"`
DebugSpawnHosts DebugSpawnHostsConfig `yaml:"debug_spawn_hosts" bson:"debug_spawn_hosts" json:"debug_spawn_hosts" id:"debug_spawn_hosts"`
Diagnostics DiagnosticsConfig `yaml:"diagnostics" bson:"diagnostics" json:"diagnostics" id:"diagnostics"`
DomainName string `yaml:"domain_name" bson:"domain_name" json:"domain_name"`
Expansions map[string]string `yaml:"expansions" bson:"expansions" json:"expansions" secret:"true"`
ExpansionsNew util.KeyValuePairSlice `yaml:"expansions_new" bson:"expansions_new" json:"expansions_new"`
Cost CostConfig `yaml:"cost" bson:"cost" json:"cost" id:"cost"`
FWS FWSConfig `yaml:"fws" bson:"fws" json:"fws" id:"fws"`
GithubPRCreatorOrg string `yaml:"github_pr_creator_org" bson:"github_pr_creator_org" json:"github_pr_creator_org"`
GitHubCheckRun GitHubCheckRunConfig `yaml:"github_check_run" bson:"github_check_run" json:"github_check_run" id:"github_check_run"`
GithubOrgs []string `yaml:"github_orgs" bson:"github_orgs" json:"github_orgs"`
GithubWebhookSecret string `yaml:"github_webhook_secret" bson:"github_webhook_secret" json:"github_webhook_secret" secret:"true"`
Graphite GraphiteConfig `yaml:"graphite" bson:"graphite" json:"graphite" id:"graphite"`
DisabledGQLQueries []string `yaml:"disabled_gql_queries" bson:"disabled_gql_queries" json:"disabled_gql_queries"`
HostInit HostInitConfig `yaml:"hostinit" bson:"hostinit" json:"hostinit" id:"hostinit"`
HostJasper HostJasperConfig `yaml:"host_jasper" bson:"host_jasper" json:"host_jasper" id:"host_jasper"`
Jira JiraConfig `yaml:"jira" bson:"jira" json:"jira" id:"jira"`
JIRANotifications JIRANotificationsConfig `yaml:"jira_notifications" json:"jira_notifications" bson:"jira_notifications" id:"jira_notifications"`
LoggerConfig LoggerConfig `yaml:"logger_config" bson:"logger_config" json:"logger_config" id:"logger_config"`
LogPath string `yaml:"log_path" bson:"log_path" json:"log_path"`
Notify NotifyConfig `yaml:"notify" bson:"notify" json:"notify" id:"notify"`
// OldestAllowedCLIVersion represents the oldest CLI version that a user can have installed locally. If this field is non-empty, and a user's
// binary is older than this version, their CLI will prompt them to update before they can continue.
OldestAllowedCLIVersion string `yaml:"oldest_allowed_cli_version" bson:"oldest_allowed_cli_version" json:"oldest_allowed_cli_version"`
Overrides OverridesConfig `yaml:"overrides" bson:"overrides" json:"overrides" id:"overrides"`
ParameterStore ParameterStoreConfig `yaml:"parameter_store" bson:"parameter_store" json:"parameter_store" id:"parameter_store"`
PerfMonitoringURL string `yaml:"perf_monitoring_url" bson:"perf_monitoring_url" json:"perf_monitoring_url"`
PerfMonitoringKanopyURL string `yaml:"perf_monitoring_kanopy_url" bson:"perf_monitoring_kanopy_url" json:"perf_monitoring_kanopy_url"`
Plugins PluginConfig `yaml:"plugins" bson:"plugins" json:"plugins"`
PluginsNew util.KeyValuePairSlice `yaml:"plugins_new" bson:"plugins_new" json:"plugins_new"`
PprofPort string `yaml:"pprof_port" bson:"pprof_port" json:"pprof_port"`
ProjectCreation ProjectCreationConfig `yaml:"project_creation" bson:"project_creation" json:"project_creation" id:"project_creation"`
Providers CloudProviders `yaml:"providers" bson:"providers" json:"providers" id:"providers"`
ReleaseMode ReleaseModeConfig `yaml:"release_mode" bson:"release_mode" json:"release_mode" id:"release_mode"`
RepoTracker RepoTrackerConfig `yaml:"repotracker" bson:"repotracker" json:"repotracker" id:"repotracker"`
RuntimeEnvironments RuntimeEnvironmentsConfig `yaml:"runtime_environments" bson:"runtime_environments" json:"runtime_environments" id:"runtime_environments"`
Scheduler SchedulerConfig `yaml:"scheduler" bson:"scheduler" json:"scheduler" id:"scheduler"`
ServiceFlags ServiceFlags `bson:"service_flags" json:"service_flags" id:"service_flags" yaml:"service_flags"`
ShutdownWaitSeconds int `yaml:"shutdown_wait_seconds" bson:"shutdown_wait_seconds" json:"shutdown_wait_seconds"`
SingleTaskDistro SingleTaskDistroConfig `yaml:"single_task_distro" bson:"single_task_distro" json:"single_task_distro" id:"single_task_distro"`
Slack SlackConfig `yaml:"slack" bson:"slack" json:"slack" id:"slack"`
SleepSchedule SleepScheduleConfig `yaml:"sleep_schedule" bson:"sleep_schedule" json:"sleep_schedule" id:"sleep_schedule"`
Spawnhost SpawnHostConfig `yaml:"spawnhost" bson:"spawnhost" json:"spawnhost" id:"spawnhost"`
Splunk SplunkConfig `yaml:"splunk" bson:"splunk" json:"splunk" id:"splunk"`
SSH SSHConfig `yaml:"ssh" bson:"ssh" json:"ssh" id:"ssh"`
TaskLimits TaskLimitsConfig `yaml:"task_limits" bson:"task_limits" json:"task_limits" id:"task_limits"`
TestSelection TestSelectionConfig `yaml:"test_selection" bson:"test_selection" json:"test_selection" id:"test_selection"`
Tracer TracerConfig `yaml:"tracer" bson:"tracer" json:"tracer" id:"tracer"`
Triggers TriggerConfig `yaml:"triggers" bson:"triggers" json:"triggers" id:"triggers"`
Ui UIConfig `yaml:"ui" bson:"ui" json:"ui" id:"ui"`
Sage SageConfig `yaml:"sage" bson:"sage" json:"sage" id:"sage"`
}
func (c *Settings) SectionId() string { return ConfigDocID }
func (c *Settings) Get(ctx context.Context) error {
return getConfigSection(ctx, c)
}
// Set saves the global fields in the configuration (i.e. those that are not
// ConfigSections).
func (c *Settings) Set(ctx context.Context) error {
return errors.Wrapf(setConfigSection(ctx, c.SectionId(), bson.M{
"$set": bson.M{
awsInstanceRoleKey: c.AWSInstanceRole,
bannerKey: c.Banner,
bannerThemeKey: c.BannerTheme,
configDirKey: c.ConfigDir,
domainNameKey: c.DomainName,
expansionsKey: c.Expansions,
expansionsNewKey: c.ExpansionsNew,
githubPRCreatorOrgKey: c.GithubPRCreatorOrg,
githubOrgsKey: c.GithubOrgs,
githubWebhookSecretKey: c.GithubWebhookSecret,
disabledGQLQueriesKey: c.DisabledGQLQueries,
logPathKey: c.LogPath,
oldestAllowedCLIVersionKey: c.OldestAllowedCLIVersion,
perfMonitoringURLKey: c.PerfMonitoringURL,
perfMonitoringKanopyURLKey: c.PerfMonitoringKanopyURL,
pprofPortKey: c.PprofPort,
pluginsKey: c.Plugins,
pluginsNewKey: c.PluginsNew,
splunkKey: c.Splunk,
sshKey: c.SSH,
spawnhostKey: c.Spawnhost,
shutdownWaitKey: c.ShutdownWaitSeconds,
}}), "updating config section '%s'", c.SectionId(),
)
}
func (c *Settings) ValidateAndDefault() error {
var err error
catcher := grip.NewSimpleCatcher()
if c.ConfigDir == "" {
catcher.Add(errors.New("config directory must not be empty"))
}
if len(c.ExpansionsNew) > 0 {
if c.Expansions, err = c.ExpansionsNew.Map(); err != nil {
catcher.Add(errors.Wrap(err, "parsing expansions"))
}
}
// Validate that expansion values are not empty
for key, value := range c.Expansions {
if value == "" {
catcher.Add(errors.Errorf("expansion '%s' cannot have an empty value", key))
}
}
if len(c.PluginsNew) > 0 {
tempPlugins, err := c.PluginsNew.NestedMap()
if err != nil {
catcher.Add(errors.Wrap(err, "parsing plugins"))
}
c.Plugins = map[string]map[string]any{}
for k1, v1 := range tempPlugins {
c.Plugins[k1] = map[string]any{}
for k2, v2 := range v1 {
c.Plugins[k1][k2] = v2
}
}
}
if catcher.HasErrors() {
return catcher.Resolve()
}
if c.LogPath == "" {
c.LogPath = localLoggingOverride
}
if c.ShutdownWaitSeconds < 0 {
c.ShutdownWaitSeconds = DefaultShutdownWaitSeconds
}
return nil
}
// NewSettings builds an in-memory representation of the given settings file.
func NewSettings(filename string) (*Settings, error) {
configData, err := os.ReadFile(filename)
if err != nil {
return nil, err
}
settings := &Settings{}
err = yaml.Unmarshal(configData, settings)
if err != nil {
return nil, err
}
return settings, nil
}
// GetConfig returns the complete Evergreen configuration with overrides applied from
// the [ConfigCollection] collection in the [DB] database. Use [GetRawConfig] to get
// a configuration that doesn't reflect overrides.
func GetConfig(ctx context.Context) (*Settings, error) {
return getSettings(ctx, true, true)
}
// GetRawConfig returns only the raw Evergreen configuration without applying overrides. Use
// [GetConfig] to get a complete configuration that includes overrides from the [DB] database.
// If there is no [SharedDB] there are no overrides and [GetConfig] and [GetRawConfig] are
// functionally equivalent.
func GetRawConfig(ctx context.Context) (*Settings, error) {
return getSettings(ctx, false, true)
}
// GetConfigWithoutSecrets returns the Evergreen configuration without secrets, should
// only be used for logging or displaying settings without sensitive information.
func GetConfigWithoutSecrets(ctx context.Context) (*Settings, error) {
return getSettings(ctx, true, false)
}
func getSettings(ctx context.Context, includeOverrides, includeParameterStore bool) (*Settings, error) {
config := NewConfigSections()
if err := config.populateSections(ctx, includeOverrides); err != nil {
return nil, errors.Wrap(err, "populating sections")
}
catcher := grip.NewSimpleCatcher()
baseConfig := config.Sections[ConfigDocID].(*Settings)
valConfig := reflect.ValueOf(*baseConfig)
//iterate over each field in the config struct
for i := 0; i < valConfig.NumField(); i++ {
// retrieve the 'id' struct tag
sectionId := valConfig.Type().Field(i).Tag.Get("id")
if sectionId == "" { // no 'id' tag means this is a simple field that we can skip
continue
}
// get the property name and find its corresponding section in the registry
propName := valConfig.Type().Field(i).Name
section, ok := config.Sections[sectionId]
if !ok {
catcher.Add(fmt.Errorf("config section '%s' not found in registry", sectionId))
continue
}
// set the value of the section struct to the value of the corresponding field in the config
sectionVal := reflect.ValueOf(section).Elem()
propVal := reflect.ValueOf(baseConfig).Elem().FieldByName(propName)
if !propVal.CanSet() {
catcher.Errorf("unable to set field '%s' in section '%s'", propName, sectionId)
continue
}
propVal.Set(sectionVal)
}
// If we aren't getting secrets for initialization, read secrets from the parameter store.
// If it fails, log the error and ignore changes made from the parameter store.
if includeParameterStore {
paramConfig := baseConfig
paramMgr := GetEnvironment().ParameterManager()
if paramMgr == nil {
grip.Errorf(ctx, "parameter manager is nil, cannot read admin secrets from parameter store")
return baseConfig, nil
}
settingsValue := reflect.ValueOf(paramConfig).Elem()
settingsType := reflect.TypeOf(*paramConfig)
adminCatcher := grip.NewBasicCatcher()
paramCache := map[string]string{}
params, err := paramMgr.Get(ctx, collectSecretPaths(settingsValue, settingsType, "")...)
if ctx.Err() != nil {
return nil, errors.Wrap(ctx.Err(), "context is cancelled, cannot get settings")
} else if err != nil {
grip.Error(ctx, errors.Wrap(err, "getting all admin secrets from parameter store"))
} else {
for _, param := range params {
paramCache[param.Name] = param.Value
}
}
readAdminSecrets(ctx, paramMgr, settingsValue, settingsType, "", paramCache, adminCatcher)
if adminCatcher.HasErrors() && ctx.Err() == nil {
grip.Error(ctx, errors.Wrap(adminCatcher.Resolve(), "reading admin settings in parameter store"))
} else {
baseConfig = paramConfig
}
}
// The context may be cancelled while getting settings.
if ctx.Err() != nil {
return nil, errors.Wrap(ctx.Err(), "context is cancelled, cannot get settings")
}
if catcher.HasErrors() {
return nil, errors.WithStack(catcher.Resolve())
}
return baseConfig, nil
}
func readAdminSecrets(ctx context.Context, paramMgr *parameterstore.ParameterManager, value reflect.Value, typ reflect.Type, path string, paramCache map[string]string, catcher grip.Catcher) {
if paramMgr == nil {
catcher.New("parameter manager is nil")
return
}
// No need to go through the recursive loop if we already have errors.
if catcher.HasErrors() {
return
}
// No need to go through the recursive loop if the context is cancelled.
if ctx.Err() != nil {
catcher.Wrap(ctx.Err(), "context is cancelled, cannot read admin secrets")
return
}
// Handle different kinds of values
switch value.Kind() {
case reflect.Struct:
structName := typ.Name()
currentPath := path
if structName != "" {
if currentPath != "" {
currentPath = currentPath + "/" + structName
} else {
currentPath = structName
}
}
// Iterate through all fields in the struct.
for i := 0; i < value.NumField(); i++ {
field := typ.Field(i)
fieldValue := value.Field(i)
fieldPath := currentPath
if fieldPath != "" {
fieldPath = fieldPath + "/" + field.Name
} else {
fieldPath = field.Name
}
// Check if this field has the secret:"true" tag.
if secretTag := field.Tag.Get("secret"); secretTag == "true" {
// If the field is a string, store in parameter manager and update struct with path.
if fieldValue.Kind() == reflect.String {
// Check if the field path is already in the cache.
if cachedValue, ok := paramCache[paramMgr.GetPrefixedName(fieldPath)]; ok {
fieldValue.SetString(cachedValue)
} else {
// We don't defer the cancel() and instead cancel it immediately
// after the parameter store read to avoid context leaks.
// This is because the recursive calls can create many contexts,
// and we want to ensure they are all cleaned up properly.
paramCtx, cancel := context.WithTimeout(ctx, parameterStoreTimeout)
param, err := paramMgr.Get(paramCtx, fieldPath)
cancel()
if err != nil {
catcher.Wrapf(err, "Failed to read secret field '%s' in parameter store", fieldPath)
} else if len(param) > 0 {
// Update the value with the path from the parameter store if it exists.
fieldValue.SetString(param[0].Value)
}
}
// if the field is a map[string]string, store each key-value pair individually
} else if fieldValue.Kind() == reflect.Map && fieldValue.Type().Key().Kind() == reflect.String && fieldValue.Type().Elem().Kind() == reflect.String {
// Create a new map to store the paths
newMap := reflect.MakeMap(fieldValue.Type())
for _, key := range fieldValue.MapKeys() {
mapFieldPath := fmt.Sprintf("%s/%s", fieldPath, key.String())
// Check if the field path is already in the cache.
if cachedValue, ok := paramCache[paramMgr.GetPrefixedName(mapFieldPath)]; ok {
newMap.SetMapIndex(key, reflect.ValueOf(cachedValue))
} else {
// We don't defer the cancel() and instead cancel it immediately
// after the parameter store read to avoid context leaks.
// This is because the recursive calls can create many contexts,
// and we want to ensure they are all cleaned up properly.
paramCtx, cancel := context.WithTimeout(ctx, parameterStoreTimeout)
param, err := paramMgr.Get(paramCtx, mapFieldPath)
cancel()
if err != nil {
catcher.Wrapf(err, "Failed to read secret map field '%s' in parameter store", mapFieldPath)
continue
} else if len(param) > 0 {
// Set the map value to the parameter store value
newMap.SetMapIndex(key, reflect.ValueOf(param[0].Value))
}
}
}
// Update the struct field with the new map containing paths
if len(newMap.MapKeys()) == len(fieldValue.MapKeys()) {
fieldValue.Set(newMap)
} else {
grip.ErrorWhen(ctx, ctx.Err() == nil, message.Fields{
"message": "readAdminSecrets did not find all map keys in parameter store",
"path": fieldPath,
"keys": fieldValue.MapKeys(),
"new_keys": newMap.MapKeys(),
})
}
}
}
// Recursively check nested structs, pointers, slices, and maps.
readAdminSecrets(ctx, paramMgr, fieldValue, field.Type, currentPath, paramCache, catcher)
}
case reflect.Ptr:
// Dereference pointer if not nil.
if !value.IsNil() {
readAdminSecrets(ctx, paramMgr, value.Elem(), typ.Elem(), path, paramCache, catcher)
}
case reflect.Slice, reflect.Array:
// Check each element in slice/array.
for i := 0; i < value.Len(); i++ {
readAdminSecrets(ctx, paramMgr, value.Index(i), value.Index(i).Type(), fmt.Sprintf("%s/%d", path, i), paramCache, catcher)
}
}
}
// collectSecretPaths recursively traverses a struct and collects the paths of all fields
// tagged with "secret":"true". It returns a slice of strings containing these paths.
func collectSecretPaths(value reflect.Value, typ reflect.Type, path string) []string {
var secretPaths []string
// Handle different kinds of values
switch value.Kind() {
case reflect.Struct:
structName := typ.Name()
currentPath := path
if structName != "" {
if currentPath != "" {
currentPath = currentPath + "/" + structName
} else {
currentPath = structName
}
}
// Iterate through all fields in the struct.
for i := 0; i < value.NumField(); i++ {
field := typ.Field(i)
fieldValue := value.Field(i)
fieldPath := currentPath
if fieldPath != "" {
fieldPath = fieldPath + "/" + field.Name
} else {
fieldPath = field.Name
}
// Check if this field has the secret:"true" tag.
if secretTag := field.Tag.Get("secret"); secretTag == "true" {
// If the field is a string, add the path to our list.
if fieldValue.Kind() == reflect.String {
secretPaths = append(secretPaths, fieldPath)
} else if fieldValue.Kind() == reflect.Map && fieldValue.Type().Key().Kind() == reflect.String && fieldValue.Type().Elem().Kind() == reflect.String {
// If the field is a map[string]string, add each key path individually.
for _, key := range fieldValue.MapKeys() {
mapFieldPath := fmt.Sprintf("%s/%s", fieldPath, key.String())
secretPaths = append(secretPaths, mapFieldPath)
}
}
}
// Recursively check nested structs, pointers, slices, and maps.
nestedPaths := collectSecretPaths(fieldValue, field.Type, currentPath)
secretPaths = append(secretPaths, nestedPaths...)
}
case reflect.Ptr:
// Dereference pointer if not nil.
if !value.IsNil() {
nestedPaths := collectSecretPaths(value.Elem(), typ.Elem(), path)
secretPaths = append(secretPaths, nestedPaths...)
}
case reflect.Slice, reflect.Array:
// Check each element in slice/array.
for i := 0; i < value.Len(); i++ {
nestedPaths := collectSecretPaths(value.Index(i), value.Index(i).Type(), fmt.Sprintf("%s/%d", path, i))
secretPaths = append(secretPaths, nestedPaths...)
}
}
return secretPaths
}
// UpdateConfig updates all evergreen settings documents in the DB.
func UpdateConfig(ctx context.Context, config *Settings) error {
// update the root config document
if err := config.Set(ctx); err != nil {
return err
}
// update the other config sub-documents
catcher := grip.NewSimpleCatcher()
valConfig := reflect.ValueOf(*config)
//iterate over each field in the config struct
for i := 0; i < valConfig.NumField(); i++ {
// retrieve the 'id' struct tag
sectionId := valConfig.Type().Field(i).Tag.Get("id")
if sectionId == "" { // no 'id' tag means this is a simple field that we can skip
continue
}
// get the property name and find its value within the settings struct
propName := valConfig.Type().Field(i).Name
propVal := valConfig.FieldByName(propName)
// create a reflective copy of the struct
valPointer := reflect.Indirect(reflect.New(propVal.Type()))
valPointer.Set(propVal)
// convert the pointer to that struct to an empty interface
propInterface := valPointer.Addr().Interface()
// type assert to the ConfigSection interface
section, ok := propInterface.(ConfigSection)
if !ok {
catcher.Errorf("unable to convert config section '%s'", propName)
continue
}
catcher.Add(section.Set(ctx))
}
return errors.WithStack(catcher.Resolve())
}
// Validate checks the settings and returns nil if the config is valid,
// or an error with a message explaining why otherwise.
func (settings *Settings) Validate() error {
catcher := grip.NewSimpleCatcher()
// validate the root-level settings struct
catcher.Add(settings.ValidateAndDefault())
// validate each sub-document
valConfig := reflect.ValueOf(*settings)
// iterate over each field in the config struct
for i := 0; i < valConfig.NumField(); i++ {
// retrieve the 'id' struct tag
sectionId := valConfig.Type().Field(i).Tag.Get("id")
if sectionId == "" { // no 'id' tag means this is a simple field that we can skip
continue
}
// get the property name and find its value within the settings struct
propName := valConfig.Type().Field(i).Name
propVal := valConfig.FieldByName(propName)
// the goal is to convert this struct which we know implements ConfigSection
// from a reflection data structure back to the interface
// the below creates a copy and takes the address of it as a workaround because
// you can't take the address of it via reflection for some reason
// (and all interface methods on the struct have pointer receivers)
// create a reflective copy of the struct
valPointer := reflect.Indirect(reflect.New(propVal.Type()))
valPointer.Set(propVal)
// convert the pointer to that struct to an empty interface
propInterface := valPointer.Addr().Interface()
// type assert to the ConfigSection interface
section, ok := propInterface.(ConfigSection)
if !ok {
catcher.Errorf("unable to convert config section '%s'", propName)
continue
}
err := section.ValidateAndDefault()
if err != nil {
catcher.Add(fmt.Errorf("validation failed for section '%s' (field '%s'): %w", sectionId, propName, err))
continue
}
// set the value of the section struct in case there was any defaulting done
sectionVal := reflect.ValueOf(section).Elem()
propAddr := reflect.ValueOf(settings).Elem().FieldByName(propName)
if !propAddr.CanSet() {
catcher.Errorf("unable to set field '%s' 'in' %s", propName, sectionId)
continue
}
propAddr.Set(sectionVal)
}
return errors.WithStack(catcher.Resolve())
}
// GetSender returns the global application-wide loggers. These are special
// universal loggers (distinct from other senders like the GitHub status sender
// or email notification sender) and will be used when grip is invoked to log
// messages in the application (e.g. grip.Info, grip.Error, etc). Because these
// loggers are the main way to send logs in the application, these are essential
// to monitoring the application and therefore have to be set up very early
// during application startup.
func (s *Settings) GetSender(ctx context.Context, env Environment) (send.Sender, error) {
var (
sender send.Sender
fallback send.Sender
err error
senders []send.Sender
)
levelInfo := s.LoggerConfig.Info()
fallback, err = send.NewErrorLogger("evergreen.err",
send.LevelInfo{Default: level.Info, Threshold: level.Debug})
if err != nil {
return nil, errors.Wrap(err, "configuring error fallback logger")
}
if disableLocalLogging, err := strconv.ParseBool(os.Getenv(disableLocalLoggingEnvVar)); err != nil || !disableLocalLogging {
// setup the base/default logger (generally direct to systemd
// or standard output)
switch s.LogPath {
case localLoggingOverride:
// log directly to systemd if possible, and log to
// standard output otherwise.
sender = getSystemLogger()
case standardOutputLoggingOverride, "":
sender = send.MakeNative()
default:
sender, err = send.MakeFileLogger(s.LogPath)
if err != nil {
return nil, errors.Wrap(err, "configuring file logger")
}
}
if err = sender.SetLevel(levelInfo); err != nil {
return nil, errors.Wrap(err, "setting level")
}
if err = sender.SetErrorHandler(send.ErrorHandlerFromSender(fallback)); err != nil {
return nil, errors.Wrap(err, "setting error handler")
}
senders = append(senders, sender)
}
// set up external log aggregation services:
//
if s.Splunk.SplunkConnectionInfo.Populated() {
retryConf := utility.NewDefaultHTTPRetryConf()
retryConf.MaxDelay = time.Second
retryConf.BaseDelay = 10 * time.Millisecond
retryConf.MaxRetries = 10
client := utility.GetHTTPRetryableClient(retryConf)
splunkSender, err := s.makeSplunkSender(ctx, client, levelInfo, fallback)
if err != nil {
utility.PutHTTPClient(client)
return nil, errors.Wrap(err, "configuring splunk logger")
}
env.RegisterCloser("splunk-http-client", false, func(_ context.Context) error {
utility.PutHTTPClient(client)
return nil
})
senders = append(senders, splunkSender)
}
// the slack logging service is only for logging very high level alerts.
if s.Slack.Token != "" && level.FromString(s.Slack.Level).IsValid() {
sender, err = send.NewSlackLogger(s.Slack.Options, s.Slack.Token,
send.LevelInfo{Default: level.Critical, Threshold: level.FromString(s.Slack.Level)})
if err == nil {
var slackFallback send.Sender
switch len(senders) {
case 0:
slackFallback = fallback
case 1:
slackFallback = senders[0]
default:
slackFallback = send.NewConfiguredMultiSender(senders...)
}
if err = sender.SetErrorHandler(send.ErrorHandlerFromSender(slackFallback)); err != nil {
return nil, errors.Wrap(err, "setting error handler")
}
senders = append(senders, logger.MakeQueueSender(ctx, env.LocalQueue(), sender))
}
grip.Warning(ctx, errors.Wrap(err, "setting up Slack alert logger"))
}
return send.NewConfiguredMultiSender(senders...), nil
}
func (s *Settings) makeSplunkSender(ctx context.Context, client *http.Client, levelInfo send.LevelInfo, fallback send.Sender) (send.Sender, error) {
sender, err := send.NewSplunkLoggerWithClient("", s.Splunk.SplunkConnectionInfo, grip.GetSender().Level(), client)
if err != nil {
return nil, errors.Wrap(err, "making splunk logger")
}
if err = sender.SetLevel(levelInfo); err != nil {
return nil, errors.Wrap(err, "setting Splunk level")
}
if err = sender.SetErrorHandler(send.ErrorHandlerFromSender(fallback)); err != nil {
return nil, errors.Wrap(err, "setting Splunk error handler")
}
opts := send.BufferedSenderOptions{
FlushInterval: time.Duration(s.LoggerConfig.Buffer.DurationSeconds) * time.Second,
BufferSize: s.LoggerConfig.Buffer.Count,
}
if s.LoggerConfig.Buffer.UseAsync {
if sender, err = send.NewBufferedAsyncSender(ctx,
sender,
send.BufferedAsyncSenderOptions{
BufferedSenderOptions: opts,
IncomingBufferFactor: s.LoggerConfig.Buffer.IncomingBufferFactor,
}); err != nil {
return nil, errors.Wrap(err, "making Splunk async buffered sender")
}
} else {
if sender, err = send.NewBufferedSender(ctx, sender, opts); err != nil {
return nil, errors.Wrap(err, "making Splunk buffered sender")
}
}
if s.Tracer.TraceURLTemplate != "" {
sender = send.NewTraceURLSender(sender, s.Tracer.TraceURLTemplate)
}
return sender, nil
}
// PluginConfig holds plugin-specific settings, which are handled.
// manually by their respective plugins
type PluginConfig map[string]map[string]any
type WriteConcern struct {
W int `yaml:"w"`
WMode string `yaml:"wmode"`
WTimeout int `yaml:"wtimeout"`
J bool `yaml:"j"`
}
func (wc WriteConcern) Resolve() *writeconcern.WriteConcern {
concern := &writeconcern.WriteConcern{}
if wc.WMode == "majority" {
concern = writeconcern.Majority()
} else if wc.W > 0 {
concern.W = wc.W
}
if wc.J {
concern.Journal = utility.TruePtr()
}
return concern
}
type ReadConcern struct {
Level string `yaml:"level"`
}
func (rc ReadConcern) Resolve() *readconcern.ReadConcern {
if rc.Level == "majority" {
return readconcern.Majority()
} else if rc.Level == "local" {
return readconcern.Local()
} else if rc.Level == "" {
return readconcern.Majority()
} else {
grip.Error(context.Background(), message.Fields{
"error": "ReadConcern Level is not majority or local, setting to majority",
"rcLevel": rc.Level})
return readconcern.Majority()
}
}
type DBSettings struct {
Url string `yaml:"url"`
SharedURL string `yaml:"shared_url"`
DB string `yaml:"db"`
WriteConcernSettings WriteConcern `yaml:"write_concern"`
ReadConcernSettings ReadConcern `yaml:"read_concern"`
AWSAuthEnabled bool `yaml:"aws_auth_enabled"`
}
func (s *DBSettings) mongoOptions(url string) *options.ClientOptions {
opts := options.Client().ApplyURI(url).SetWriteConcern(s.WriteConcernSettings.Resolve()).
SetReadConcern(s.ReadConcernSettings.Resolve()).
SetTimeout(mongoTimeout).
SetConnectTimeout(mongoConnectTimeout).
SetSocketTimeout(mongoTimeout).
SetMonitor(apm.NewMonitor(apm.WithCommandAttributeDisabled(false), apm.WithCommandAttributeTransformer(redactSensitiveCollections)))
if s.AWSAuthEnabled {
opts.SetAuth(options.Credential{
AuthMechanism: awsAuthMechanism,
AuthSource: mongoExternalAuthSource,
})
}
return opts
}
// Supported banner themes in Evergreen.
// Empty is a valid banner theme that should not be deleted.
type BannerTheme string
const (
Announcement BannerTheme = "ANNOUNCEMENT"
Information BannerTheme = "INFORMATION"
Warning BannerTheme = "WARNING"
Important BannerTheme = "IMPORTANT"
Empty BannerTheme = ""
)
func IsValidBannerTheme(input string) (bool, BannerTheme) {
switch input {
case "":
return true, ""
case "ANNOUNCEMENT":
return true, Announcement
case "INFORMATION":
return true, Information
case "WARNING":
return true, Warning
case "IMPORTANT":
return true, Important
default:
return false, ""
}
}
// StoreAdminSecrets recursively finds all fields tagged with "secret:true"
// and stores them in the parameter manager
// The function has section commented out because all the functionality does not currently exist.
// It is currently only uncommented during the testing to ensure that the function works as expected.
// Those sections will be uncommented/deleted when the functionality is implemented.
func StoreAdminSecrets(ctx context.Context, paramMgr *parameterstore.ParameterManager, value reflect.Value, typ reflect.Type, path string, catcher grip.Catcher) {
if paramMgr == nil {
catcher.New("parameter manager is nil")
return
}
// Handle different kinds of values
switch value.Kind() {
case reflect.Struct:
structName := typ.Name()
currentPath := path
if structName != "" {
if currentPath != "" {
currentPath = currentPath + "/" + structName
} else {
currentPath = structName
}
}
// Iterate through all fields in the struct.
for i := 0; i < value.NumField(); i++ {
field := typ.Field(i)
fieldValue := value.Field(i)
fieldPath := currentPath
if fieldPath != "" {
fieldPath = fieldPath + "/" + field.Name
} else {
fieldPath = field.Name
}
// Check if this field has the secret:"true" tag.
if secretTag := field.Tag.Get("secret"); secretTag == "true" {
// If the field is a string, store in parameter manager and update struct with path.
if fieldValue.Kind() == reflect.String {
secretValue := fieldValue.String()
if secretValue == "" {
continue
}
redactedValue, err := putSecretValue(ctx, paramMgr, fieldPath, secretValue)
if err != nil {
catcher.Wrapf(err, "Failed to store secret field '%s' in parameter store", fieldPath)
}
fieldValue.SetString(redactedValue)
// if the field is a map[string]string, store each key-value pair individually
} else if fieldValue.Kind() == reflect.Map && fieldValue.Type().Key().Kind() == reflect.String && fieldValue.Type().Elem().Kind() == reflect.String {
// Create a new map to store the paths
newMap := reflect.MakeMap(fieldValue.Type())
for _, key := range fieldValue.MapKeys() {
mapFieldPath := fmt.Sprintf("%s/%s", fieldPath, key.String())
secretValue := fieldValue.MapIndex(key).String()
redactedValue, err := putSecretValue(ctx, paramMgr, mapFieldPath, secretValue)
if err != nil {
catcher.Wrapf(err, "Failed to store secret map field '%s' in parameter store", mapFieldPath)
continue
}
newMap.SetMapIndex(key, reflect.ValueOf(redactedValue))
}
fieldValue.Set(newMap)
}
}
// Recursively check nested structs, pointers, slices, and maps.
StoreAdminSecrets(ctx, paramMgr, fieldValue, field.Type, currentPath, catcher)
}
case reflect.Ptr:
// Dereference pointer if not nil.
if !value.IsNil() {
StoreAdminSecrets(ctx, paramMgr, value.Elem(), typ.Elem(), path, catcher)
}
case reflect.Slice, reflect.Array:
// Check each element in slice/array.
for i := 0; i < value.Len(); i++ {
StoreAdminSecrets(ctx, paramMgr, value.Index(i), value.Index(i).Type(), fmt.Sprintf("%s/%d", path, i), catcher)
}
}
}
// putSecretValue only updates the parameter's value if it is different from the
// current value in Parameter Store. Returns last updated time of the value.
// Necessary to log events correctly in the event log.
func putSecretValue(ctx context.Context, pm *parameterstore.ParameterManager, name, value string) (string, error) {
// If the parameter already exists and its value matches the new value,
// return the last updated time without updating it.
param, err := pm.Get(ctx, name)
if err != nil {
return "", errors.Wrapf(err, "getting parameter '%s'", name)
}
if len(param) > 0 && param[0].Value == value {
record, err := parameterstore.FindOneName(ctx, pm.DB, param[0].Name)
if err != nil {
return "", errors.Wrapf(err, "finding parameter record for '%s'", param[0].Name)
}
if record == nil {
return "", errors.Errorf("parameter record '%s' not found after put", param[0].Name)
}
return record.LastUpdated.String(), nil
}
// If the parameter does not exist or has a new value, update it.
updatedParam, err := pm.Put(ctx, name, value)
if err != nil {
return "", errors.Wrapf(err, "putting parameter '%s'", name)
}
if updatedParam == nil {
return "", errors.Errorf("parameter '%s' not found after put", name)
}
record, err := parameterstore.FindOneName(ctx, pm.DB, updatedParam.Name)
if err != nil {
return "", errors.Wrapf(err, "finding parameter record for '%s'", updatedParam.Name)
}
if record == nil {
return "", errors.Errorf("parameter record '%s' not found after put", updatedParam.Name)
}
return record.LastUpdated.String(), nil
}
// UpdateBucketLifecycle updates the lifecycle configuration for an admin-managed bucket in settings.
func UpdateBucketLifecycle(ctx context.Context, bucketField string, expirationDays, transitionToIADays, transitionToGlacierDays *int) error {
bucketsKey := (&BucketsConfig{}).SectionId()
set := bson.M{
bsonutil.GetDottedKeyName(bucketField, bucketConfigLifecycleLastSyncedAtKey): time.Now(),
}
if expirationDays != nil {
set[bsonutil.GetDottedKeyName(bucketField, bucketConfigExpirationDaysKey)] = *expirationDays
}
if transitionToIADays != nil {
set[bsonutil.GetDottedKeyName(bucketField, bucketConfigTransitionToIADaysKey)] = *transitionToIADays
}
if transitionToGlacierDays != nil {
set[bsonutil.GetDottedKeyName(bucketField, bucketConfigTransitionToGlacierDaysKey)] = *transitionToGlacierDays
}
return setConfigSection(ctx, bucketsKey, bson.M{
"$set": set,
"$unset": bson.M{
bsonutil.GetDottedKeyName(bucketField, bucketConfigLifecycleSyncErrorKey): "",
},
})
}
// UpdateBucketLifecycleError records a sync error for an admin-managed bucket in settings.
func UpdateBucketLifecycleError(ctx context.Context, bucketField string, syncError string) error {