Skip to content

Add Disable_TMDS_ListTagsForResources env variable #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add Disable_TMDS_ListTagsForResources env variable #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1d39791
Change Warnf to Debugf for SELinux logging
Jun 16, 2025
63ca954
AI Generated
amazon-q-developer[bot] Jun 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
96 changes: 96 additions & 0 deletions agent/config/config.go.new
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
func environmentConfig() (Config, error) {
dataDir := os.Getenv("ECS_DATADIR")

steadyStateRate, burstRate := parseTaskMetadataThrottles()

var errs []error
instanceAttributes, errs := parseInstanceAttributes(errs)

containerInstanceTags, errs := parseContainerInstanceTags(errs)

additionalLocalRoutes, errs := parseAdditionalLocalRoutes(errs)

var err error
if len(errs) > 0 {
err = apierrors.NewMultiError(errs...)
}
return Config{
Cluster: os.Getenv("ECS_CLUSTER"),
APIEndpoint: os.Getenv("ECS_BACKEND_HOST"),
AWSRegion: os.Getenv("AWS_DEFAULT_REGION"),
DockerEndpoint: os.Getenv("DOCKER_HOST"),
ReservedPorts: parseReservedPorts("ECS_RESERVED_PORTS"),
ReservedPortsUDP: parseReservedPorts("ECS_RESERVED_PORTS_UDP"),
DataDir: dataDir,
Checkpoint: parseCheckpoint(dataDir),
EngineAuthType: os.Getenv("ECS_ENGINE_AUTH_TYPE"),
EngineAuthData: NewSensitiveRawMessage([]byte(os.Getenv("ECS_ENGINE_AUTH_DATA"))),
UpdatesEnabled: parseBooleanDefaultFalseConfig("ECS_UPDATES_ENABLED"),
UpdateDownloadDir: os.Getenv("ECS_UPDATE_DOWNLOAD_DIR"),
DisableMetrics: parseBooleanDefaultFalseConfig("ECS_DISABLE_METRICS"),
ReservedMemory: parseEnvVariableUint16("ECS_RESERVED_MEMORY"),
AvailableLoggingDrivers: parseAvailableLoggingDrivers(),
PrivilegedDisabled: parseBooleanDefaultFalseConfig("ECS_DISABLE_PRIVILEGED"),
SELinuxCapable: parseBooleanDefaultFalseConfig("ECS_SELINUX_CAPABLE"),
AppArmorCapable: parseBooleanDefaultFalseConfig("ECS_APPARMOR_CAPABLE"),
TaskCleanupWaitDuration: parseEnvVariableDuration("ECS_ENGINE_TASK_CLEANUP_WAIT_DURATION"),
TaskCleanupWaitDurationJitter: parseEnvVariableDuration("ECS_ENGINE_TASK_CLEANUP_WAIT_DURATION_JITTER"),
TaskENIEnabled: parseBooleanDefaultFalseConfig("ECS_ENABLE_TASK_ENI"),
TaskIAMRoleEnabled: parseBooleanDefaultFalseConfig("ECS_ENABLE_TASK_IAM_ROLE"),
DeleteNonECSImagesEnabled: parseBooleanDefaultFalseConfig("ECS_ENABLE_UNTRACKED_IMAGE_CLEANUP"),
TaskCPUMemLimit: parseBooleanDefaultTrueConfig("ECS_ENABLE_TASK_CPU_MEM_LIMIT"),
DockerStopTimeout: parseDockerStopTimeout(),
ManifestPullTimeout: parseManifestPullTimeout(),
ContainerStartTimeout: parseContainerStartTimeout(),
ContainerCreateTimeout: parseContainerCreateTimeout(),
DependentContainersPullUpfront: parseBooleanDefaultFalseConfig("ECS_PULL_DEPENDENT_CONTAINERS_UPFRONT"),
ImagePullInactivityTimeout: parseImagePullInactivityTimeout(),
ImagePullTimeout: parseEnvVariableDuration("ECS_IMAGE_PULL_TIMEOUT"),
CredentialsAuditLogFile: os.Getenv("ECS_AUDIT_LOGFILE"),
CredentialsAuditLogDisabled: utils.ParseBool(os.Getenv("ECS_AUDIT_LOGFILE_DISABLED"), false),
TaskIAMRoleEnabledForNetworkHost: utils.ParseBool(os.Getenv("ECS_ENABLE_TASK_IAM_ROLE_NETWORK_HOST"), false),
ImageCleanupDisabled: parseBooleanDefaultFalseConfig("ECS_DISABLE_IMAGE_CLEANUP"),
MinimumImageDeletionAge: parseEnvVariableDuration("ECS_IMAGE_MINIMUM_CLEANUP_AGE"),
NonECSMinimumImageDeletionAge: parseEnvVariableDuration("NON_ECS_IMAGE_MINIMUM_CLEANUP_AGE"),
ImageCleanupInterval: parseEnvVariableDuration("ECS_IMAGE_CLEANUP_INTERVAL"),
NumImagesToDeletePerCycle: parseNumImagesToDeletePerCycle(),
NumNonECSContainersToDeletePerCycle: parseNumNonECSContainersToDeletePerCycle(),
ImagePullBehavior: parseImagePullBehavior(),
ImageCleanupExclusionList: parseImageCleanupExclusionList("ECS_EXCLUDE_UNTRACKED_IMAGE"),
InstanceAttributes: instanceAttributes,
CNIPluginsPath: os.Getenv("ECS_CNI_PLUGINS_PATH"),
AWSVPCBlockInstanceMetdata: parseBooleanDefaultFalseConfig("ECS_AWSVPC_BLOCK_IMDS"),
AWSVPCAdditionalLocalRoutes: additionalLocalRoutes,
ContainerMetadataEnabled: parseBooleanDefaultFalseConfig("ECS_ENABLE_CONTAINER_METADATA"),
DataDirOnHost: os.Getenv("ECS_HOST_DATA_DIR"),
OverrideAWSLogsExecutionRole: parseBooleanDefaultFalseConfig("ECS_ENABLE_AWSLOGS_EXECUTIONROLE_OVERRIDE"),
CgroupPath: os.Getenv("ECS_CGROUP_PATH"),
TaskMetadataSteadyStateRate: steadyStateRate,
TaskMetadataBurstRate: burstRate,
SharedVolumeMatchFullConfig: parseBooleanDefaultFalseConfig("ECS_SHARED_VOLUME_MATCH_FULL_CONFIG"),
ContainerInstanceTags: containerInstanceTags,
ContainerInstancePropagateTagsFrom: parseContainerInstancePropagateTagsFrom(),
PollMetrics: parseBooleanDefaultFalseConfig("ECS_POLL_METRICS"),
PollingMetricsWaitDuration: parseEnvVariableDuration("ECS_POLLING_METRICS_WAIT_DURATION"),
DisableDockerHealthCheck: parseBooleanDefaultFalseConfig("ECS_DISABLE_DOCKER_HEALTH_CHECK"),
GPUSupportEnabled: utils.ParseBool(os.Getenv("ECS_ENABLE_GPU_SUPPORT"), false),
EBSTASupportEnabled: utils.ParseBool(os.Getenv("ECS_EBSTA_SUPPORTED"), true),
InferentiaSupportEnabled: utils.ParseBool(os.Getenv("ECS_ENABLE_INF_SUPPORT"), false),
NvidiaRuntime: os.Getenv("ECS_NVIDIA_RUNTIME"),
TaskMetadataAZDisabled: utils.ParseBool(os.Getenv("ECS_DISABLE_TASK_METADATA_AZ"), false),
CgroupCPUPeriod: parseCgroupCPUPeriod(),
SpotInstanceDrainingEnabled: parseBooleanDefaultFalseConfig("ECS_ENABLE_SPOT_INSTANCE_DRAINING"),
GMSACapable: parseGMSACapability(),
GMSADomainlessCapable: parseGMSADomainlessCapability(),
VolumePluginCapabilities: parseVolumePluginCapabilities(),
FSxWindowsFileServerCapable: parseFSxWindowsFileServerCapability(),
External: parseBooleanDefaultFalseConfig("ECS_EXTERNAL"),
EnableRuntimeStats: parseBooleanDefaultFalseConfig("ECS_ENABLE_RUNTIME_STATS"),
ShouldExcludeIPv6PortBinding: parseBooleanDefaultTrueConfig("ECS_EXCLUDE_IPV6_PORTBINDING"),
WarmPoolsSupport: parseBooleanDefaultFalseConfig("ECS_WARM_POOLS_CHECK"),
DynamicHostPortRange: parseDynamicHostPortRange("ECS_DYNAMIC_HOST_PORT_RANGE"),
TaskPidsLimit: parseTaskPidsLimit(),
FirelensAsyncEnabled: parseBooleanDefaultTrueConfig("ECS_ENABLE_FIRELENS_ASYNC"),
DisableTMDSListTagsForResource: parseBooleanDefaultFalseConfig("Disable_TMDS_ListTagsForResource"),
}, err
}
46 changes: 25 additions & 21 deletions agent/config/config_accessor.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
// not use this file except in compliance with the License. A copy of the
// License is located at
//
// http://aws.amazon.com/apache2.0/
// http://aws.amazon.com/apache2.0/
//
// or in the "license" file accompanying this file. This file is distributed
// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
Expand All @@ -14,75 +14,79 @@
package config

import (
"errors"
"errors"
)

// agentConfigAccessor struct implements AgentConfigAccessor interface defined in ecs-agent module.
type agentConfigAccessor struct {
cfg *Config
cfg *Config
}

// NewAgentConfigAccessor creates a new agentConfigAccessor.
func NewAgentConfigAccessor(cfg *Config) (*agentConfigAccessor, error) {
if cfg == nil {
return nil, errors.New("unable to create new agent config accessor due to passed in config value being nil")
}
if cfg == nil {
return nil, errors.New("unable to create new agent config accessor due to passed in config value being nil")
}

return &agentConfigAccessor{cfg: cfg}, nil
return &agentConfigAccessor{cfg: cfg}, nil
}

func (aca *agentConfigAccessor) AcceptInsecureCert() bool {
return aca.cfg.AcceptInsecureCert
return aca.cfg.AcceptInsecureCert
}

func (aca *agentConfigAccessor) APIEndpoint() string {
return aca.cfg.APIEndpoint
return aca.cfg.APIEndpoint
}

func (aca *agentConfigAccessor) AWSRegion() string {
return aca.cfg.AWSRegion
return aca.cfg.AWSRegion
}

func (aca *agentConfigAccessor) Cluster() string {
return aca.cfg.Cluster
return aca.cfg.Cluster
}

func (aca *agentConfigAccessor) DefaultClusterName() string {
return DefaultClusterName
return DefaultClusterName
}

func (aca *agentConfigAccessor) External() bool {
return aca.cfg.External.Enabled()
return aca.cfg.External.Enabled()
}

func (aca *agentConfigAccessor) InstanceAttributes() map[string]string {
return aca.cfg.InstanceAttributes
return aca.cfg.InstanceAttributes
}

func (aca *agentConfigAccessor) NoInstanceIdentityDocument() bool {
return aca.cfg.NoIID
return aca.cfg.NoIID
}

func (aca *agentConfigAccessor) OSFamily() string {
return GetOSFamily()
return GetOSFamily()
}

func (aca *agentConfigAccessor) OSType() string {
return OSType
return OSType
}

func (aca *agentConfigAccessor) ReservedMemory() uint16 {
return aca.cfg.ReservedMemory
return aca.cfg.ReservedMemory
}

func (aca *agentConfigAccessor) ReservedPorts() []uint16 {
return aca.cfg.ReservedPorts
return aca.cfg.ReservedPorts
}

func (aca *agentConfigAccessor) ReservedPortsUDP() []uint16 {
return aca.cfg.ReservedPortsUDP
return aca.cfg.ReservedPortsUDP
}

func (aca *agentConfigAccessor) UpdateCluster(cluster string) {
aca.cfg.Cluster = cluster
aca.cfg.Cluster = cluster
}

func (aca *agentConfigAccessor) DisableTMDSListTagsForResource() bool {
return aca.cfg.DisableTMDSListTagsForResource.Enabled()
}
Loading