diff --git a/docs/framework-dynatrace_one_agent.md b/docs/framework-dynatrace_one_agent.md index cf0d3cfa89..6a88ef5ac7 100644 --- a/docs/framework-dynatrace_one_agent.md +++ b/docs/framework-dynatrace_one_agent.md @@ -30,6 +30,7 @@ The credential payload of the service may contain the following entries: | `environmentid` | Your Dynatrace environment ID is the unique identifier of your Dynatrace environment. You can find it in the deploy Dynatrace section within your environment. | `networkzone` | (Optional) Network zones are Dynatrace entities that represent your network structure. They help you to route the traffic efficiently, avoiding unnecessary traffic across data centers and network regions. Enter the network zone you wish to pass to the server during the OneAgent Download. | `skiperrors` | (Optional) The errors during agent download are skipped and the injection is disabled. Use this option at your own risk. Possible values are 'true' and 'false'. This option is disabled by default! +| `enablefips`| (Optional) Enables the use of [FIPS 140 cryptographic algorithms](https://docs.dynatrace.com/docs/shortlink/oneagentctl#fips-140). Possible values are 'true' and 'false'. This option is disabled by default! ## Configuration For general information on configuring the buildpack, including how to specify configuration values through environment variables, refer to [Configuration and Extension][]. diff --git a/lib/java_buildpack/framework/dynatrace_one_agent.rb b/lib/java_buildpack/framework/dynatrace_one_agent.rb index 0b919012f9..23206f26d2 100644 --- a/lib/java_buildpack/framework/dynatrace_one_agent.rb +++ b/lib/java_buildpack/framework/dynatrace_one_agent.rb @@ -68,8 +68,10 @@ def release manifest = agent_manifest - @droplet.java_opts.add_agentpath(agent_path(manifest)) - @droplet.java_opts.add_preformatted_options('-Xshare:off') + environment_variables = @droplet.environment_variables + environment_variables.add_environment_variable(LD_PRELOAD, agent_path(manifest)) + + File.delete(@droplet.sandbox + 'agent/dt_fips_disabled.flag') if enable_fips? dynatrace_environment_variables(manifest) end @@ -87,6 +89,8 @@ def supports? APITOKEN = 'apitoken' + ENABLE_FIPS = 'enablefips' + DT_APPLICATION_ID = 'DT_APPLICATIONID' DT_CONNECTION_POINT = 'DT_CONNECTION_POINT' @@ -99,6 +103,8 @@ def supports? DT_NETWORK_ZONE = 'DT_NETWORK_ZONE' + LD_PRELOAD = 'LD_PRELOAD' + ENVIRONMENTID = 'environmentid' FILTER = /dynatrace/.freeze @@ -107,8 +113,9 @@ def supports? SKIP_ERRORS = 'skiperrors' - private_constant :APIURL, :APITOKEN, :DT_APPLICATION_ID, :DT_CONNECTION_POINT, :DT_NETWORK_ZONE, :DT_LOGSTREAM, - :DT_TENANT, :DT_TENANTTOKEN, :ENVIRONMENTID, :FILTER, :NETWORKZONE, :SKIP_ERRORS + private_constant :APIURL, :APITOKEN, :ENABLE_FIPS, :DT_APPLICATION_ID, :DT_CONNECTION_POINT, :DT_NETWORK_ZONE, + :DT_LOGSTREAM, :DT_TENANT, :DT_TENANTTOKEN, :LD_PRELOAD, :ENVIRONMENTID, :FILTER, :NETWORKZONE, + :SKIP_ERRORS def agent_download_url download_uri = "#{api_base_url(credentials)}/v1/deployment/installer/agent/unix/paas/latest?include=java" \ @@ -126,8 +133,8 @@ def agent_manifest def agent_path(manifest) technologies = manifest['technologies'] - java_binaries = technologies['java']['linux-x86-64'] - loader = java_binaries.find { |bin| bin['binarytype'] == 'loader' } + java_binaries = technologies['process']['linux-x86-64'] + loader = java_binaries.find { |bin| bin['binarytype'] == 'primary' } @droplet.sandbox + loader['path'] end @@ -191,7 +198,11 @@ def logstream? end def skip_errors? - credentials[SKIP_ERRORS].to_b + credentials[SKIP_ERRORS] == 'true' + end + + def enable_fips? + credentials[ENABLE_FIPS] == 'true' end def tenanttoken(manifest) diff --git a/spec/fixtures/framework_dynatrace_one_agent/.java-buildpack/dynatrace_one_agent/manifest.json b/spec/fixtures/framework_dynatrace_one_agent/.java-buildpack/dynatrace_one_agent/manifest.json index a2c5ae6e8c..6af71ec43a 100644 --- a/spec/fixtures/framework_dynatrace_one_agent/.java-buildpack/dynatrace_one_agent/manifest.json +++ b/spec/fixtures/framework_dynatrace_one_agent/.java-buildpack/dynatrace_one_agent/manifest.json @@ -1,10 +1,10 @@ { "technologies" : { - "java" : { + "process" : { "linux-x86-64" : [ { - "path": "agent/lib64/liboneagentloader.so", - "binarytype" : "loader" + "path": "agent/lib64/liboneagentproc.so", + "binarytype" : "primary" } ] } diff --git a/spec/fixtures/stub-dynatrace-one-agent.zip b/spec/fixtures/stub-dynatrace-one-agent.zip index 052c460260..b05d392798 100644 Binary files a/spec/fixtures/stub-dynatrace-one-agent.zip and b/spec/fixtures/stub-dynatrace-one-agent.zip differ diff --git a/spec/java_buildpack/framework/dynatrace_one_agent_spec.rb b/spec/java_buildpack/framework/dynatrace_one_agent_spec.rb index 92841c3fac..53c686a1ce 100644 --- a/spec/java_buildpack/framework/dynatrace_one_agent_spec.rb +++ b/spec/java_buildpack/framework/dynatrace_one_agent_spec.rb @@ -50,18 +50,17 @@ component.compile - expect(sandbox + 'agent/lib64/liboneagentloader.so').to exist + expect(sandbox + 'agent/lib64/liboneagentproc.so').to exist expect(sandbox + 'manifest.json').to exist end - it 'updates JAVA_OPTS with agent loader and share set to off', + it 'sets LD_PRELOAD with liboneagentproc', app_fixture: 'framework_dynatrace_one_agent' do component.release - expect(java_opts).to include('-agentpath:$PWD/.java-buildpack/dynatrace_one_agent/agent/lib64/' \ - 'liboneagentloader.so') - expect(java_opts).to include('-Xshare:off') + expect(environment_variables).to include('LD_PRELOAD=$PWD/.java-buildpack/dynatrace_one_agent/agent/lib64/' \ + 'liboneagentproc.so') end it 'updates environment variables', @@ -112,7 +111,7 @@ component.compile - expect(sandbox + 'agent/lib64/liboneagentloader.so').to exist + expect(sandbox + 'agent/lib64/liboneagentproc.so').to exist expect(sandbox + 'manifest.json').to exist end end