From 93226a348fcbc2ae7589ab205f74b86f7e6c24d1 Mon Sep 17 00:00:00 2001
From: Johannes Mittendorfer <johannes.mittendorfer@dynatrace.com>
Date: Wed, 25 Oct 2023 13:36:50 +0200
Subject: [PATCH 1/6] Migrate dynatrace integration to LD_PRELOAD

Migrate the dnytrace integration to use the LD_PRELOAD method as
used within other buildpacks.

* Set LD_PRELOAD environment variable instead of java options
* adapt tests and test fixtures
---
 .../framework/dynatrace_one_agent.rb          |  10 ++++++----
 .../dynatrace_one_agent/manifest.json         |   6 +++---
 spec/fixtures/stub-dynatrace-one-agent.zip    | Bin 1276 -> 1408 bytes
 .../framework/dynatrace_one_agent_spec.rb     |  11 +++++------
 4 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/lib/java_buildpack/framework/dynatrace_one_agent.rb b/lib/java_buildpack/framework/dynatrace_one_agent.rb
index 0b919012f9..7e49899529 100644
--- a/lib/java_buildpack/framework/dynatrace_one_agent.rb
+++ b/lib/java_buildpack/framework/dynatrace_one_agent.rb
@@ -68,8 +68,8 @@ def release
 
         manifest = agent_manifest
 
-        @droplet.java_opts.add_agentpath(agent_path(manifest))
-        @droplet.java_opts.add_preformatted_options('-Xshare:off')
+        environment_variables = @droplet.environment_variables
+        environment_variables.add_environment_variable(LD_PRELOAD, agent_path(manifest))
 
         dynatrace_environment_variables(manifest)
       end
@@ -99,6 +99,8 @@ def supports?
 
       DT_NETWORK_ZONE = 'DT_NETWORK_ZONE'
 
+      LD_PRELOAD = 'LD_PRELOAD'
+
       ENVIRONMENTID = 'environmentid'
 
       FILTER = /dynatrace/.freeze
@@ -126,8 +128,8 @@ def agent_manifest
 
       def agent_path(manifest)
         technologies  = manifest['technologies']
-        java_binaries = technologies['java']['linux-x86-64']
-        loader        = java_binaries.find { |bin| bin['binarytype'] == 'loader' }
+        java_binaries = technologies['process']['linux-x86-64']
+        loader        = java_binaries.find { |bin| bin['binarytype'] == 'primary' }
         @droplet.sandbox + loader['path']
       end
 
diff --git a/spec/fixtures/framework_dynatrace_one_agent/.java-buildpack/dynatrace_one_agent/manifest.json b/spec/fixtures/framework_dynatrace_one_agent/.java-buildpack/dynatrace_one_agent/manifest.json
index a2c5ae6e8c..6af71ec43a 100644
--- a/spec/fixtures/framework_dynatrace_one_agent/.java-buildpack/dynatrace_one_agent/manifest.json
+++ b/spec/fixtures/framework_dynatrace_one_agent/.java-buildpack/dynatrace_one_agent/manifest.json
@@ -1,10 +1,10 @@
 {
   "technologies" : {
-    "java" : {
+    "process" : {
       "linux-x86-64" : [
           {
-            "path": "agent/lib64/liboneagentloader.so",
-            "binarytype" : "loader"
+            "path": "agent/lib64/liboneagentproc.so",
+            "binarytype" : "primary"
           }
       ]
     }
diff --git a/spec/fixtures/stub-dynatrace-one-agent.zip b/spec/fixtures/stub-dynatrace-one-agent.zip
index 052c460260abc86862d2cb0effa22b3a281f4f6b..b05d3927987092f764aae883ad0c8b1d929c0ed0 100644
GIT binary patch
literal 1408
zcmWIWW@Zs#0D(^-HXdLGlwe~}U`R|)%`4Fl4dG>Azxi-wn4GX>stgd9R&X;gvb<ns
zU;q;VIL+XKn~{{6hcHKlkU6Y%_HM{-;f9-&oS&BlF-Yt6nGk{ou~kNfBOAm6Hz+4F
z$;<>|k}c3Ven1SOv3iYzfrEh$%}H`-CIQXM&r1adSV2*KvR-jMIM{4}uDqG~IUI}G
z%nSkE>>ME1F+rUO2}qD_Ng*ztFn3=9GI)Wu<tFB3rll5_=w%h>=Yb910W|mp5Mzmx
z)z5+g0<^q!wa%S69~`tHD8T57v5CP|V-v&c#zqDv#v4q`E|{8_ni-mgUt-kM^*rl+
zMw^rOYYF4(wt|UEojz?2{ygDHiT44f1ksZ}ckWzTIrC(vs>AJ=&p}+Dj6ZvIId&};
zonqwW#nrX;%h%wAkJ^4|oSIr<FjZoqW?;wDRZp3~o|8N&q0j_$KFA9Q&xy}Lja^Vs
zM&_3WXXKaWr1<5RcqEpkhUQge78InW_@?TWRFr^ydrtmrh!XacgDof-nM9azr)*f@
zzI6n#h)w6X%><=%7<lXG0ymSmbdN9>Tgpe6+XFY3$b5h>7+X$27<?6OFtPapVlr~h
zfTdzkbi%-rMtMe9@Ip)`J)Z=4BkTg@3*<xv$`>%Oq_G!h7fHDU*=Sg*#O{qOpfF`=
UG{Bpc4dhgIAe;m=?FQH)01~(~O#lD@

literal 1276
zcmWIWW@h1H0D;dTHXdLGlwf0!VMt6*%`4Fl4dG;9zWH!v*o(~1;iVPa42&!{CmO1<
z>`}O=8h}$j7hHc*W*(7du-4hTA-jPaZbou`UK+#@t=DHl@H%8kkc%g>Av|zHax#<5
zOdzI|q<s#@YYHElQxwol0h*PcmkJJ`oczR;)FQp&d~iV70Nr;Jdq9Z*oyEbB6yoA3
zc~U~53COzy#JoV0a})D2(^88|^s<Wc^T5XJ02+bCfvcYd1q5h$>uQ}lb3Qm|Lr{Rx
z6=M^FtHvgV*Nu$~OpG^}m|ZY6F*P$Z4Zp;wsq1;x`;0ax@7EH>)ole6mpXmg9Q=90
zlM?R(ObMbVf9~A5v~uRjPF087F`t9DJ{f=Z>T>K_EIP%=%ZsaP?U%2?3m>)p(l|A>
z#9*q#Le0RAr>mYaF(6`Gd=6@C$pJkQnO_>5kzbmV;+J3Ikyw@*npc%sP>`D9o2pk*
zQ3CeaIr+2L1Bj7Hju}^4lz_&l0K;2H5EGU%Ss^JCBUR!yi;Dr-EC;w*kW@<8Jj^tT
zY+ei8JZOpq8VE|UcpQkCUXcwv2{#aydVwZ_QZF78G1D&0L<WW>jr@$T;DeZmJtYHe
z0i|TDw%|&~5L<x818vC!QfR3fXe20AV>J>I@0ckH+2KY^3<T2`&<;@g!mxvt4d^Nc
Ob|8!an$iWt3=9CMoIkMu

diff --git a/spec/java_buildpack/framework/dynatrace_one_agent_spec.rb b/spec/java_buildpack/framework/dynatrace_one_agent_spec.rb
index 92841c3fac..d11e2e2944 100644
--- a/spec/java_buildpack/framework/dynatrace_one_agent_spec.rb
+++ b/spec/java_buildpack/framework/dynatrace_one_agent_spec.rb
@@ -50,18 +50,17 @@
 
       component.compile
 
-      expect(sandbox + 'agent/lib64/liboneagentloader.so').to exist
+      expect(sandbox + 'agent/lib64/liboneagentproc.so').to exist
       expect(sandbox + 'manifest.json').to exist
     end
 
-    it 'updates JAVA_OPTS with agent loader and share set to off',
+    it 'sets LD_PRELOAD with liboneagentproc',
        app_fixture: 'framework_dynatrace_one_agent' do
 
       component.release
 
-      expect(java_opts).to include('-agentpath:$PWD/.java-buildpack/dynatrace_one_agent/agent/lib64/' \
-                                   'liboneagentloader.so')
-      expect(java_opts).to include('-Xshare:off')
+      expect(environment_variables).to include('LD_PRELOAD=$PWD/.java-buildpack/dynatrace_one_agent/agent/lib64/' \
+                                              'liboneagentproc.so')
     end
 
     it 'updates environment variables',
@@ -112,7 +111,7 @@
 
         component.compile
 
-        expect(sandbox + 'agent/lib64/liboneagentloader.so').to exist
+        expect(sandbox + 'agent/lib64/liboneagentproc.so').to exist
         expect(sandbox + 'manifest.json').to exist
       end
     end

From a2f6d9637bb593febaf8c253ca61738a4619dea8 Mon Sep 17 00:00:00 2001
From: Johannes Mittendorfer <johannes.mittendorfer@dynatrace.com>
Date: Tue, 31 Oct 2023 13:13:19 +0100
Subject: [PATCH 2/6] Enable FIPS mode when requested

This adds an option to enable FIPS mode if enablefips is set.

OneAgent uses the FIPS mode to be compliant with the FIPS 140-3
computer security standard.
---
 docs/framework-dynatrace_one_agent.md           |  1 +
 .../framework/dynatrace_one_agent.rb            | 17 ++++++++++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/docs/framework-dynatrace_one_agent.md b/docs/framework-dynatrace_one_agent.md
index cf0d3cfa89..6a88ef5ac7 100644
--- a/docs/framework-dynatrace_one_agent.md
+++ b/docs/framework-dynatrace_one_agent.md
@@ -30,6 +30,7 @@ The credential payload of the service may contain the following entries:
 | `environmentid` | Your Dynatrace environment ID is the unique identifier of your Dynatrace environment. You can find it in the deploy Dynatrace section within your environment.
 | `networkzone` | (Optional) Network zones are Dynatrace entities that represent your network structure. They help you to route the traffic efficiently, avoiding unnecessary traffic across data centers and network regions. Enter the network zone you wish to pass to the server during the OneAgent Download.
 | `skiperrors` | (Optional) The errors during agent download are skipped and the injection is disabled. Use this option at your own risk. Possible values are 'true' and 'false'. This option is disabled by default!
+| `enablefips`| (Optional) Enables the use of [FIPS 140 cryptographic algorithms](https://docs.dynatrace.com/docs/shortlink/oneagentctl#fips-140). Possible values are 'true' and 'false'. This option is disabled by default!
 
 ## Configuration
 For general information on configuring the buildpack, including how to specify configuration values through environment variables, refer to [Configuration and Extension][].
diff --git a/lib/java_buildpack/framework/dynatrace_one_agent.rb b/lib/java_buildpack/framework/dynatrace_one_agent.rb
index 7e49899529..3914f7dd2c 100644
--- a/lib/java_buildpack/framework/dynatrace_one_agent.rb
+++ b/lib/java_buildpack/framework/dynatrace_one_agent.rb
@@ -71,6 +71,10 @@ def release
         environment_variables = @droplet.environment_variables
         environment_variables.add_environment_variable(LD_PRELOAD, agent_path(manifest))
 
+        if enable_fips?
+          File.delete(@droplet.sandbox + 'agent/dt_fips_disabled.flag')
+        end
+
         dynatrace_environment_variables(manifest)
       end
 
@@ -87,6 +91,8 @@ def supports?
 
       APITOKEN = 'apitoken'
 
+      ENABLE_FIPS = 'enablefips'
+
       DT_APPLICATION_ID = 'DT_APPLICATIONID'
 
       DT_CONNECTION_POINT = 'DT_CONNECTION_POINT'
@@ -109,8 +115,9 @@ def supports?
 
       SKIP_ERRORS = 'skiperrors'
 
-      private_constant :APIURL, :APITOKEN, :DT_APPLICATION_ID, :DT_CONNECTION_POINT, :DT_NETWORK_ZONE, :DT_LOGSTREAM,
-                       :DT_TENANT, :DT_TENANTTOKEN, :ENVIRONMENTID, :FILTER, :NETWORKZONE, :SKIP_ERRORS
+      private_constant :APIURL, :APITOKEN, :ENABLE_FIPS, :DT_APPLICATION_ID, :DT_CONNECTION_POINT, :DT_NETWORK_ZONE,
+                       :DT_LOGSTREAM, :DT_TENANT, :DT_TENANTTOKEN, :LD_PRELOAD, :ENVIRONMENTID, :FILTER, :NETWORKZONE,
+                       :SKIP_ERRORS
 
       def agent_download_url
         download_uri = "#{api_base_url(credentials)}/v1/deployment/installer/agent/unix/paas/latest?include=java" \
@@ -193,7 +200,11 @@ def logstream?
       end
 
       def skip_errors?
-        credentials[SKIP_ERRORS].to_b
+        credentials[SKIP_ERRORS] == "true"
+      end
+
+      def enable_fips?
+        credentials[ENABLE_FIPS] == "true"
       end
 
       def tenanttoken(manifest)

From a42f608d69b7c5c7f8179a8bd6369624f996b15c Mon Sep 17 00:00:00 2001
From: Johannes Mittendorfer <mail@jmittendorfer.at>
Date: Wed, 20 Dec 2023 14:32:01 +0100
Subject: [PATCH 3/6] Linter fixes

Co-authored-by: David O'Sullivan <31728678+pivotal-david-osullivan@users.noreply.github.com>
---
 lib/java_buildpack/framework/dynatrace_one_agent.rb | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/lib/java_buildpack/framework/dynatrace_one_agent.rb b/lib/java_buildpack/framework/dynatrace_one_agent.rb
index 3914f7dd2c..039b10da86 100644
--- a/lib/java_buildpack/framework/dynatrace_one_agent.rb
+++ b/lib/java_buildpack/framework/dynatrace_one_agent.rb
@@ -71,9 +71,7 @@ def release
         environment_variables = @droplet.environment_variables
         environment_variables.add_environment_variable(LD_PRELOAD, agent_path(manifest))
 
-        if enable_fips?
-          File.delete(@droplet.sandbox + 'agent/dt_fips_disabled.flag')
-        end
+        File.delete(@droplet.sandbox + 'agent/dt_fips_disabled.flag') if enable_fips?
 
         dynatrace_environment_variables(manifest)
       end

From 48d0e026934326d205be5d3cf039bed202383881 Mon Sep 17 00:00:00 2001
From: Johannes Mittendorfer <mail@jmittendorfer.at>
Date: Wed, 20 Dec 2023 14:32:13 +0100
Subject: [PATCH 4/6] Linter fixes

Co-authored-by: David O'Sullivan <31728678+pivotal-david-osullivan@users.noreply.github.com>
---
 lib/java_buildpack/framework/dynatrace_one_agent.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/java_buildpack/framework/dynatrace_one_agent.rb b/lib/java_buildpack/framework/dynatrace_one_agent.rb
index 039b10da86..126ccc9524 100644
--- a/lib/java_buildpack/framework/dynatrace_one_agent.rb
+++ b/lib/java_buildpack/framework/dynatrace_one_agent.rb
@@ -198,7 +198,7 @@ def logstream?
       end
 
       def skip_errors?
-        credentials[SKIP_ERRORS] == "true"
+        credentials[SKIP_ERRORS] == 'true'
       end
 
       def enable_fips?

From 0490c5d82edd2faa33a8a5eb10cc1c73e0662091 Mon Sep 17 00:00:00 2001
From: Johannes Mittendorfer <mail@jmittendorfer.at>
Date: Wed, 20 Dec 2023 14:32:27 +0100
Subject: [PATCH 5/6] Linter fixes

Co-authored-by: David O'Sullivan <31728678+pivotal-david-osullivan@users.noreply.github.com>
---
 lib/java_buildpack/framework/dynatrace_one_agent.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/java_buildpack/framework/dynatrace_one_agent.rb b/lib/java_buildpack/framework/dynatrace_one_agent.rb
index 126ccc9524..23206f26d2 100644
--- a/lib/java_buildpack/framework/dynatrace_one_agent.rb
+++ b/lib/java_buildpack/framework/dynatrace_one_agent.rb
@@ -202,7 +202,7 @@ def skip_errors?
       end
 
       def enable_fips?
-        credentials[ENABLE_FIPS] == "true"
+        credentials[ENABLE_FIPS] == 'true'
       end
 
       def tenanttoken(manifest)

From 4b1f6ca709b23a3905fe5b916644c7329a630a42 Mon Sep 17 00:00:00 2001
From: Johannes Mittendorfer <mail@jmittendorfer.at>
Date: Wed, 20 Dec 2023 14:32:36 +0100
Subject: [PATCH 6/6] Linter fixes

Co-authored-by: David O'Sullivan <31728678+pivotal-david-osullivan@users.noreply.github.com>
---
 spec/java_buildpack/framework/dynatrace_one_agent_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/java_buildpack/framework/dynatrace_one_agent_spec.rb b/spec/java_buildpack/framework/dynatrace_one_agent_spec.rb
index d11e2e2944..53c686a1ce 100644
--- a/spec/java_buildpack/framework/dynatrace_one_agent_spec.rb
+++ b/spec/java_buildpack/framework/dynatrace_one_agent_spec.rb
@@ -60,7 +60,7 @@
       component.release
 
       expect(environment_variables).to include('LD_PRELOAD=$PWD/.java-buildpack/dynatrace_one_agent/agent/lib64/' \
-                                              'liboneagentproc.so')
+                                               'liboneagentproc.so')
     end
 
     it 'updates environment variables',