Migrate dynatrace integration to LD_PRELOAD and support FIPS mode #1041
Conversation
joushx
changed the title
joushx
force-pushed
the
main
branch
6 times, most recently
from
49e08c2 to
955d616
Compare
joushx
changed the title
Gerg
requested review from
anthonydahanne,
dmikusa and
pivotal-david-osullivan
| technologies = manifest['technologies'] | ||
| java_binaries = technologies['java']['linux-x86-64'] | ||
| loader = java_binaries.find { |bin| bin['binarytype'] == 'loader' } | ||
| java_binaries = technologies['process']['linux-x86-64'] |
There was a problem hiding this comment.
why change from java to process ?
There was a problem hiding this comment.
The use of java is for historical reasons. process is now the default and also used in other buildpacks (e.g. https://github.com/Dynatrace/libbuildpack-dynatrace/blob/master/hook.go#L403)
|
|
||
| def skip_errors? | ||
| credentials[SKIP_ERRORS].to_b | ||
| credentials[SKIP_ERRORS] == "true" |
There was a problem hiding this comment.
why ignoring credentials[SKIP_ERRORS] ?
There was a problem hiding this comment.
sorry my mistake ; should be the same - why the change though?
There was a problem hiding this comment.
We found that the method was not working in the way we expected it (see https://try.ruby-lang.org/playground/#code=class+String%0A++def+to_b%0A++++casecmp+'true'%0A++end%0Aend%0A%0Aif+%22false%22.to_b%0A++puts+%22yes%22%0Aend&engine=cruby-3.2.0).
Also, from my understanding it would match against "t" or other parts of "true". Which contradicts the information in our documentation.
| end | ||
|
|
||
| def enable_fips? | ||
| credentials[ENABLE_FIPS] == "true" |
There was a problem hiding this comment.
same, why is it unconditional?
There was a problem hiding this comment.
sorry my mistake - all is fine!
|
@dmikusa @pivotal-david-osullivan Could you please take a look? We have some customers who want to switch to the updated buildpack by end of year. |
|
@meibensteiner Hi, sorry for the delay. The PR looks OK but it has to go through some manual testing. Testing with the CF JBP is time-consuming, but helps ensure we don't have any regressions. Once that's done we'll move forward and get it merged. Thanks in advance for your patience. |
|
Hi @dmikusa , |
|
@TimGerlach |
|
@dmikusa , @pivotal-david-osullivan I could test this change, using: and using my own Dynatrace trial account - everything still worked fine,see screenshots You'll need to rebase this branch though before merging; it's pretty far behind now. Thanks @joushx for your patience! |
Migrate the dnytrace integration to use the LD_PRELOAD method as used within other buildpacks. * Set LD_PRELOAD environment variable instead of java options * adapt tests and test fixtures
This adds an option to enable FIPS mode if enablefips is set. OneAgent uses the FIPS mode to be compliant with the FIPS 140-3 computer security standard.
|
Nice, thank you! I just did the rebase. |
Co-authored-by: David O'Sullivan <[email protected]>
Co-authored-by: David O'Sullivan <[email protected]>
Co-authored-by: David O'Sullivan <[email protected]>
Co-authored-by: David O'Sullivan <[email protected]>
|
Linter suggestions applied |
7 participants
Migrate the dnytrace integration to use the LD_PRELOAD method as used within other buildpacks and support FIPS mode.