From 9b7955ac4f4822800a83bcc944df30aa2a990bc9 Mon Sep 17 00:00:00 2001
From: Samuel Karp <skarp@amazon.com>
Date: Wed, 29 Jul 2020 13:45:25 -0700
Subject: [PATCH] aws-ecs-1: add configurable logging drivers

The new ecs.logging-drivers setting controls the list of logging drivers
available for use with ECS.  The defaults are "json-file", "awslogs", and
"none".  Other logging drivers (such as those installed via a plugin) can be
enabled.  The default set of logging drivers can be reduced or removed to
implement policy for allowable logging drivers in a cluster.
---
 sources/api/ecs-settings-applier/src/main.rs        | 9 +++++++++
 sources/models/src/aws-ecs-1/override-defaults.toml | 1 +
 sources/models/src/lib.rs                           | 1 +
 3 files changed, 11 insertions(+)

diff --git a/sources/api/ecs-settings-applier/src/main.rs b/sources/api/ecs-settings-applier/src/main.rs
index 4d53540d639..74ec65a11a8 100644
--- a/sources/api/ecs-settings-applier/src/main.rs
+++ b/sources/api/ecs-settings-applier/src/main.rs
@@ -30,6 +30,9 @@ struct ECSConfig {
 
     #[serde(skip_serializing_if = "Option::is_none")]
     privileged_disabled: Option<bool>,
+
+    #[serde(skip_serializing_if = "std::vec::Vec::is_empty")]
+    available_logging_drivers: Vec<String>,
 }
 
 // Returning a Result from main makes it print a Debug representation of the error, but with Snafu
@@ -58,6 +61,12 @@ fn run() -> Result<()> {
     let mut config = ECSConfig {
         cluster: ecs.cluster,
         privileged_disabled: ecs.allow_privileged_containers.map(|s| !s),
+        available_logging_drivers: ecs
+            .logging_drivers
+            .unwrap_or_default()
+            .iter()
+            .map(|s| s.to_string())
+            .collect(),
         ..Default::default()
     };
     if let Some(os) = settings.os {
diff --git a/sources/models/src/aws-ecs-1/override-defaults.toml b/sources/models/src/aws-ecs-1/override-defaults.toml
index c78287256b4..34c3256b5d6 100644
--- a/sources/models/src/aws-ecs-1/override-defaults.toml
+++ b/sources/models/src/aws-ecs-1/override-defaults.toml
@@ -12,3 +12,4 @@ affected-services = ["ecs"]
 
 [settings.ecs]
 allow-privileged-containers = false
+logging-drivers = ["json-file", "awslogs", "none"]
diff --git a/sources/models/src/lib.rs b/sources/models/src/lib.rs
index eab3b181c2d..37118666ef7 100644
--- a/sources/models/src/lib.rs
+++ b/sources/models/src/lib.rs
@@ -111,6 +111,7 @@ struct ECSSettings {
     cluster: String,
     instance_attributes: HashMap<ECSAttributeKey, ECSAttributeValue>,
     allow_privileged_containers: bool,
+    logging_drivers: Vec<SingleLineString>,
 }
 
 // Update settings. Taken from userdata. The 'seed' setting is generated