@platformatic/watt-extra 1.13.0-alpha.0 → 1.13.0-alpha.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@platformatic/watt-extra",
-  "version": "1.13.0-alpha.0",
+  "version": "1.13.0-alpha.2",
   "description": "The Platformatic runtime manager",
   "type": "module",
   "scripts": {

package/plugins/auth.js

@@ -23,12 +23,6 @@ function isTokenExpired (token, offset = 0) {
   return payload.exp <= Math.floor(Date.now() / 1000) + offset
 }
 
-function detectProvider () {
-  if (process.env.ECS_CONTAINER_METADATA_URI_V4) return 'ecs'
-  if (process.env.KUBERNETES_SERVICE_HOST) return 'k8s'
-  return 'k8s' // safe default
-}
-
 async function loadK8sToken (log) {
   let token
   try {
@@ -54,7 +48,12 @@ async function resolveEcsIdentity (log) {
     if (!res.ok) throw new Error(`status ${res.status}`)
     const meta = await res.json()
     const id = meta.TaskARN?.split('/').pop()
-    const namespace = meta.Cluster
+    // meta.Cluster may be either the short name or the full cluster ARN
+    // (e.g. 'arn:aws:ecs:us-east-1:123456789012:cluster/my-cluster'). We
+    // strip down to the short name so callers can interpolate it into
+    // URL paths without producing extra path segments.
+    const cluster = meta.Cluster
+    const namespace = cluster?.includes('/') ? cluster.split('/').pop() : cluster
     if (!id || !namespace) throw new Error('TaskARN or Cluster missing in metadata')
     log.info({ id, namespace }, 'Resolved ECS task identity')
     return { id, namespace }
@@ -105,9 +104,8 @@ async function createEcsStrategy (app) {
 async function authPlugin (app) {
   // 1 min offset to refresh the token before it actually expires.
   const offset = parseInt(process.env.PLT_JWT_EXPIRATION_OFFSET_SEC ?? 0)
-  const provider = detectProvider()
 
-  const getProviderHeaders = provider === 'ecs'
+  const getProviderHeaders = app.provider === 'ecs'
     ? await createEcsStrategy(app)
     : await createK8sStrategy(app, offset)
 

package/plugins/env.js

@@ -63,6 +63,7 @@ async function envPlugin (app) {
     ...env
   }
 
+  app.provider = process.env.ECS_CONTAINER_METADATA_URI_V4 ? 'ecs' : 'k8s'
   app.log.info('Environment variables set up')
 }
 

package/plugins/init.js

@@ -24,7 +24,7 @@ async function initPlugin (app) {
 
     let applicationName = app.env.PLT_APP_NAME
     const applicationDir = app.env.PLT_APP_DIR
-    const instanceId = os.hostname()
+    const instanceId = app.provider === 'k8s' ? os.hostname() : app.machineIdentity?.id
 
     app.log.info({ applicationName, applicationDir }, 'Loading watt-extra application')
 
@@ -73,7 +73,7 @@ async function initPlugin (app) {
     if (!app.applicationName) {
       app.applicationName = app.env.PLT_APP_NAME
       app.instanceConfig = null
-      app.instanceId = os.hostname()
+      app.instanceId = app.provider === 'k8s' ? os.hostname() : app.machineIdentity?.id
     }
   }
   const watt = new Watt(app)

package/test/auth.test.js

@@ -5,8 +5,9 @@ import { request } from 'undici'
 import { setUpEnvironment, createJwtToken } from './helper.js'
 import authPlugin from '../plugins/auth.js'
 
-const createMockApp = () => {
+const createMockApp = (provider = 'k8s') => {
   return {
+    provider,
     log: {
       info: () => {},
       warn: () => {},
@@ -188,8 +189,6 @@ test('auth plugin sends ECS identity headers when running on ECS', async (t) =>
   const metadataUrl = `http://localhost:${metadata.server.address().port}`
   t.after(() => metadata.close())
 
-  // Make detectProvider() pick ECS.
-  delete process.env.KUBERNETES_SERVICE_HOST
   process.env.ECS_CONTAINER_METADATA_URI_V4 = metadataUrl
 
   const server = fastify()
@@ -200,7 +199,7 @@ test('auth plugin sends ECS identity headers when running on ECS', async (t) =>
   const url = `http://localhost:${server.server.address().port}`
   t.after(() => server.close())
 
-  const app = createMockApp()
+  const app = createMockApp('ecs')
   await authPlugin(app)
 
   equal(app.machineIdentity?.id, 'abcdef0123', 'Task id should be the TaskARN suffix')
@@ -215,3 +214,42 @@ test('auth plugin sends ECS identity headers when running on ECS', async (t) =>
   equal(responseBody.headers['x-ecs-cluster'], 'my-cluster')
   equal(responseBody.headers.authorization, undefined, 'No Authorization header on ECS')
 })
+
+test('auth plugin strips cluster ARN to short name in x-ecs-cluster header', async (t) => {
+  const originalEnv = { ...process.env }
+
+  t.after(() => {
+    process.env = originalEnv
+  })
+
+  // ECS task metadata sometimes returns the full cluster ARN in the Cluster
+  // field. ICC interpolates this value into URL paths, so the short name
+  // (which contains no slashes) is the only safe form to send.
+  const metadata = fastify()
+  metadata.get('/task', async () => ({
+    TaskARN: 'arn:aws:ecs:us-east-1:123456789012:task/my-cluster/abcdef0123',
+    Cluster: 'arn:aws:ecs:us-east-1:123456789012:cluster/my-cluster'
+  }))
+  await metadata.listen({ port: 0 })
+  const metadataUrl = `http://localhost:${metadata.server.address().port}`
+  t.after(() => metadata.close())
+
+  process.env.ECS_CONTAINER_METADATA_URI_V4 = metadataUrl
+
+  const server = fastify()
+  server.get('/', async (request) => {
+    return { headers: request.headers }
+  })
+  await server.listen({ port: 0 })
+  const url = `http://localhost:${server.server.address().port}`
+  t.after(() => server.close())
+
+  const app = createMockApp('ecs')
+  await authPlugin(app)
+
+  equal(app.machineIdentity?.namespace, 'my-cluster', 'Namespace should be stripped to cluster short name')
+
+  const response = await request(url, { dispatcher: app.dispatcher })
+  const responseBody = await response.body.json()
+  equal(responseBody.headers['x-ecs-cluster'], 'my-cluster')
+})

package/test/init.test.js

@@ -5,7 +5,7 @@ import { randomUUID } from 'node:crypto'
 import { startICC } from './helper.js'
 import initPlugin from '../plugins/init.js'
 
-const createMockApp = (env = {}) => {
+const createMockApp = (env = {}, overrides = {}) => {
   const logMessages = []
   return {
     env: {
@@ -21,7 +21,9 @@ const createMockApp = (env = {}) => {
       error: () => {}
     },
     getAuthorizationHeaders: async () => 'Bearer test-token',
-    logMessages
+    provider: 'k8s',
+    logMessages,
+    ...overrides
   }
 }
 
@@ -194,6 +196,53 @@ test('init plugin sends correct request structure when PLT_APP_NAME provided', a
   equal(capturedRequest.body.apiVersion, 'v3')
 })
 
+test('init plugin uses machineIdentity.id as podId when provider is ecs', async (t) => {
+  const applicationName = 'test-app-ecs'
+  const applicationId = randomUUID()
+  const taskId = 'abcdef0123456789'
+
+  let capturedRequest = null
+
+  const icc = await startICC(t, {
+    applicationId,
+    controlPlaneResponse: (req) => {
+      capturedRequest = {
+        params: req.params,
+        body: req.body
+      }
+      return {
+        applicationId,
+        applicationName,
+        iccServices: {
+          riskEngine: { url: 'http://127.0.0.1:3000/risk-service' },
+          trafficInspector: { url: 'http://127.0.0.1:3000/traffic-inspector' },
+          compliance: { url: 'http://127.0.0.1:3000/compliance' },
+          cron: { url: 'http://127.0.0.1:3000/cron' },
+          scaler: { url: 'http://127.0.0.1:3000/scaler' }
+        },
+        config: {}
+      }
+    }
+  })
+
+  t.after(async () => {
+    await icc.close()
+  })
+
+  const app = createMockApp(
+    { PLT_APP_NAME: applicationName, PLT_APP_DIR: '/test/dir' },
+    { provider: 'ecs', machineIdentity: { id: taskId, namespace: 'my-cluster' } }
+  )
+
+  await initPlugin(app)
+
+  // The podId in URL and body must be the ECS task id, not os.hostname()
+  // (which on ECS Fargate contains dots and would break ICC's URL routing).
+  equal(capturedRequest.params.podId, taskId)
+  equal(capturedRequest.body.podId, taskId)
+  equal(app.instanceId, taskId)
+})
+
 test('init plugin sends request without applicationName when not provided', async (t) => {
   const applicationName = 'test-app-no-name'
   const applicationId = randomUUID()