Skip to content

Commit

Permalink
Fix IMDS utilities to use port from configured endpoints (#2998)
Browse files Browse the repository at this point in the history
  • Loading branch information
@mullermp
mullermp authored Mar 26, 2024
1 parent 64ad62e commit af3be9c
Show file tree
Hide file tree
Showing 5 changed files with 83 additions and 44 deletions.
2 changes: 2 additions & 0 deletions gems/aws-sdk-core/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
Unreleased Changes
------------------

* Issue - Fix `EC2Metadata` and `InstanceProfileCredentials` to respect the port from a configured endpoint from code, ENV, or shared config.

3.191.4 (2024-03-15)
------------------

Expand Down
2 changes: 1 addition & 1 deletion gems/aws-sdk-core/lib/aws-sdk-core/ec2_metadata.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ def http_put(connection, ttl)

def open_connection
uri = URI.parse(@endpoint)
http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port)
http = Net::HTTP.new(uri.hostname || @endpoint, uri.port || @port)
http.open_timeout = @http_open_timeout
http.read_timeout = @http_read_timeout
http.set_debug_output(@http_debug_output) if @http_debug_output
Expand Down
2 changes: 1 addition & 1 deletion gems/aws-sdk-core/lib/aws-sdk-core/instance_profile_credentials.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -262,7 +262,7 @@ def _metadata_disabled?

def open_connection
uri = URI.parse(@endpoint)
http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port)
http = Net::HTTP.new(uri.hostname || @endpoint, uri.port || @port)
http.open_timeout = @http_open_timeout
http.read_timeout = @http_read_timeout
http.set_debug_output(@http_debug_output) if @http_debug_output
Expand Down
42 changes: 30 additions & 12 deletions gems/aws-sdk-core/spec/aws/ec2_metadata_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,25 +21,43 @@ def stub_get_token(token_value = 'my-token')
end

context 'endpoint configuration' do
it 'can be configured without a scheme' do
client = EC2Metadata.new(endpoint: '123.123.123.123')
expect(client.instance_variable_get(:@endpoint))
.to eq('123.123.123.123')
let(:endpoint) { 'http://123.123.123.123:9001' }

it 'uses endpoint with a scheme and custom port' do
token = stub_get_token
client = EC2Metadata.new(endpoint: endpoint)
stub_request(
:get, "#{endpoint}/latest/meta-data/foo"
).with(
headers: { 'x-aws-ec2-metadata-token' => token }
)
client.get(metadata_path)
end

it 'can be configured with a scheme' do
client = EC2Metadata.new(endpoint: 'http://123.123.123.123')
expect(client.instance_variable_get(:@endpoint))
.to eq('http://123.123.123.123')
it 'uses endpoint without a scheme and a configured port' do
uri = URI(endpoint)
token = stub_get_token
client = EC2Metadata.new(endpoint: uri.hostname, port: uri.port)
stub_request(
:get, "#{endpoint}/latest/meta-data/foo"
).with(
headers: { 'x-aws-ec2-metadata-token' => token }
)
client.get(metadata_path)
end

it 'takes precedence over endpoint mode' do
it 'endpoint takes precedence over endpoint mode' do
token = stub_get_token
client = EC2Metadata.new(
endpoint_mode: 'IPv6',
endpoint: '123.123.123.123'
endpoint: endpoint
)
expect(client.instance_variable_get(:@endpoint))
.to eq('123.123.123.123')
stub_request(
:get, "#{endpoint}/latest/meta-data/foo"
).with(
headers: { 'x-aws-ec2-metadata-token' => token }
)
client.get(metadata_path)
end
end

Expand Down
79 changes: 49 additions & 30 deletions gems/aws-sdk-core/spec/aws/instance_profile_credentials_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,36 +54,6 @@ module Aws
end
end

describe 'endpoint configuration' do
before do
allow_any_instance_of(InstanceProfileCredentials).to receive(:refresh)
end

it 'can be configured without a scheme' do
subject = InstanceProfileCredentials.new(
endpoint: '123.123.123.123'
)
expect(subject.instance_variable_get(:@endpoint))
.to eq '123.123.123.123'
end

it 'can be configured with a scheme' do
subject = InstanceProfileCredentials.new(
endpoint: 'http://123.123.123.123'
)
expect(subject.instance_variable_get(:@endpoint))
.to eq 'http://123.123.123.123'
end

it 'still supports ip_address' do
subject = InstanceProfileCredentials.new(
ip_address: '123.123.123.123'
)
expect(subject.instance_variable_get(:@endpoint))
.to eq '123.123.123.123'
end
end

describe 'endpoint resolution' do
let(:endpoint) { 'http://123.123.123.123' }

Expand Down Expand Up @@ -144,6 +114,55 @@ module Aws
end
end

describe 'endpoint configuration' do
let(:ipv4_endpoint) { 'http://123.123.123.123:9001' }

before do
stub_request(:put, "#{ipv4_endpoint}#{token_path}")
.to_return(
status: 200,
body: "my-token\n",
headers: { 'x-aws-ec2-metadata-token-ttl-seconds' => '21600' }
)
stub_request(:get, "#{ipv4_endpoint}#{path}")
.with(headers: { 'x-aws-ec2-metadata-token' => 'my-token' })
.to_return(status: 200, body: "profile-name\n")
stub_request(:get, "#{ipv4_endpoint}#{path}profile-name")
.with(headers: { 'x-aws-ec2-metadata-token' => 'my-token' })
.to_return(status: 200, body: '{}')
end

it 'uses endpoint with a scheme and custom port' do
InstanceProfileCredentials.new(endpoint: ipv4_endpoint, backoff: 0)
end

it 'uses endpoint without a scheme and a configured port' do
uri = URI(ipv4_endpoint)
InstanceProfileCredentials.new(
endpoint: uri.hostname,
port: uri.port,
backoff: 0
)
end

it 'still supports ip_address' do
uri = URI(ipv4_endpoint)
InstanceProfileCredentials.new(
ip_address: uri.hostname,
port: uri.port,
backoff: 0
)
end

it 'endpoint takes precedence over endpoint mode' do
InstanceProfileCredentials.new(
endpoint: ipv4_endpoint,
endpoint_mode: 'IPv6',
backoff: 0
)
end
end

describe 'disable imds v1 resolution' do
let(:disable_imds_v1) { true }

Expand Down

0 comments on commit af3be9c

Please sign in to comment.