Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: IMDS support for providing custom endpoint #2859

Merged
merged 1 commit into from
Jan 23, 2024
Merged

feat: IMDS support for providing custom endpoint #2859

merged 1 commit into from
Jan 23, 2024

Conversation

yenfryherrerafeliz
Copy link
Contributor

When using IMDS for fetching credentials, customers should be able to provide their custom endpoint when desired, and that is what this change does. Basically, customer can provide a custom endpoint by doing one of the following options: Please note that a valid URI value needs to be provided, otherwise a credential exception will be thrown.

  • Providing a parameter called 'ec2_metadata_service_endpoint' to the constructor of the InstanceProfileProvider.
  • By setting an environment variable called AWS_EC2_METADATA_SERVICE_ENDPOINT.
  • By defining a key-value config in the config file ~/.aws/config

Issue #2847

Description of changes:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@yenfryherrerafeliz yenfryherrerafeliz force-pushed the feat_imds_endpoint_support branch 2 times, most recently from ef0e401 to c4a0032 Compare December 19, 2023 00:21
stobrien89
stobrien89 requested changes Dec 19, 2023
View reviewed changes
tests/Credentials/InstanceProfileProviderTest.php Outdated Show resolved Hide resolved
src/Credentials/InstanceProfileProvider.php Outdated Show resolved Hide resolved
src/Credentials/Utils/Validator.php Outdated Show resolved Hide resolved
src/Credentials/Utils/Validator.php Outdated Show resolved Hide resolved
src/Credentials/InstanceProfileProvider.php Outdated Show resolved Hide resolved
src/Credentials/Utils/Validator.php Outdated Show resolved Hide resolved
tests/Credentials/InstanceProfileProviderTest.php Outdated Show resolved Hide resolved
@yenfryherrerafeliz yenfryherrerafeliz force-pushed the feat_imds_endpoint_support branch 2 times, most recently from 24dd452 to 5f00d26 Compare December 22, 2023 17:53
stobrien89
stobrien89 requested changes Dec 22, 2023
View reviewed changes
src/Credentials/InstanceProfileProvider.php Outdated Show resolved Hide resolved
src/Credentials/InstanceProfileProvider.php Outdated Show resolved Hide resolved
src/Credentials/InstanceProfileProvider.php Show resolved Hide resolved
src/Credentials/InstanceProfileProvider.php Outdated Show resolved Hide resolved
tests/Credentials/InstanceProfileProviderTest.php Show resolved Hide resolved
@yenfryherrerafeliz yenfryherrerafeliz force-pushed the feat_imds_endpoint_support branch 3 times, most recently from 5030383 to dba5d78 Compare January 8, 2024 21:18
stobrien89
stobrien89 requested changes Jan 11, 2024
View reviewed changes
Copy link
Member

@stobrien89 stobrien89 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few minor things

src/Credentials/InstanceProfileProvider.php Outdated Show resolved Hide resolved
src/Credentials/CredentialsUtils.php Show resolved Hide resolved
src/Credentials/InstanceProfileProvider.php Outdated Show resolved Hide resolved
src/Credentials/InstanceProfileProvider.php Outdated Show resolved Hide resolved
@yenfryherrerafeliz yenfryherrerafeliz force-pushed the feat_imds_endpoint_support branch 2 times, most recently from 6393d1e to 5d6492f Compare January 11, 2024 23:04
@yenfryherrerafeliz yenfryherrerafeliz marked this pull request as ready for review January 17, 2024 18:48
@yenfryherrerafeliz yenfryherrerafeliz force-pushed the feat_imds_endpoint_support branch 2 times, most recently from 0c6ec87 to 3454eb1 Compare January 18, 2024 17:55
stobrien89
stobrien89 requested changes Jan 18, 2024
View reviewed changes
Copy link
Member

@stobrien89 stobrien89 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. We should add a CredentialsUtilsTest class and test the isLoopbackAddress method directly. After that, I think we're ready to ship.

src/Credentials/CredentialsUtils.php Show resolved Hide resolved
stobrien89
stobrien89 requested changes Jan 22, 2024
View reviewed changes
Copy link
Member

@stobrien89 stobrien89 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two more minor things

src/Credentials/InstanceProfileProvider.php Show resolved Hide resolved
src/Credentials/InstanceProfileProvider.php Outdated Show resolved Hide resolved
@yenfryherrerafeliz
feat: IMDS support for providing custom endpoint
21a1125 
When using IMDS for fetching credentials, customers should be able to provide their custom endpoint when desired, and that is what this change does. Basically, customer can provide a custom endpoint by doing one of the following options:
Please note that a valid URI value needs to be provided as endpoint, otherwise a credential exception will be thrown.
- Providing a parameter called 'ec2_metadata_service_endpoint' to the constructor of the InstanceProfileProvider.
- By setting an environment variable called AWS_EC2_METADATA_SERVICE_ENDPOINT with the desired custom endpoint.
- By defining a key-value config in the config file ~/.aws/config where its key is ec2_metadata_service_endpoint and its value is the desired custom endpoint.

This commit also includes customizing the endpoint mode, which is used to change how the default endpoint is resolved. The valid endpoint mode are IPv4 and IPv6. Here are the different options for setting the endpoint mode:
- Providing a parameter called 'ec2_metadata_service_endpoint_mode' in the constructor parameters for InstanceProfileProvider.
- By setting an environment variable called AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE with the desired custom endpoint mode.
- By defining a key-value config in the config file ~/.aws/config where its key is ec2_metadata_service_endpoint_mode and its value is the desired custom endpoint mode.
Please note that the reason why the parameter we pass in the constructor is not 'endpoint' is because the parameter name conflicts with service client configurations, and when using the default credential resolution internally we pass the client configuration to the credential provider, and if a custom endpoint was provided for the service client it will also pass this custom endpoint to the IMDS credential provider, which will make it to fail.
@stobrien89 stobrien89 merged commit a85127e into aws:master Jan 23, 2024
15 checks passed
@stobrien89 stobrien89 mentioned this pull request Jan 23, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stobrien89 stobrien89 stobrien89 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yenfryherrerafeliz @stobrien89