Skip to content

Conversation

@trivikr
Copy link
Member

@trivikr trivikr commented Aug 11, 2021

Issue

Internal JS-2759

Description

Adds support for IMDS IPv6 endpoints

Testing

Testing was done by printing hostname as follows:

@@ -52,6 +52,7 @@ export const fromInstanceMetadata = (init: RemoteProviderInit = {}): CredentialP

   return async () => {
     const endpoint = await getInstanceMetadataEndpoint();
+    console.log({ hostname: endpoint.hostname });
     if (disableFetchToken) {
       return getCredentials(maxRetries, { ...endpoint, timeout });
     } else {

Environment variables

Code
import { fromInstanceMetadata } from "./aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/index.js";
  
const ENV_ENDPOINT_NAME = "AWS_EC2_METADATA_SERVICE_ENDPOINT";
const ENV_ENDPOINT_MODE_NAME = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE";

const testCredentials = async () => {
  const credentials = await fromInstanceMetadata()();
  console.log({
    credentialsFetchSuccess:
      credentials.accessKeyId && credentials.secretAccessKey ? true : false,
  });
};

const testEndpoint = async () => {
  console.log(
    `\nprocess.env[${ENV_ENDPOINT_NAME}]: ${process.env[ENV_ENDPOINT_NAME]}`
  );
  try {
    await testCredentials();
  } catch (err) {
    console.log({ err });
  }
};

const testEndpointMode = async () => {
  console.log(
    `\nprocess.env[${ENV_ENDPOINT_MODE_NAME}]: ${process.env[ENV_ENDPOINT_MODE_NAME]}`
  );
  try {
    await testCredentials();
  } catch (err) {
    console.log({ err });
  }
};

await testEndpoint();
const endpoints = [
  "http://169.254.169.254",
  "http://[fd00:ec2::254]",
  "invalidEndpoint",
];
for (const endpoint of endpoints) {
  process.env[ENV_ENDPOINT_NAME] = endpoint;
  await testEndpoint();
}
delete process.env[ENV_ENDPOINT_NAME];

await testEndpointMode();
const endpointModes = ["IPv4", "IPv6", "invalidEndpointMode"];
for (const endpointMode of endpointModes) {
  process.env[ENV_ENDPOINT_MODE_NAME] = endpointMode;
  await testEndpointMode();
}
delete process.env[ENV_ENDPOINT_MODE_NAME];
Output
process.env[AWS_EC2_METADATA_SERVICE_ENDPOINT]: undefined
{ hostname: '169.254.169.254' }
{ credentialsFetchSuccess: true }

process.env[AWS_EC2_METADATA_SERVICE_ENDPOINT]: http://169.254.169.254
{ hostname: '169.254.169.254' }
{ credentialsFetchSuccess: true }

process.env[AWS_EC2_METADATA_SERVICE_ENDPOINT]: http://[fd00:ec2::254]
{ hostname: '[fd00:ec2::254]' }
{ credentialsFetchSuccess: true }

process.env[AWS_EC2_METADATA_SERVICE_ENDPOINT]: invalidEndpoint
{
  err: TypeError [ERR_INVALID_URL]: Invalid URL: invalidEndpoint
      at onParseError (internal/url.js:279:9)
      at new URL (internal/url.js:355:5)
      at Object.parseUrl (/home/ec2-user/js/imds/aws-sdk-js-v3/packages/url-parser/dist/cjs/index.js:6:60)
      at Object.getInstanceMetadataEndpoint (/home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/utils/getInstanceMetadataEndpoint.js:27:62)
      at processTicksAndRejections (internal/process/task_queues.js:95:5)
      at async /home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/fromInstanceMetadata.js:49:26
      at async testCredentials (file:///home/ec2-user/js/imds/test-v3.mjs:7:23)
      at async testEndpoint (file:///home/ec2-user/js/imds/test-v3.mjs:19:5)
      at async file:///home/ec2-user/js/imds/test-v3.mjs:44:3 {
    input: 'invalidEndpoint',
    code: 'ERR_INVALID_URL'
  }
}

process.env[AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE]: undefined
{ hostname: '169.254.169.254' }
{ credentialsFetchSuccess: true }

process.env[AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE]: IPv4
{ hostname: '169.254.169.254' }
{ credentialsFetchSuccess: true }

process.env[AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE]: IPv6
{ hostname: '[fd00:ec2::254]' }
{ credentialsFetchSuccess: true }

process.env[AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE]: invalidEndpointMode
{
  err: Error: Unsupported endpoint mode: invalidEndpointMode. Select from IPv4,IPv6
      at getFromEndpointModeConfig (/home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/utils/getInstanceMetadataEndpoint.js:38:19)
      at async Object.getInstanceMetadataEndpoint (/home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/utils/getInstanceMetadataEndpoint.js:27:107)
      at async /home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/fromInstanceMetadata.js:49:26
      at async testCredentials (file:///home/ec2-user/js/imds/test-v3.mjs:7:23)
      at async testEndpointMode (file:///home/ec2-user/js/imds/test-v3.mjs:30:5)
      at async file:///home/ec2-user/js/imds/test-v3.mjs:52:3
}

Shared ini configuration

Config
[profile imds_mode_v4]
ec2_metadata_service_endpoint_mode=IPv4

[profile imds_mode_v6]
ec2_metadata_service_endpoint_mode=IPv6

[profile imds_mode_invalid]
ec2_metadata_service_endpoint_mode=invalid

[profile imds_endpoint_v4]
ec2_metadata_service_endpoint=http://169.254.169.254

[profile imds_endpoint_v6]
ec2_metadata_service_endpoint=http://[fd00:ec2::254]

[profile imds_endpoint_invalid]
ec2_metadata_service_endpoint=invalid
Code
import { fromInstanceMetadata } from "./aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/index.js";

try {
  const credentials = await fromInstanceMetadata()();
  console.log({
    credentialsFetchSuccess:
      credentials.accessKeyId && credentials.secretAccessKey ? true : false,
  });
} catch (err) {
  console.log({ err });
}
Output
$ node test-v3.config.mjs 
{ hostname: '169.254.169.254' }
{ credentialsFetchSuccess: true }

$ AWS_PROFILE=imds_mode_v4 node test-v3.config.mjs 
{ hostname: '169.254.169.254' }
{ credentialsFetchSuccess: true }

$ AWS_PROFILE=imds_mode_v6 node test-v3.config.mjs 
{ hostname: '[fd00:ec2::254]' }
{ credentialsFetchSuccess: true }

$ AWS_PROFILE=imds_mode_invalid node test-v3.config.mjs
{
  err: Error: Unsupported endpoint mode: invalid. Select from IPv4,IPv6
      at getFromEndpointModeConfig (/home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/utils/getInstanceMetadataEndpoint.js:38:19)
      at async Object.getInstanceMetadataEndpoint (/home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/utils/getInstanceMetadataEndpoint.js:27:107)
      at async /home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/fromInstanceMetadata.js:49:26
      at async file:///home/ec2-user/js/imds/test-v3.config.mjs:4:23
}

$ AWS_PROFILE=imds_endpoint_v4 node test-v3.config.mjs
{ hostname: '169.254.169.254' }
{ credentialsFetchSuccess: true }

$ AWS_PROFILE=imds_endpoint_v6 node test-v3.config.mjs
{ hostname: '[fd00:ec2::254]' }
{ credentialsFetchSuccess: true }

$ AWS_PROFILE=imds_endpoint_invalid node test-v3.config.mjs
{
  err: TypeError [ERR_INVALID_URL]: Invalid URL: invalid
      at onParseError (internal/url.js:279:9)
      at new URL (internal/url.js:355:5)
      at Object.parseUrl (/home/ec2-user/js/imds/aws-sdk-js-v3/packages/url-parser/dist/cjs/index.js:6:60)
      at Object.getInstanceMetadataEndpoint (/home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/utils/getInstanceMetadataEndpoint.js:27:62)
      at async /home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/fromInstanceMetadata.js:49:26
      at async file:///home/ec2-user/js/imds/test-v3.config.mjs:4:23 {
    input: 'invalid',
    code: 'ERR_INVALID_URL'
  }
}

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@trivikr trivikr marked this pull request as draft August 11, 2021 01:52
@codecov-commenter
Copy link

codecov-commenter commented Aug 11, 2021

Codecov Report

❗ No coverage uploaded for pull request base (main@398a092). Click here to learn what that means.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #2660   +/-   ##
=======================================
  Coverage        ?   60.69%           
=======================================
  Files           ?      521           
  Lines           ?    27810           
  Branches        ?     6834           
=======================================
  Hits            ?    16880           
  Misses          ?    10930           
  Partials        ?        0           

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 398a092...c3af4be. Read the comment docs.

@trivikr trivikr changed the title feat(credential-provider-imds): support IMDS IPv6 endpoints feat(credential-provider-imds): support IMDS for IPv6 endpoints Aug 11, 2021
@trivikr trivikr requested a review from AllanZhengYP August 11, 2021 22:45
@trivikr trivikr marked this pull request as ready for review August 11, 2021 22:45
@aws-sdk-js-automation
Copy link

AWS CodeBuild CI Report

  • CodeBuild project: sdk-staging-test
  • Commit ID: c3af4be
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@github-actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 28, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants