From 04de2cea802f1d1f3506a7b6356542da1e094313 Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Wed, 4 Oct 2023 20:22:47 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=A7=B9=20update=20tests=20for=20aws=20ec2?= =?UTF-8?q?=20detection?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- providers/os/connection/mock/mock.go | 3 +- providers/os/id/aws/testdata/instance.toml | 8 ++-- providers/os/id/aws/testdata/instancearm.toml | 7 ++- providers/os/id/aws/testdata/notinstance.toml | 5 +- providers/os/id/awsec2/metadata_cmd.go | 47 +++++++++++++++---- providers/os/id/awsec2/metadata_local_test.go | 14 ++++++ .../instance-identity_document_linux.toml | 7 ++- ...tance-identity_document_linux_no_tags.toml | 7 ++- .../instance-identity_document_windows.toml | 11 +++-- ...nce-identity_document_windows_no_tags.toml | 12 +++-- 10 files changed, 92 insertions(+), 29 deletions(-) diff --git a/providers/os/connection/mock/mock.go b/providers/os/connection/mock/mock.go index c4565e0ccf..fd32ea8f19 100644 --- a/providers/os/connection/mock/mock.go +++ b/providers/os/connection/mock/mock.go @@ -139,7 +139,8 @@ func (c *Connection) RunCommand(command string) (*shared.Command, error) { found, ok := c.data.Commands[command] if !ok { // try to fetch command by hash (more reliable for whitespace) - found, ok = c.data.Commands[hashCmd(command)] + hash := hashCmd(command) + found, ok = c.data.Commands[hash] } if !ok { c.missing["command"][command] = true diff --git a/providers/os/id/aws/testdata/instance.toml b/providers/os/id/aws/testdata/instance.toml index c102f710c9..e1f1a5aefe 100644 --- a/providers/os/id/aws/testdata/instance.toml +++ b/providers/os/id/aws/testdata/instance.toml @@ -22,7 +22,10 @@ content = "Red Hat Enterprise Linux Server release 7.2 (Maipo)" gid = 0 size = 0 -[commands."curl http://169.254.169.254/latest/dynamic/instance-identity/document"] +[commands."curl -H \"X-aws-ec2-metadata-token-ttl-seconds: 21600\" -X PUT \"http://169.254.169.254/latest/api/token\""] +stdout = "MYTOKEN" + +[commands."curl -H \"X-aws-ec2-metadata-token: MYTOKEN\" -v http://169.254.169.254/latest/dynamic/instance-identity/document"] stdout = """ { "devpayProductCodes" : null, @@ -43,6 +46,5 @@ stdout = """ } """ - -[commands."curl http://169.254.169.254/latest/meta-data/tags/instance/Name"] +[commands."curl -H \"X-aws-ec2-metadata-token: MYTOKEN\" -v http://169.254.169.254/latest/meta-data/tags/instance/Name"] stdout = "ec2-name" \ No newline at end of file diff --git a/providers/os/id/aws/testdata/instancearm.toml b/providers/os/id/aws/testdata/instancearm.toml index 36a5fab4ce..9b1113b320 100644 --- a/providers/os/id/aws/testdata/instancearm.toml +++ b/providers/os/id/aws/testdata/instancearm.toml @@ -34,7 +34,10 @@ content = "Red Hat Enterprise Linux Server release 7.2 (Maipo)" gid = 0 size = 0 -[commands."curl http://169.254.169.254/latest/dynamic/instance-identity/document"] +[commands."curl -H \"X-aws-ec2-metadata-token-ttl-seconds: 21600\" -X PUT \"http://169.254.169.254/latest/api/token\""] +stdout = "MYTOKEN" + +[commands."curl -H \"X-aws-ec2-metadata-token: MYTOKEN\" -v http://169.254.169.254/latest/dynamic/instance-identity/document"] stdout = """ { "devpayProductCodes" : null, @@ -55,5 +58,5 @@ stdout = """ } """ -[commands."curl http://169.254.169.254/latest/meta-data/tags/instance/Name"] +[commands."curl -H \"X-aws-ec2-metadata-token: MYTOKEN\" -v http://169.254.169.254/latest/meta-data/tags/instance/Name"] stdout = "ec2-name" \ No newline at end of file diff --git a/providers/os/id/aws/testdata/notinstance.toml b/providers/os/id/aws/testdata/notinstance.toml index 64bd8a39c6..45d26c5fa0 100644 --- a/providers/os/id/aws/testdata/notinstance.toml +++ b/providers/os/id/aws/testdata/notinstance.toml @@ -22,7 +22,10 @@ content = "Red Hat Enterprise Linux Server release 7.2 (Maipo)" gid = 0 size = 0 -[commands."curl http://169.254.169.254/latest/dynamic/instance-identity/document"] +[commands."curl -H \"X-aws-ec2-metadata-token-ttl-seconds: 21600\" -X PUT \"http://169.254.169.254/latest/api/token\""] +stdout = "MYTOKEN" + +[commands."curl -H \"X-aws-ec2-metadata-token: MYTOKEN\" -v http://169.254.169.254/latest/dynamic/instance-identity/document"] stdout = """ { "devpayProductCodes" : null, diff --git a/providers/os/id/awsec2/metadata_cmd.go b/providers/os/id/awsec2/metadata_cmd.go index 194fddf864..4a5be11399 100644 --- a/providers/os/id/awsec2/metadata_cmd.go +++ b/providers/os/id/awsec2/metadata_cmd.go @@ -22,7 +22,7 @@ import ( const ( identityUrl = `-H "X-aws-ec2-metadata-token: %s" -v http://169.254.169.254/latest/dynamic/instance-identity/document` - tokenUrl = `-X PUT "http://169.254.169.254/latest/api/token"` + tokenUrl = `-H "X-aws-ec2-metadata-token-ttl-seconds: 21600" -X PUT "http://169.254.169.254/latest/api/token"` tagNameUrl = `-H "X-aws-ec2-metadata-token: %s" -v http://169.254.169.254/latest/meta-data/tags/instance/Name` identityUrlWindows = ` @@ -37,6 +37,12 @@ $Headers = @{ "X-aws-ec2-metadata-token-ttl-seconds" = "21600" } Invoke-RestMethod -Method Put -Uri "http://169.254.169.254/latest/api/token" -Headers $Headers -TimeoutSec 1 -UseBasicParsing +` + tagNameUrlWindows = ` +$Headers = @{ + "X-aws-ec2-metadata-token" = %s +} +Invoke-RestMethod -Method Put -Uri "http://169.254.169.254/latest/meta-data/tags/instance/Name" -Headers $Headers -TimeoutSec 1 -UseBasicParsing ` ) @@ -96,10 +102,17 @@ func (m *CommandInstanceMetadata) Identify() (Identity, error) { }, nil } -func (m *CommandInstanceMetadata) curlDocument(url string, tokenUrl string) (string, error) { +type metadataType int + +const ( + document metadataType = iota + instanceNameTag +) + +func (m *CommandInstanceMetadata) curlDocument(metadataType metadataType) (string, error) { switch { case m.platform.IsFamily(inventory.FAMILY_UNIX): - cmd, err := m.conn.RunCommand("curl -H \"X-aws-ec2-metadata-token-ttl-seconds: 21600\" " + tokenUrl) + cmd, err := m.conn.RunCommand("curl " + tokenUrl) if err != nil { return "", err } @@ -109,7 +122,15 @@ func (m *CommandInstanceMetadata) curlDocument(url string, tokenUrl string) (str } tokenString := strings.TrimSpace(string(data)) - cmd, err = m.conn.RunCommand("curl " + fmt.Sprintf(identityUrl, tokenString)) + commandScript := "" + switch metadataType { + case document: + commandScript = "curl " + fmt.Sprintf(identityUrl, tokenString) + case instanceNameTag: + commandScript = "curl " + fmt.Sprintf(tagNameUrl, tokenString) + } + + cmd, err = m.conn.RunCommand(commandScript) if err != nil { return "", err } @@ -120,8 +141,7 @@ func (m *CommandInstanceMetadata) curlDocument(url string, tokenUrl string) (str return strings.TrimSpace(string(data)), nil case m.platform.IsFamily(inventory.FAMILY_WINDOWS): - - tokenPwshEncoded := powershell.Encode(fmt.Sprintf(tokenUrlWindows, tokenUrl)) + tokenPwshEncoded := powershell.Encode(tokenUrlWindows) cmd, err := m.conn.RunCommand(tokenPwshEncoded) if err != nil { return "", err @@ -132,8 +152,15 @@ func (m *CommandInstanceMetadata) curlDocument(url string, tokenUrl string) (str } tokenString := strings.TrimSpace(string(data)) - curlPwshEncoded := powershell.Encode(fmt.Sprintf(identityUrlWindows, tokenString)) - cmd, err = m.conn.RunCommand(curlPwshEncoded) + commandScript := "" + switch metadataType { + case document: + commandScript = powershell.Encode(fmt.Sprintf(identityUrlWindows, tokenString)) + case instanceNameTag: + commandScript = powershell.Encode(fmt.Sprintf(tagNameUrlWindows, tokenString)) + } + + cmd, err = m.conn.RunCommand(commandScript) if err != nil { return "", err } @@ -149,7 +176,7 @@ func (m *CommandInstanceMetadata) curlDocument(url string, tokenUrl string) (str } func (m *CommandInstanceMetadata) instanceNameTag() (string, error) { - res, err := m.curlDocument(tagNameUrl, tokenUrl) + res, err := m.curlDocument(instanceNameTag) if err != nil { return "", err } @@ -160,5 +187,5 @@ func (m *CommandInstanceMetadata) instanceNameTag() (string, error) { } func (m *CommandInstanceMetadata) instanceIdentityDocument() (string, error) { - return m.curlDocument(identityUrl, tokenUrl) + return m.curlDocument(document) } diff --git a/providers/os/id/awsec2/metadata_local_test.go b/providers/os/id/awsec2/metadata_local_test.go index be83fa6a52..a8b1e8e2e7 100644 --- a/providers/os/id/awsec2/metadata_local_test.go +++ b/providers/os/id/awsec2/metadata_local_test.go @@ -44,6 +44,13 @@ func TestEC2RoleProviderInstanceIdentityLocal(t *testing.T) { cfg := fakeConfig() cfg.HTTPClient = smithyhttp.ClientDoFunc(func(r *http.Request) (*http.Response, error) { url := r.URL.String() + if strings.Contains(url, "latest/api/token") { + return &http.Response{ + StatusCode: 200, + Header: http.Header{}, + Body: io.NopCloser(bytes.NewBufferString("mock-token")), + }, nil + } if strings.Contains(url, "tags/instance/Name") { return &http.Response{ StatusCode: 200, @@ -75,6 +82,13 @@ func TestEC2RoleProviderInstanceIdentityLocalDisabledTagsService(t *testing.T) { cfg := fakeConfig() cfg.HTTPClient = smithyhttp.ClientDoFunc(func(r *http.Request) (*http.Response, error) { url := r.URL.String() + if strings.Contains(url, "latest/api/token") { + return &http.Response{ + StatusCode: 200, + Header: http.Header{}, + Body: io.NopCloser(bytes.NewBufferString("mock-token")), + }, nil + } if strings.Contains(url, "tags/instance/Name") { return &http.Response{ StatusCode: 404, diff --git a/providers/os/id/awsec2/testdata/instance-identity_document_linux.toml b/providers/os/id/awsec2/testdata/instance-identity_document_linux.toml index fe308f1dd9..6f0fe79e62 100644 --- a/providers/os/id/awsec2/testdata/instance-identity_document_linux.toml +++ b/providers/os/id/awsec2/testdata/instance-identity_document_linux.toml @@ -10,7 +10,10 @@ stdout = "4.9.125-linuxkit" [files."/etc/redhat-release"] content = "Red Hat Enterprise Linux Server release 7.2 (Maipo)" -[commands."curl http://169.254.169.254/latest/dynamic/instance-identity/document"] +[commands."curl -H \"X-aws-ec2-metadata-token-ttl-seconds: 21600\" -X PUT \"http://169.254.169.254/latest/api/token\""] +stdout = "MYTOKEN" + +[commands."curl -H \"X-aws-ec2-metadata-token: MYTOKEN\" -v http://169.254.169.254/latest/dynamic/instance-identity/document"] stdout = """ { "devpayProductCodes" : null, @@ -31,5 +34,5 @@ stdout = """ } """ -[commands."curl http://169.254.169.254/latest/meta-data/tags/instance/Name"] +[commands."curl -H \"X-aws-ec2-metadata-token: MYTOKEN\" -v http://169.254.169.254/latest/meta-data/tags/instance/Name"] stdout = "ec2-name" \ No newline at end of file diff --git a/providers/os/id/awsec2/testdata/instance-identity_document_linux_no_tags.toml b/providers/os/id/awsec2/testdata/instance-identity_document_linux_no_tags.toml index 7a0d423768..6fbe2b1fb1 100644 --- a/providers/os/id/awsec2/testdata/instance-identity_document_linux_no_tags.toml +++ b/providers/os/id/awsec2/testdata/instance-identity_document_linux_no_tags.toml @@ -10,7 +10,10 @@ stdout = "4.9.125-linuxkit" [files."/etc/redhat-release"] content = "Red Hat Enterprise Linux Server release 7.2 (Maipo)" -[commands."curl http://169.254.169.254/latest/dynamic/instance-identity/document"] +[commands."curl -H \"X-aws-ec2-metadata-token-ttl-seconds: 21600\" -X PUT \"http://169.254.169.254/latest/api/token\""] +stdout = "MYTOKEN" + +[commands."curl -H \"X-aws-ec2-metadata-token: MYTOKEN\" -v http://169.254.169.254/latest/dynamic/instance-identity/document"] stdout = """ { "devpayProductCodes" : null, @@ -31,7 +34,7 @@ stdout = """ } """ -[commands."curl http://169.254.169.254/latest/meta-data/tags/instance/Name"] +[commands."curl -H \"X-aws-ec2-metadata-token: MYTOKEN\" -v http://169.254.169.254/latest/meta-data/tags/instance/Name"] stdout = """