Unverified Commit 1f9c6088 authored by ysaito1001's avatar ysaito1001 Committed by GitHub
Browse files

Fix EcsCredentialsProvider to respect query params (#3977) 

## Motivation and Context
https://github.com/awslabs/aws-sdk-rust/issues/1248, and implemented the
fix as prescribed.

## Testing
Added a request matching unit test to the `ecs` module to ensure that
query params are included in credential's HTTP request.

## Checklist
- [x] For changes to the AWS SDK, generated SDK code, or SDK runtime
crates, I have created a changelog entry Markdown file in the
`.changelog` directory, specifying "aws-sdk-rust" in the `applies_to`
key.

----

_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
parent e41f7d7d

.changelog/1737491439.md

0 → 100644
+12 −0
Original line number Diff line number Diff line 
---

applies_to:

- aws-sdk-rust

authors:

- ysaito1001

references:

- aws-sdk-rust#1248

breaking: false

new_feature: false

bug_fix: true

---

Fix `EcsCredentialsProvider` to include query params passed via `AWS_CONTAINER_CREDENTIALS_RELATIVE_URI`.

aws/rust-runtime/aws-config/Cargo.toml

+1 −1
Original line number Diff line number Diff line 
[package]

name = "aws-config"

version = "1.5.14"

version = "1.5.15"

authors = [

    "AWS Rust SDK Team <aws-sdk-rust@amazon.com>",

    "Russell Cohen <rcoh@amazon.com>",

aws/rust-runtime/aws-config/src/ecs.rs

+41 −2
Original line number Diff line number Diff line
@@ -191,7 +191,10 @@ impl Provider { 
            Err(EcsConfigurationError::NotConfigured) => return Provider::NotConfigured,

            Err(err) => return Provider::InvalidConfiguration(err),

        };

        let path = uri.path().to_string();

        let path_and_query = match uri.path_and_query() {

            Some(path_and_query) => path_and_query.to_string(),

            None => uri.path().to_string(),

        };

        let endpoint = {

            let mut parts = uri.into_parts();

            parts.path_and_query = Some(PathAndQuery::from_static("/"));
@@ -208,7 +211,7 @@ impl Provider { 
                    .read_timeout(DEFAULT_READ_TIMEOUT)

                    .build(),

            )

            .build("EcsContainer", &endpoint, path);

            .build("EcsContainer", &endpoint, path_and_query);

        Provider::Configured(http_provider)

    }
@@ -828,6 +831,42 @@ mod test { 
        http_client.assert_requests_match(&[]);

    }



    #[tokio::test]

    async fn query_params_should_be_included_in_credentials_http_request() {

        let env = Env::from_slice(&[

            (

                "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI",

                "/my-credentials/?applicationName=test2024",

            ),

            (

                "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE",

                "/var/run/secrets/pods.eks.amazonaws.com/serviceaccount/eks-pod-identity-token",

            ),

            ("AWS_CONTAINER_AUTHORIZATION_TOKEN", "unused"),

        ]);

        let fs = Fs::from_raw_map(HashMap::from([(

            OsString::from(

                "/var/run/secrets/pods.eks.amazonaws.com/serviceaccount/eks-pod-identity-token",

            ),

            "Basic password".into(),

        )]));



        let http_client = StaticReplayClient::new(vec![ReplayEvent::new(

            creds_request(

                "http://169.254.170.2/my-credentials/?applicationName=test2024",

                Some("Basic password"),

            ),

            ok_creds_response(),

        )]);

        let provider = provider(env, fs, http_client.clone());

        let creds = provider

            .provide_credentials()

            .await

            .expect("valid credentials");

        assert_correct(creds);

        http_client.assert_requests_match(&[]);

    }



    #[tokio::test]

    async fn fs_missing_file() {

        let env = Env::from_slice(&[