From b88d72e2374a8cbfc9da492de3501cef76ce1ca6 Mon Sep 17 00:00:00 2001 From: Russell Cohen Date: Thu, 23 Jun 2022 16:09:54 -0400 Subject: [PATCH] Add a trailing slash to iam/security-credentials/ when querying IMDS (#1487) --- CHANGELOG.next.toml | 6 ++++++ aws/rust-runtime/aws-config/src/imds/credentials.rs | 8 ++++---- .../imds_assume_role/http-traffic.json | 2 +- .../imds_config_with_no_creds/http-traffic.json | 2 +- .../imds_default_chain_error/http-traffic.json | 2 +- .../imds_default_chain_retries/http-traffic.json | 4 ++-- .../imds_default_chain_success/http-traffic.json | 2 +- .../imds_no_iam_role/http-traffic.json | 2 +- 8 files changed, 17 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.next.toml b/CHANGELOG.next.toml index fd0c2300c..79669d075 100644 --- a/CHANGELOG.next.toml +++ b/CHANGELOG.next.toml @@ -15,3 +15,9 @@ message = "Upgrade to Gradle 7. This change is not a breaking change, however, u references = ["smithy-rs#1411", "smithy-rs#1167"] meta = { "breaking" = false, "tada" = true, "bug" = false } author = "rcoh" + +[[aws-sdk-rust]] +message = "Add a trailing slash to the URI `/latest/meta-data/iam/security-credentials/ when loading credentials from IMDS" +references = ["aws-sdk-rust#560", "smithy-rs#1487"] +meta = { "breaking" = false, "tada" = false, "bug" = true } +author = "rcoh" diff --git a/aws/rust-runtime/aws-config/src/imds/credentials.rs b/aws/rust-runtime/aws-config/src/imds/credentials.rs index 9161b3496..9c0ac78af 100644 --- a/aws/rust-runtime/aws-config/src/imds/credentials.rs +++ b/aws/rust-runtime/aws-config/src/imds/credentials.rs @@ -46,7 +46,7 @@ impl Builder { /// Override the [instance profile](instance-profile) used for this provider. /// /// When retrieving IMDS credentials, a call must first be made to - /// `/latest/meta-data/iam/security-credentials`. This returns the instance + /// `/latest/meta-data/iam/security-credentials/`. This returns the instance /// profile used. By setting this parameter, retrieving the profile is skipped /// and the provided value is used instead. /// @@ -129,7 +129,7 @@ impl ImdsCredentialsProvider { match self .client() .await? - .get("/latest/meta-data/iam/security-credentials") + .get("/latest/meta-data/iam/security-credentials/") .await { Ok(profile) => Ok(profile), @@ -223,7 +223,7 @@ mod test { token_response(21600, TOKEN_A), ), ( - imds_request("http://169.254.169.254/latest/meta-data/iam/security-credentials", TOKEN_A), + imds_request("http://169.254.169.254/latest/meta-data/iam/security-credentials/", TOKEN_A), imds_response(r#"profile-name"#), ), ( @@ -231,7 +231,7 @@ mod test { imds_response("{\n \"Code\" : \"Success\",\n \"LastUpdated\" : \"2021-09-20T21:42:26Z\",\n \"Type\" : \"AWS-HMAC\",\n \"AccessKeyId\" : \"ASIARTEST\",\n \"SecretAccessKey\" : \"testsecret\",\n \"Token\" : \"testtoken\",\n \"Expiration\" : \"2021-09-21T04:16:53Z\"\n}"), ), ( - imds_request("http://169.254.169.254/latest/meta-data/iam/security-credentials", TOKEN_A), + imds_request("http://169.254.169.254/latest/meta-data/iam/security-credentials/", TOKEN_A), imds_response(r#"different-profile"#), ), ( diff --git a/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_assume_role/http-traffic.json b/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_assume_role/http-traffic.json index 2698baaea..285f10b37 100644 --- a/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_assume_role/http-traffic.json +++ b/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_assume_role/http-traffic.json @@ -89,7 +89,7 @@ "action": { "Request": { "request": { - "uri": "http://169.254.169.254/latest/meta-data/iam/security-credentials", + "uri": "http://169.254.169.254/latest/meta-data/iam/security-credentials/", "headers": { "x-aws-ec2-metadata-token": [ "imdssesiontoken==" diff --git a/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_config_with_no_creds/http-traffic.json b/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_config_with_no_creds/http-traffic.json index b47742e8f..9033ccb10 100644 --- a/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_config_with_no_creds/http-traffic.json +++ b/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_config_with_no_creds/http-traffic.json @@ -89,7 +89,7 @@ "action": { "Request": { "request": { - "uri": "http://169.254.169.254/latest/meta-data/iam/security-credentials", + "uri": "http://169.254.169.254/latest/meta-data/iam/security-credentials/", "headers": { "x-amz-user-agent": [ "aws-sdk-rust/0.1.0 api/imds/0.1.0 os/linux lang/rust/1.52.1" diff --git a/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_default_chain_error/http-traffic.json b/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_default_chain_error/http-traffic.json index 394225c7b..91db21574 100644 --- a/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_default_chain_error/http-traffic.json +++ b/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_default_chain_error/http-traffic.json @@ -89,7 +89,7 @@ "action": { "Request": { "request": { - "uri": "http://169.254.169.254/latest/meta-data/iam/security-credentials", + "uri": "http://169.254.169.254/latest/meta-data/iam/security-credentials/", "headers": { "user-agent": [ "aws-sdk-rust/0.1.0 os/linux lang/rust/1.52.1" diff --git a/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_default_chain_retries/http-traffic.json b/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_default_chain_retries/http-traffic.json index 804d55c13..1a639488c 100644 --- a/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_default_chain_retries/http-traffic.json +++ b/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_default_chain_retries/http-traffic.json @@ -143,7 +143,7 @@ "action": { "Request": { "request": { - "uri": "http://169.254.169.254/latest/meta-data/iam/security-credentials", + "uri": "http://169.254.169.254/latest/meta-data/iam/security-credentials/", "headers": { "x-amz-user-agent": [ "aws-sdk-rust/0.1.0 api/imds/0.1.0 os/linux lang/rust/1.52.1" @@ -197,7 +197,7 @@ "action": { "Request": { "request": { - "uri": "http://169.254.169.254/latest/meta-data/iam/security-credentials", + "uri": "http://169.254.169.254/latest/meta-data/iam/security-credentials/", "headers": { "x-aws-ec2-metadata-token": [ "imdstoken" diff --git a/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_default_chain_success/http-traffic.json b/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_default_chain_success/http-traffic.json index 61c7c336c..a1f57fc6e 100644 --- a/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_default_chain_success/http-traffic.json +++ b/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_default_chain_success/http-traffic.json @@ -89,7 +89,7 @@ "action": { "Request": { "request": { - "uri": "http://169.254.169.254/latest/meta-data/iam/security-credentials", + "uri": "http://169.254.169.254/latest/meta-data/iam/security-credentials/", "headers": { "x-amz-user-agent": [ "aws-sdk-rust/0.1.0 api/imds/0.1.0 os/linux lang/rust/1.52.1" diff --git a/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_no_iam_role/http-traffic.json b/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_no_iam_role/http-traffic.json index 394225c7b..91db21574 100644 --- a/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_no_iam_role/http-traffic.json +++ b/aws/rust-runtime/aws-config/test-data/default-provider-chain/imds_no_iam_role/http-traffic.json @@ -89,7 +89,7 @@ "action": { "Request": { "request": { - "uri": "http://169.254.169.254/latest/meta-data/iam/security-credentials", + "uri": "http://169.254.169.254/latest/meta-data/iam/security-credentials/", "headers": { "user-agent": [ "aws-sdk-rust/0.1.0 os/linux lang/rust/1.52.1" -- GitLab