Skip to content

Commit

Permalink
Merge pull request #733 from kmala/feat
Browse files Browse the repository at this point in the history
skip service validation to get the default regions endpoint
  • Loading branch information
k8s-ci-robot authored Jul 11, 2024
2 parents 10636a3 + be03600 commit 2596d17
Show file tree
Hide file tree
Showing 6 changed files with 95 additions and 12 deletions.
2 changes: 1 addition & 1 deletion .go-version
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.22.4
1.22.5
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
ARG image=public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nonroot:2023-09-06-1694026927.2
ARG golang_image=public.ecr.aws/docker/library/golang:1.22.4
ARG golang_image=public.ecr.aws/docker/library/golang:1.22.5

FROM --platform=$BUILDPLATFORM $golang_image AS builder
WORKDIR /go/src/github.com/kubernetes-sigs/aws-iam-authenticator
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module sigs.k8s.io/aws-iam-authenticator

go 1.22.4
go 1.22.5

require (
github.com/aws/aws-sdk-go v1.54.6
Expand Down
31 changes: 23 additions & 8 deletions pkg/token/token.go
Original file line number Diff line number Diff line change
Expand Up @@ -392,6 +392,18 @@ type tokenVerifier struct {
validSTShostnames map[string]bool
}

func getDefaultHostNameForRegion(partition *endpoints.Partition, region, service string) (string, error) {
rep, err := partition.EndpointFor(service, region, endpoints.STSRegionalEndpointOption, endpoints.ResolveUnknownServiceOption)
if err != nil {
return "", fmt.Errorf("Error resolving endpoint for %s in partition %s. err: %v", region, partition.ID(), err)
}
parsedURL, err := url.Parse(rep.URL)
if err != nil {
return "", fmt.Errorf("Error parsing STS URL %s. err: %v", rep.URL, err)
}
return parsedURL.Hostname(), nil
}

func stsHostsForPartition(partitionID, region string) map[string]bool {
validSTShostnames := map[string]bool{}

Expand All @@ -410,6 +422,14 @@ func stsHostsForPartition(partitionID, region string) map[string]bool {
stsSvc, ok := partition.Services()[stsServiceID]
if !ok {
logrus.Errorf("STS service not found in partition %s", partitionID)
// Add the host of the current instances region if the service doesn't already exists in the partition
// so we don't fail if the service is not present in the go sdk but matches the instances region.
stsHostName, err := getDefaultHostNameForRegion(partition, region, stsServiceID)
if err != nil {
logrus.WithError(err).Error("Error getting default hostname")
} else {
validSTShostnames[stsHostName] = true
}
return validSTShostnames
}
stsSvcEndPoints := stsSvc.Endpoints()
Expand All @@ -430,17 +450,12 @@ func stsHostsForPartition(partitionID, region string) map[string]bool {
// Add the host of the current instances region if not already exists so we don't fail if the region is not
// present in the go sdk but matches the instances region.
if _, ok := stsSvcEndPoints[region]; !ok {
rep, err := partition.EndpointFor(stsServiceID, region, endpoints.STSRegionalEndpointOption)
stsHostName, err := getDefaultHostNameForRegion(partition, region, stsServiceID)
if err != nil {
logrus.WithError(err).Errorf("Error resolving endpoint for %s in partition %s", region, partitionID)
logrus.WithError(err).Error("Error getting default hostname")
return validSTShostnames
}
parsedURL, err := url.Parse(rep.URL)
if err != nil {
logrus.WithError(err).Errorf("Error parsing STS URL %s", rep.URL)
return validSTShostnames
}
validSTShostnames[parsedURL.Hostname()] = true
validSTShostnames[stsHostName] = true
}

return validSTShostnames
Expand Down
68 changes: 68 additions & 0 deletions pkg/token/token_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"testing"
"time"

"github.com/aws/aws-sdk-go/aws/endpoints"
"github.com/google/go-cmp/cmp"
"github.com/prometheus/client_golang/prometheus"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand Down Expand Up @@ -514,3 +515,70 @@ func response(account, userID, arn string) getCallerIdentityWrapper {
wrapper.GetCallerIdentityResponse.ResponseMetadata.RequestID = "id1234"
return wrapper
}

func Test_getDefaultHostNameForRegion(t *testing.T) {
type args struct {
partition endpoints.Partition
region string
service string
}
tests := []struct {
name string
args args
want string
wantErr bool
}{
{
name: "service doesn't exist should return default host name",
args: args{
partition: endpoints.AwsIsoEPartition(),
region: "eu-isoe-west-1",
service: "test",
},
want: "test.eu-isoe-west-1.cloud.adc-e.uk",
wantErr: false,
},
{
name: "service and region doesn't exist should return default host name",
args: args{
partition: endpoints.AwsIsoEPartition(),
region: "eu-isoe-test-1",
service: "test",
},
want: "test.eu-isoe-test-1.cloud.adc-e.uk",
wantErr: false,
},
{
name: "region doesn't exist should return default host name",
args: args{
partition: endpoints.AwsIsoPartition(),
region: "us-iso-test-1",
service: "sts",
},
want: "sts.us-iso-test-1.c2s.ic.gov",
wantErr: false,
},
{
name: "invalid region should return error",
args: args{
partition: endpoints.AwsIsoPartition(),
region: "test_123",
service: "sts",
},
want: "",
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := getDefaultHostNameForRegion(&tt.args.partition, tt.args.region, tt.args.service)
if (err != nil) != tt.wantErr {
t.Errorf("getDefaultHostNameForRegion() error = %v, wantErr %v", err, tt.wantErr)
return
}
if got != tt.want {
t.Errorf("getDefaultHostNameForRegion() = %v, want %v", got, tt.want)
}
})
}
}
2 changes: 1 addition & 1 deletion tests/integration/go.mod
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module sigs.k8s.io/aws-iam-authenticator/tests/integration

go 1.22.4
go 1.22.5

require (
github.com/aws/aws-sdk-go v1.54.6
Expand Down

0 comments on commit 2596d17

Please sign in to comment.