-
Notifications
You must be signed in to change notification settings - Fork 2.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Backported EKS Pod Identity support into ContainerCredentialsProvider
Added support for the AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE environment variable in the FullUriCredentialsEndpointProvider, which is the required method of obtaining the authorization token when using the EKS Pod Identity feature. Moreover, the allowed hosts validation has been extended to include the ECS and EKS host IPs, which should be allowed for http (not https) traffic. Fixes #3062
- Loading branch information
1 parent
10dc4bf
commit 0ec1cac
Showing
3 changed files
with
137 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
74 changes: 74 additions & 0 deletions
74
...e/src/test/java/com/amazonaws/auth/FullUriCredentialsEndpointProviderIntegrationTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
/* | ||
* Copyright (c) 2017. Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"). | ||
* You may not use this file except in compliance with the License. | ||
* A copy of the License is located at | ||
* | ||
* http://aws.amazon.com/apache2.0 | ||
* | ||
* or in the "license" file accompanying this file. This file is distributed | ||
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either | ||
* express or implied. See the License for the specific language governing | ||
* permissions and limitations under the License. | ||
*/ | ||
|
||
package com.amazonaws.auth; | ||
|
||
import static org.hamcrest.CoreMatchers.equalTo; | ||
import static org.hamcrest.MatcherAssert.assertThat; | ||
import static org.hamcrest.Matchers.hasEntry; | ||
|
||
import com.amazonaws.auth.ContainerCredentialsProvider.FullUriCredentialsEndpointProvider; | ||
import org.junit.AfterClass; | ||
import org.junit.BeforeClass; | ||
import org.junit.Test; | ||
import utils.EnvironmentVariableHelper; | ||
|
||
import java.io.File; | ||
import java.io.FileWriter; | ||
import java.util.Map; | ||
|
||
public class FullUriCredentialsEndpointProviderIntegrationTest { | ||
|
||
private static final EnvironmentVariableHelper helper = new EnvironmentVariableHelper(); | ||
private static final FullUriCredentialsEndpointProvider sut = new FullUriCredentialsEndpointProvider(); | ||
|
||
private static String fileName = "tokenFile"; | ||
|
||
private static String data = "hello authorized world!"; | ||
|
||
private static File file = null; | ||
|
||
@BeforeClass | ||
public static void setUp() throws Exception { | ||
file = File.createTempFile(String.valueOf(System.currentTimeMillis()), | ||
fileName); | ||
|
||
FileWriter fw = null; | ||
try { | ||
fw = new FileWriter(file); | ||
fw.write(data); | ||
} finally { | ||
fw.close(); | ||
} | ||
} | ||
|
||
@AfterClass | ||
public static void tearDown() throws Exception { | ||
helper.reset(); | ||
|
||
if (file != null) { | ||
file.delete(); | ||
} | ||
} | ||
|
||
@Test | ||
public void authorizationHeaderIsPresentIfEnvironmentVariableSet() { | ||
helper.set(ContainerCredentialsProvider.CONTAINER_AUTHORIZATION_TOKEN_FILE, file.getAbsolutePath()); | ||
Map<String, String> headers = sut.getHeaders(); | ||
assertThat(headers.size(), equalTo(1)); | ||
assertThat(headers, hasEntry("Authorization", "hello authorized world!")); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters