mirror of
https://github.com/fog/fog-aws.git
synced 2022-11-09 13:50:52 -05:00
Clean up STS regional work
We use the AWS_DEFAULT_REGION environment variable only if the region isn't specified explicitly in the configuration.
This commit is contained in:
Stan Hu
parent
cbd3354777
commit
dad90af22d
2 changed files with 31 additions and 17 deletions
|
|
@ -21,7 +21,7 @@ module Fog
|
||||||
if options[:use_iam_profile]
|
if options[:use_iam_profile]
|
||||||
begin
|
begin
|
||||||
role_data = nil
|
role_data = nil
|
||||||
region = options[:region]
|
region = options[:region] || ENV["AWS_DEFAULT_REGION"]
|
||||||
|
|
||||||
if ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]
|
if ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]
|
||||||
connection = options[:connection] || Excon.new(CONTAINER_CREDENTIALS_HOST)
|
connection = options[:connection] || Excon.new(CONTAINER_CREDENTIALS_HOST)
|
||||||
|
|
@ -43,13 +43,14 @@ module Fog
|
||||||
:Version => "2011-06-15",
|
:Version => "2011-06-15",
|
||||||
}
|
}
|
||||||
|
|
||||||
if ENV["AWS_STS_REGIONAL_ENDPOINTS"] == "regional" && ENV["AWS_DEFAULT_REGION"]
|
sts_endpoint =
|
||||||
STS_ENDPOINT = "https://sts.#{ENV['AWS_DEFAULT_REGION']}.amazonaws.com"
|
if ENV["AWS_STS_REGIONAL_ENDPOINTS"] == "regional"
|
||||||
else
|
"https://sts.#{region}.amazonaws.com"
|
||||||
STS_ENDPOINT = "https://sts.amazonaws.com"
|
else
|
||||||
end
|
"https://sts.amazonaws.com"
|
||||||
|
end
|
||||||
|
|
||||||
connection = options[:connection] || Excon.new(STS_ENDPOINT, :query => params)
|
connection = options[:connection] || Excon.new(sts_endpoint, :query => params)
|
||||||
document = Nokogiri::XML(connection.get(:idempotent => true, :expects => 200).body)
|
document = Nokogiri::XML(connection.get(:idempotent => true, :expects => 200).body)
|
||||||
|
|
||||||
session = {
|
session = {
|
||||||
|
|
@ -82,6 +83,7 @@ module Fog
|
||||||
|
|
||||||
# set region by default to the one the instance is in.
|
# set region by default to the one the instance is in.
|
||||||
credentials[:region] = region
|
credentials[:region] = region
|
||||||
|
credentials[:sts_endpoint] = sts_endpoint if sts_endpoint
|
||||||
#these indicate the metadata service is unavailable or has no profile setup
|
#these indicate the metadata service is unavailable or has no profile setup
|
||||||
credentials
|
credentials
|
||||||
rescue Excon::Error => e
|
rescue Excon::Error => e
|
||||||
|
|
|
||||||
|
|
@ -83,7 +83,7 @@ Shindo.tests('AWS | credentials', ['aws']) do
|
||||||
aws_secret_access_key: 'dummysecret',
|
aws_secret_access_key: 'dummysecret',
|
||||||
aws_session_token: 'dummytoken',
|
aws_session_token: 'dummytoken',
|
||||||
region: 'us-west-1',
|
region: 'us-west-1',
|
||||||
STS_ENDPOINT: "https://sts.amazonaws.com"
|
sts_endpoint: "https://sts.amazonaws.com",
|
||||||
aws_credentials_expire_at: expires_at
|
aws_credentials_expire_at: expires_at
|
||||||
) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true) }
|
) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true) }
|
||||||
end
|
end
|
||||||
|
|
@ -96,27 +96,39 @@ Shindo.tests('AWS | credentials', ['aws']) do
|
||||||
aws_secret_access_key: 'dummysecret',
|
aws_secret_access_key: 'dummysecret',
|
||||||
aws_session_token: 'dummytoken',
|
aws_session_token: 'dummytoken',
|
||||||
region: 'us-west-1',
|
region: 'us-west-1',
|
||||||
STS_ENDPOINT: "https://sts.amazonaws.com"
|
sts_endpoint: "https://sts.amazonaws.com",
|
||||||
aws_credentials_expire_at: expires_at
|
aws_credentials_expire_at: expires_at
|
||||||
) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true) }
|
) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true, region: 'us-west-1') }
|
||||||
end
|
end
|
||||||
|
|
||||||
ENV["AWS_STS_REGIONAL_ENDPOINTS"] = "regional"
|
ENV["AWS_STS_REGIONAL_ENDPOINTS"] = "regional"
|
||||||
ENV["AWS_REGION"] = "us-west-1"
|
|
||||||
|
|
||||||
tests('#fetch_credentials with regional sts endpoint') do
|
tests('#fetch_credentials with regional STS endpoint') do
|
||||||
returns(
|
returns(
|
||||||
aws_access_key_id: 'dummykey',
|
aws_access_key_id: 'dummykey',
|
||||||
aws_secret_access_key: 'dummysecret',
|
aws_secret_access_key: 'dummysecret',
|
||||||
aws_session_token: 'dummytoken',
|
aws_session_token: 'dummytoken',
|
||||||
region: 'us-west-1',
|
region: 'us-west-1',
|
||||||
STS_ENDPOINT: "https://sts.us-west-1.amazonaws.com"
|
sts_endpoint: "https://sts.us-west-1.amazonaws.com",
|
||||||
|
aws_credentials_expire_at: expires_at
|
||||||
|
) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true, region: 'us-west-1') }
|
||||||
|
end
|
||||||
|
|
||||||
|
ENV["AWS_DEFAULT_REGION"] = "us-west-1"
|
||||||
|
|
||||||
|
tests('#fetch_credentials with regional STS endpoint with region in env') do
|
||||||
|
returns(
|
||||||
|
aws_access_key_id: 'dummykey',
|
||||||
|
aws_secret_access_key: 'dummysecret',
|
||||||
|
aws_session_token: 'dummytoken',
|
||||||
|
region: 'us-west-1',
|
||||||
|
sts_endpoint: "https://sts.us-west-1.amazonaws.com",
|
||||||
aws_credentials_expire_at: expires_at
|
aws_credentials_expire_at: expires_at
|
||||||
) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true) }
|
) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true) }
|
||||||
end
|
end
|
||||||
|
|
||||||
ENV["AWS_STS_REGIONAL_ENDPOINTS"] = nil
|
ENV["AWS_STS_REGIONAL_ENDPOINTS"] = nil
|
||||||
ENV["AWS_REGION"] = nil
|
ENV["AWS_DEFAULT_REGION"] = nil
|
||||||
ENV['AWS_WEB_IDENTITY_TOKEN_FILE'] = nil
|
ENV['AWS_WEB_IDENTITY_TOKEN_FILE'] = nil
|
||||||
|
|
||||||
compute = Fog::AWS::Compute.new(use_iam_profile: true)
|
compute = Fog::AWS::Compute.new(use_iam_profile: true)
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue