Merge pull request #268 from shaiguitar/default_region_in_iam_role

add default region to use_iam_profile
2022-11-09 13:50:52 -05:00 · 2016-07-01 08:46:46 -05:00 · 2016-07-01 08:46:46 -05:00 · ff675d0bc0
commit ff675d0bc0
parent f00473554d cc2c36ede9
2 changed files with 11 additions and 0 deletions
--- a/lib/fog/aws/credential_fetcher.rb
+++ b/lib/fog/aws/credential_fetcher.rb
@ -1,8 +1,11 @@
 module Fog
  module AWS
    module CredentialFetcher
+
      INSTANCE_METADATA_HOST = "http://169.254.169.254"
      INSTANCE_METADATA_PATH = "/latest/meta-data/iam/security-credentials/"
+      INSTANCE_METADATA_AZ = "/latest/meta-data/placement/availability-zone/"
+
      module ServiceMethods
        def fetch_credentials(options)
          if options[:use_iam_profile] && Fog.mocking?
@ -13,6 +16,8 @@ module Fog
              connection = options[:connection] || Excon.new(INSTANCE_METADATA_HOST)
              role_name = connection.get(:path => INSTANCE_METADATA_PATH, :expects => 200).body
              role_data = connection.get(:path => INSTANCE_METADATA_PATH+role_name, :expects => 200).body
+              az_data = connection.get(:path => INSTANCE_METADATA_AZ, :expects => 200).body
+              region = az_data[0..-2] # get region from az

              session = Fog::JSON.decode(role_data)
              credentials = {}
@ -20,6 +25,9 @@ module Fog
              credentials[:aws_secret_access_key] = session['SecretAccessKey']
              credentials[:aws_session_token] = session['Token']
              credentials[:aws_credentials_expire_at] = Time.xmlschema session['Expiration']
+
+              # set region by default to the one the instance is in.
+              credentials[:region] = region
              #these indicate the metadata service is unavailable or has no profile setup
              credentials
            rescue Excon::Errors::Error => e
--- a/tests/credentials_tests.rb
+++ b/tests/credentials_tests.rb
@ -7,6 +7,7 @@ Shindo.tests('AWS | credentials', ['aws']) do
    Excon.defaults[:mock] = true
    default_credentials = Fog::Compute::AWS.fetch_credentials({})
    Excon.stub({:method => :get, :path => "/latest/meta-data/iam/security-credentials/"}, {:status => 200, :body => 'arole'})
+    Excon.stub({:method => :get, :path => "/latest/meta-data/placement/availability-zone/"}, {:status => 200, :body => 'us-west-1a'})

    expires_at = Time.at(Time.now.to_i + 500)
    credentials = {
@ -23,6 +24,7 @@ Shindo.tests('AWS | credentials', ['aws']) do
      returns({:aws_access_key_id => 'dummykey',
                :aws_secret_access_key => 'dummysecret',
                :aws_session_token => 'dummytoken',
+                :region => "us-west-1",
                :aws_credentials_expire_at => expires_at}) { Fog::Compute::AWS.fetch_credentials(:use_iam_profile => true) }
    end

@ -47,6 +49,7 @@ Shindo.tests('AWS | credentials', ['aws']) do

    tests("#fetch_credentials when the url 404s") do
      Excon.stub({:method => :get, :path => "/latest/meta-data/iam/security-credentials/"}, {:status => 404, :body => 'not bound'})
+      Excon.stub({:method => :get, :path => "/latest/meta-data/placement/availability-zone/"}, {:status => 400, :body => 'not found'})
      returns(default_credentials) {Fog::Compute::AWS.fetch_credentials(:use_iam_profile => true)}
    end