MCPcopy
hub / github.com/minio/minio-go / initIMDSv2Server

Function initIMDSv2Server

pkg/credentials/iam_aws_test.go:91–127  ·  view source on GitHub ↗

Instance Metadata Service with V1 disabled.

(expireOn string, failAssume bool)

Source from the content-addressed store, hash-verified

89
90// Instance Metadata Service with V1 disabled.
91func initIMDSv2Server(expireOn string, failAssume bool) *httptest.Server {
92 imdsToken := "IMDSTokenabc123=="
93 server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
94 fmt.Println(r.URL.Path)
95 fmt.Println(r.Method)
96 if r.URL.Path == "/latest/api/token" && r.Method == "PUT" {
97 ttlHeader := r.Header.Get("X-aws-ec2-metadata-token-ttl-seconds")
98 ttl, err := strconv.ParseInt(ttlHeader, 10, 32)
99 if err != nil || ttl < 0 || ttl > 21600 {
100 http.Error(w, "", http.StatusBadRequest)
101 return
102 }
103 w.Header().Set("X-Aws-Ec2-Metadata-Token-Ttl-Seconds", ttlHeader)
104 w.Write([]byte(imdsToken))
105 return
106 }
107 token := r.Header.Get("X-aws-ec2-metadata-token")
108 if token != imdsToken {
109 http.Error(w, r.URL.Path, http.StatusUnauthorized)
110 return
111 }
112
113 switch r.URL.Path {
114 case "/latest/meta-data/iam/security-credentials/":
115 fmt.Fprintln(w, "RoleName")
116 case "/latest/meta-data/iam/security-credentials/RoleName":
117 if failAssume {
118 fmt.Fprint(w, credsFailRespTmpl)
119 } else {
120 fmt.Fprintf(w, credsRespTmpl, expireOn)
121 }
122 default:
123 http.Error(w, "bad request", http.StatusBadRequest)
124 }
125 }))
126 return server
127}
128
129func initEcsTaskTestServer(expireOn string) *httptest.Server {
130 server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {

Callers 4

TestIAMFunction · 0.85
TestIAMFailAssumeFunction · 0.85
TestIAMIsExpiredFunction · 0.85
TestIMDSv1BlockedFunction · 0.85

Calls 4

GetMethod · 0.45
ErrorMethod · 0.45
SetMethod · 0.45
HeaderMethod · 0.45

Tested by

no test coverage detected