Instance Metadata Service with V1 disabled.
(expireOn string, failAssume bool)
| 89 | |
| 90 | // Instance Metadata Service with V1 disabled. |
| 91 | func initIMDSv2Server(expireOn string, failAssume bool) *httptest.Server { |
| 92 | imdsToken := "IMDSTokenabc123==" |
| 93 | server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 94 | fmt.Println(r.URL.Path) |
| 95 | fmt.Println(r.Method) |
| 96 | if r.URL.Path == "/latest/api/token" && r.Method == "PUT" { |
| 97 | ttlHeader := r.Header.Get("X-aws-ec2-metadata-token-ttl-seconds") |
| 98 | ttl, err := strconv.ParseInt(ttlHeader, 10, 32) |
| 99 | if err != nil || ttl < 0 || ttl > 21600 { |
| 100 | http.Error(w, "", http.StatusBadRequest) |
| 101 | return |
| 102 | } |
| 103 | w.Header().Set("X-Aws-Ec2-Metadata-Token-Ttl-Seconds", ttlHeader) |
| 104 | w.Write([]byte(imdsToken)) |
| 105 | return |
| 106 | } |
| 107 | token := r.Header.Get("X-aws-ec2-metadata-token") |
| 108 | if token != imdsToken { |
| 109 | http.Error(w, r.URL.Path, http.StatusUnauthorized) |
| 110 | return |
| 111 | } |
| 112 | |
| 113 | switch r.URL.Path { |
| 114 | case "/latest/meta-data/iam/security-credentials/": |
| 115 | fmt.Fprintln(w, "RoleName") |
| 116 | case "/latest/meta-data/iam/security-credentials/RoleName": |
| 117 | if failAssume { |
| 118 | fmt.Fprint(w, credsFailRespTmpl) |
| 119 | } else { |
| 120 | fmt.Fprintf(w, credsRespTmpl, expireOn) |
| 121 | } |
| 122 | default: |
| 123 | http.Error(w, "bad request", http.StatusBadRequest) |
| 124 | } |
| 125 | })) |
| 126 | return server |
| 127 | } |
| 128 | |
| 129 | func initEcsTaskTestServer(expireOn string) *httptest.Server { |
| 130 | server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { |
no test coverage detected