feat(credential-provider-imds): support IMDS for IPv6 endpoints

[trivikr]

Issue

Internal JS-2759

Description

Adds support for IMDS IPv6 endpoints

Testing

Testing was done by printing hostname as follows:

@@ -52,6 +52,7 @@ export const fromInstanceMetadata = (init: RemoteProviderInit = {}): CredentialP

   return async () => {
     const endpoint = await getInstanceMetadataEndpoint();
+    console.log({ hostname: endpoint.hostname });
     if (disableFetchToken) {
       return getCredentials(maxRetries, { ...endpoint, timeout });
     } else {

Environment variables

Code

import { fromInstanceMetadata } from "./aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/index.js";
  
const ENV_ENDPOINT_NAME = "AWS_EC2_METADATA_SERVICE_ENDPOINT";
const ENV_ENDPOINT_MODE_NAME = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE";

const testCredentials = async () => {
  const credentials = await fromInstanceMetadata()();
  console.log({
    credentialsFetchSuccess:
      credentials.accessKeyId && credentials.secretAccessKey ? true : false,
  });
};

const testEndpoint = async () => {
  console.log(
    `\nprocess.env[${ENV_ENDPOINT_NAME}]: ${process.env[ENV_ENDPOINT_NAME]}`
  );
  try {
    await testCredentials();
  } catch (err) {
    console.log({ err });
  }
};

const testEndpointMode = async () => {
  console.log(
    `\nprocess.env[${ENV_ENDPOINT_MODE_NAME}]: ${process.env[ENV_ENDPOINT_MODE_NAME]}`
  );
  try {
    await testCredentials();
  } catch (err) {
    console.log({ err });
  }
};

await testEndpoint();
const endpoints = [
  "http://169.254.169.254",
  "http://[fd00:ec2::254]",
  "invalidEndpoint",
];
for (const endpoint of endpoints) {
  process.env[ENV_ENDPOINT_NAME] = endpoint;
  await testEndpoint();
}
delete process.env[ENV_ENDPOINT_NAME];

await testEndpointMode();
const endpointModes = ["IPv4", "IPv6", "invalidEndpointMode"];
for (const endpointMode of endpointModes) {
  process.env[ENV_ENDPOINT_MODE_NAME] = endpointMode;
  await testEndpointMode();
}
delete process.env[ENV_ENDPOINT_MODE_NAME];

Output

process.env[AWS_EC2_METADATA_SERVICE_ENDPOINT]: undefined
{ hostname: '169.254.169.254' }
{ credentialsFetchSuccess: true }

process.env[AWS_EC2_METADATA_SERVICE_ENDPOINT]: http://169.254.169.254
{ hostname: '169.254.169.254' }
{ credentialsFetchSuccess: true }

process.env[AWS_EC2_METADATA_SERVICE_ENDPOINT]: http://[fd00:ec2::254]
{ hostname: '[fd00:ec2::254]' }
{ credentialsFetchSuccess: true }

process.env[AWS_EC2_METADATA_SERVICE_ENDPOINT]: invalidEndpoint
{
  err: TypeError [ERR_INVALID_URL]: Invalid URL: invalidEndpoint
      at onParseError (internal/url.js:279:9)
      at new URL (internal/url.js:355:5)
      at Object.parseUrl (/home/ec2-user/js/imds/aws-sdk-js-v3/packages/url-parser/dist/cjs/index.js:6:60)
      at Object.getInstanceMetadataEndpoint (/home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/utils/getInstanceMetadataEndpoint.js:27:62)
      at processTicksAndRejections (internal/process/task_queues.js:95:5)
      at async /home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/fromInstanceMetadata.js:49:26
      at async testCredentials (file:///home/ec2-user/js/imds/test-v3.mjs:7:23)
      at async testEndpoint (file:///home/ec2-user/js/imds/test-v3.mjs:19:5)
      at async file:///home/ec2-user/js/imds/test-v3.mjs:44:3 {
    input: 'invalidEndpoint',
    code: 'ERR_INVALID_URL'
  }
}

process.env[AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE]: undefined
{ hostname: '169.254.169.254' }
{ credentialsFetchSuccess: true }

process.env[AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE]: IPv4
{ hostname: '169.254.169.254' }
{ credentialsFetchSuccess: true }

process.env[AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE]: IPv6
{ hostname: '[fd00:ec2::254]' }
{ credentialsFetchSuccess: true }

process.env[AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE]: invalidEndpointMode
{
  err: Error: Unsupported endpoint mode: invalidEndpointMode. Select from IPv4,IPv6
      at getFromEndpointModeConfig (/home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/utils/getInstanceMetadataEndpoint.js:38:19)
      at async Object.getInstanceMetadataEndpoint (/home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/utils/getInstanceMetadataEndpoint.js:27:107)
      at async /home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/fromInstanceMetadata.js:49:26
      at async testCredentials (file:///home/ec2-user/js/imds/test-v3.mjs:7:23)
      at async testEndpointMode (file:///home/ec2-user/js/imds/test-v3.mjs:30:5)
      at async file:///home/ec2-user/js/imds/test-v3.mjs:52:3
}

Shared ini configuration

Config

[profile imds_mode_v4]
ec2_metadata_service_endpoint_mode=IPv4

[profile imds_mode_v6]
ec2_metadata_service_endpoint_mode=IPv6

[profile imds_mode_invalid]
ec2_metadata_service_endpoint_mode=invalid

[profile imds_endpoint_v4]
ec2_metadata_service_endpoint=http://169.254.169.254

[profile imds_endpoint_v6]
ec2_metadata_service_endpoint=http://[fd00:ec2::254]

[profile imds_endpoint_invalid]
ec2_metadata_service_endpoint=invalid

Code

import { fromInstanceMetadata } from "./aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/index.js";

try {
  const credentials = await fromInstanceMetadata()();
  console.log({
    credentialsFetchSuccess:
      credentials.accessKeyId && credentials.secretAccessKey ? true : false,
  });
} catch (err) {
  console.log({ err });
}

Output

$ node test-v3.config.mjs 
{ hostname: '169.254.169.254' }
{ credentialsFetchSuccess: true }

$ AWS_PROFILE=imds_mode_v4 node test-v3.config.mjs 
{ hostname: '169.254.169.254' }
{ credentialsFetchSuccess: true }

$ AWS_PROFILE=imds_mode_v6 node test-v3.config.mjs 
{ hostname: '[fd00:ec2::254]' }
{ credentialsFetchSuccess: true }

$ AWS_PROFILE=imds_mode_invalid node test-v3.config.mjs
{
  err: Error: Unsupported endpoint mode: invalid. Select from IPv4,IPv6
      at getFromEndpointModeConfig (/home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/utils/getInstanceMetadataEndpoint.js:38:19)
      at async Object.getInstanceMetadataEndpoint (/home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/utils/getInstanceMetadataEndpoint.js:27:107)
      at async /home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/fromInstanceMetadata.js:49:26
      at async file:///home/ec2-user/js/imds/test-v3.config.mjs:4:23
}

$ AWS_PROFILE=imds_endpoint_v4 node test-v3.config.mjs
{ hostname: '169.254.169.254' }
{ credentialsFetchSuccess: true }

$ AWS_PROFILE=imds_endpoint_v6 node test-v3.config.mjs
{ hostname: '[fd00:ec2::254]' }
{ credentialsFetchSuccess: true }

$ AWS_PROFILE=imds_endpoint_invalid node test-v3.config.mjs
{
  err: TypeError [ERR_INVALID_URL]: Invalid URL: invalid
      at onParseError (internal/url.js:279:9)
      at new URL (internal/url.js:355:5)
      at Object.parseUrl (/home/ec2-user/js/imds/aws-sdk-js-v3/packages/url-parser/dist/cjs/index.js:6:60)
      at Object.getInstanceMetadataEndpoint (/home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/utils/getInstanceMetadataEndpoint.js:27:62)
      at async /home/ec2-user/js/imds/aws-sdk-js-v3/packages/credential-provider-imds/dist/cjs/fromInstanceMetadata.js:49:26
      at async file:///home/ec2-user/js/imds/test-v3.config.mjs:4:23 {
    input: 'invalid',
    code: 'ERR_INVALID_URL'
  }
}

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[codecov-commenter]

Codecov Report

❗ No coverage uploaded for pull request base (main@398a092). Click here to learn what that means.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #2660   +/-   ##
=======================================
  Coverage        ?   60.69%           
=======================================
  Files           ?      521           
  Lines           ?    27810           
  Branches        ?     6834           
=======================================
  Hits            ?    16880           
  Misses          ?    10930           
  Partials        ?        0           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 398a092...c3af4be. Read the comment docs.

[aws-sdk-js-automation]

AWS CodeBuild CI Report

• CodeBuild project: sdk-staging-test
• Commit ID: c3af4be
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.