Skip to content

Commit

Permalink
fix: removing aws url validation (#1531)
Browse files Browse the repository at this point in the history
Co-authored-by: Leo <39062083+lsirac@users.noreply.github.com>
  • Loading branch information
aeitzman and lsirac authored Mar 21, 2023
1 parent 6e504a0 commit f4d9335
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 77 deletions.
24 changes: 0 additions & 24 deletions src/auth/awsclient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,6 @@ export class AwsClient extends BaseExternalAccountClient {

// Data validators.
this.validateEnvironmentId();
this.validateMetadataServerURLs();
}

private validateEnvironmentId() {
Expand All @@ -117,29 +116,6 @@ export class AwsClient extends BaseExternalAccountClient {
}
}

private validateMetadataServerURLs() {
this.validateMetadataURL(this.regionUrl, 'region_url');
this.validateMetadataURL(this.securityCredentialsUrl, 'url');
this.validateMetadataURL(
this.imdsV2SessionTokenUrl,
'imdsv2_session_token_url'
);
}

private validateMetadataURL(value?: string, prop?: string) {
if (!value) return;
const url = new URL(value);

if (
url.hostname !== AwsClient.AWS_EC2_METADATA_IPV4_ADDRESS &&
url.hostname !== `[${AwsClient.AWS_EC2_METADATA_IPV6_ADDRESS}]`
) {
throw new RangeError(
`Invalid host "${url.hostname}" for "${prop}". Expecting ${AwsClient.AWS_EC2_METADATA_IPV4_ADDRESS} or ${AwsClient.AWS_EC2_METADATA_IPV6_ADDRESS}.`
);
}
}

/**
* Triggered when an external subject token is needed to be exchanged for a
* GCP access token via GCP STS endpoint.
Expand Down
53 changes: 0 additions & 53 deletions test/test.awsclient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -229,59 +229,6 @@ describe('AwsClient', () => {
assert.doesNotThrow(() => new AwsClient(validOptions));
});

it('should throw when an unsupported credential_source is provided', () => {
const expectedError = new RangeError(
'Invalid host "baddomain.com" for "url". Expecting 169.254.169.254 or fd00:ec2::254.'
);
const invalidCredentialSource = Object.assign({}, awsCredentialSource);
invalidCredentialSource.url = 'http://baddomain.com/fake';
const invalidOptions = {
type: 'external_account',
audience,
subject_token_type: 'urn:ietf:params:aws:token-type:aws4_request',
token_url: getTokenUrl(),
credential_source: invalidCredentialSource,
};

assert.throws(() => new AwsClient(invalidOptions), expectedError);
});

it('should throw when an unsupported imdsv2_session_token_url is provided', () => {
const expectedError = new RangeError(
'Invalid host "baddomain.com" for "imdsv2_session_token_url". Expecting 169.254.169.254 or fd00:ec2::254.'
);
const invalidCredentialSource = Object.assign(
{imdsv2_session_token_url: 'http://baddomain.com/fake'},
awsCredentialSource
);
const invalidOptions = {
type: 'external_account',
audience,
subject_token_type: 'urn:ietf:params:aws:token-type:aws4_request',
token_url: getTokenUrl(),
credential_source: invalidCredentialSource,
};

assert.throws(() => new AwsClient(invalidOptions), expectedError);
});

it('should throw when an unsupported region_url is provided', () => {
const expectedError = new RangeError(
'Invalid host "baddomain.com" for "region_url". Expecting 169.254.169.254 or fd00:ec2::254.'
);
const invalidCredentialSource = Object.assign({}, awsCredentialSource);
invalidCredentialSource.region_url = 'http://baddomain.com/fake';
const invalidOptions = {
type: 'external_account',
audience,
subject_token_type: 'urn:ietf:params:aws:token-type:aws4_request',
token_url: getTokenUrl(),
credential_source: invalidCredentialSource,
};

assert.throws(() => new AwsClient(invalidOptions), expectedError);
});

it('should throw when an unsupported environment ID is provided', () => {
const expectedError = new Error(
'No valid AWS "credential_source" provided'
Expand Down

0 comments on commit f4d9335

Please sign in to comment.