From 35c6fe9826b9fdfd41ad0de5d96a5d8158ab2d1c Mon Sep 17 00:00:00 2001 From: Archie Gunasekara Date: Fri, 11 Oct 2024 15:21:07 +1100 Subject: [PATCH 1/6] allow using FIPS endpoint for S3_file resource and update `create_aws_interface` to support it --- libraries/ec2.rb | 7 ++++++- resources/s3_file.rb | 3 ++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/libraries/ec2.rb b/libraries/ec2.rb index 8e3b290e..4e1307c1 100644 --- a/libraries/ec2.rb +++ b/libraries/ec2.rb @@ -69,8 +69,13 @@ def fallback_region # setup AWS instance using passed creds, iam profile, or assumed role def create_aws_interface(aws_interface, **opts) + use_fips_endpoint = false + if opts.key?(:use_fips_endpoint) + use_fips_endpoint = opts[:use_fips_endpoint] + end aws_interface_opts = { region: opts[:region], - http_proxy: ENV['http_proxy'] } + http_proxy: ENV['http_proxy'], + use_fips_endpoint: use_fips_endpoint } if opts[:mock] # return a mocked interface aws_interface_opts[:stub_responses] = true diff --git a/resources/s3_file.rb b/resources/s3_file.rb index 235ea2f7..c2be513a 100644 --- a/resources/s3_file.rb +++ b/resources/s3_file.rb @@ -17,6 +17,7 @@ property :manage_symlink_source, [true, false] property :virtual_host, [true, false], default: false property :s3_url, String +property :use_fips_endpoint, [true, false], default: false # Intentionally not using platform_family?('windows') due to a bug/issue # where this method is not abvailable in the context of gating properties # TODO: update when this is fixed @@ -60,7 +61,7 @@ def s3 require 'aws-sdk-s3' Chef::Log.debug('Initializing the S3 Client') - @s3 ||= create_aws_interface(::Aws::S3::Client, region: new_resource.region) + @s3 ||= create_aws_interface(::Aws::S3::Client, region: new_resource.region, use_fips_endpoint: use_fips_endpoint) end def s3_obj From b791db22ade54f562f11b19687697b47dfa168df Mon Sep 17 00:00:00 2001 From: Archie Gunasekara Date: Fri, 11 Oct 2024 15:30:18 +1100 Subject: [PATCH 2/6] update the readme --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a7f68a73..8bda7d90 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ This file is used to list changes made in each version of the aws cookbook. ## Unreleased +## 9.1.8 - *2024-10-11* + +Enable the use of the FIPS endpoint for the `S3_file` resource and update the `create_aws_interface` method to support this functionality + ## 9.1.7 - *2024-07-10* Standardise files with files in sous-chefs/repo-management From 5132850c9087a0e80439aa095997e37da072160a Mon Sep 17 00:00:00 2001 From: Archie Gunasekara Date: Fri, 11 Oct 2024 15:31:55 +1100 Subject: [PATCH 3/6] update --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8bda7d90..fec92345 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ This file is used to list changes made in each version of the aws cookbook. ## 9.1.8 - *2024-10-11* -Enable the use of the FIPS endpoint for the `S3_file` resource and update the `create_aws_interface` method to support this functionality +Enable the use of the FIPS endpoint for the S3_file resource and update the create_aws_interface method to support this functionality ## 9.1.7 - *2024-07-10* From fc9cca499200f46cc3c315f26f5945b33c6b2a87 Mon Sep 17 00:00:00 2001 From: Achintha Gunasekara Date: Tue, 15 Oct 2024 08:07:17 +1100 Subject: [PATCH 4/6] Update libraries/ec2.rb Co-authored-by: Corey Hemminger --- libraries/ec2.rb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/libraries/ec2.rb b/libraries/ec2.rb index 4e1307c1..1e06032d 100644 --- a/libraries/ec2.rb +++ b/libraries/ec2.rb @@ -69,10 +69,7 @@ def fallback_region # setup AWS instance using passed creds, iam profile, or assumed role def create_aws_interface(aws_interface, **opts) - use_fips_endpoint = false - if opts.key?(:use_fips_endpoint) - use_fips_endpoint = opts[:use_fips_endpoint] - end + use_fips_endpoint = opts.key?(:use_fips_endpoint) ? opts[:use_fips_endpoint] : false aws_interface_opts = { region: opts[:region], http_proxy: ENV['http_proxy'], use_fips_endpoint: use_fips_endpoint } From 73303c8f5131bc49908fb687ea28a4e63e6d55a9 Mon Sep 17 00:00:00 2001 From: Archie Gunasekara Date: Tue, 15 Oct 2024 10:33:49 +1100 Subject: [PATCH 5/6] fix the use_fips_endpoint`use_fips_endpoint` oassed into `create_aws_interface` --- resources/s3_file.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/s3_file.rb b/resources/s3_file.rb index c2be513a..b2963f92 100644 --- a/resources/s3_file.rb +++ b/resources/s3_file.rb @@ -61,7 +61,7 @@ def s3 require 'aws-sdk-s3' Chef::Log.debug('Initializing the S3 Client') - @s3 ||= create_aws_interface(::Aws::S3::Client, region: new_resource.region, use_fips_endpoint: use_fips_endpoint) + @s3 ||= create_aws_interface(::Aws::S3::Client, region: new_resource.region, use_fips_endpoint: new_resource.use_fips_endpoint) end def s3_obj From 1fb70eb31b643427f205e16da0c72dd26d0d3765 Mon Sep 17 00:00:00 2001 From: Lance Albertson Date: Sat, 26 Oct 2024 20:12:50 -0700 Subject: [PATCH 6/6] Fixes to get CI to run Signed-off-by: Lance Albertson --- CHANGELOG.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fec92345..9eb90041 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,9 +4,7 @@ This file is used to list changes made in each version of the aws cookbook. ## Unreleased -## 9.1.8 - *2024-10-11* - -Enable the use of the FIPS endpoint for the S3_file resource and update the create_aws_interface method to support this functionality +- Enable the use of the FIPS endpoint for the `S3_file` resource and update the `create_aws_interface` method to support this functionality ## 9.1.7 - *2024-07-10* @@ -651,7 +649,6 @@ Update checkout to v3 in ci.yml [@bazbremner]: https://github.com/bazbremner [@dhui]: https://github.com/dhui [@drmerlin]: https://github.com/DrMerlin -[@drywheat]: https://github.com/drywheat [@knorby]: https://github.com/knorby [@miketheman]: https://github.com/miketheman [@mkantor]: https://github.com/mkantor