added support for EKS pod identity (#4565)

* added support for EKS pod identity Signed-off-by: Kratik Jain <[email protected]> * removed async await Signed-off-by: Kratik Jain <[email protected]> * added changelog Signed-off-by: Kratik Jain <[email protected]> * fix: formatting, prioritize auth token vs. token file --------- Signed-off-by: Kratik Jain <[email protected]> Co-authored-by: George Fu <[email protected]>
aws · Feb 1, 2024 · 1596ee4 · 1596ee4
1 parent ce38231
commit 1596ee4
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 2 deletions.
diff --git a/.changes/next-release/bugfix-eks-pod-identity-a72fa9c9.json b/.changes/next-release/bugfix-eks-pod-identity-a72fa9c9.json
@@ -0,0 +1,5 @@
+{
+  "type": "bugfix",
+  "category": "eks pod identity",
+  "description": "adds support to use eks pod identity"
+}
diff --git a/lib/credentials/remote_credentials.js b/lib/credentials/remote_credentials.js
@@ -1,10 +1,13 @@
+var fs = require('fs');
+
 var AWS = require('../core'),
   ENV_RELATIVE_URI = 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI',
   ENV_FULL_URI = 'AWS_CONTAINER_CREDENTIALS_FULL_URI',
   ENV_AUTH_TOKEN = 'AWS_CONTAINER_AUTHORIZATION_TOKEN',
+  ENV_AUTH_TOKEN_FILE = 'AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE',
   FULL_URI_UNRESTRICTED_PROTOCOLS = ['https:'],
   FULL_URI_ALLOWED_PROTOCOLS = ['http:', 'https:'],
-  FULL_URI_ALLOWED_HOSTNAMES = ['localhost', '127.0.0.1'],
+  FULL_URI_ALLOWED_HOSTNAMES = ['localhost', '127.0.0.1', '169.254.170.23'],
   RELATIVE_URI_HOST = '169.254.170.2';
 
 /**
@@ -113,7 +116,16 @@ AWS.RemoteCredentials = AWS.util.inherit(AWS.Credentials, {
    * @api private
    */
   getECSAuthToken: function getECSAuthToken() {
-    if (process && process.env && process.env[ENV_FULL_URI]) {
+    if (process && process.env && (process.env[ENV_FULL_URI] || process.env[ENV_AUTH_TOKEN_FILE])) {
+      if (!process.env[ENV_AUTH_TOKEN] && process.env[ENV_AUTH_TOKEN_FILE]) {
+        try {
+          var data = fs.readFileSync(process.env[ENV_AUTH_TOKEN_FILE]).toString();
+          return data;
+        } catch (error) {
+          console.error('Error reading token file:', error);
+          throw error; // Re-throw the error to propagate it
+        }
+      }
       return process.env[ENV_AUTH_TOKEN];
     }
   },