From 1596ee47ed8a5886a7d58503e3c37e4ee911b607 Mon Sep 17 00:00:00 2001 From: Kratik Jain Date: Fri, 2 Feb 2024 03:11:38 +0530 Subject: [PATCH] added support for EKS pod identity (#4565) * added support for EKS pod identity Signed-off-by: Kratik Jain * removed async await Signed-off-by: Kratik Jain * added changelog Signed-off-by: Kratik Jain * fix: formatting, prioritize auth token vs. token file --------- Signed-off-by: Kratik Jain Co-authored-by: George Fu --- .../bugfix-eks-pod-identity-a72fa9c9.json | 5 +++++ lib/credentials/remote_credentials.js | 16 ++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 .changes/next-release/bugfix-eks-pod-identity-a72fa9c9.json diff --git a/.changes/next-release/bugfix-eks-pod-identity-a72fa9c9.json b/.changes/next-release/bugfix-eks-pod-identity-a72fa9c9.json new file mode 100644 index 0000000000..522f4346ee --- /dev/null +++ b/.changes/next-release/bugfix-eks-pod-identity-a72fa9c9.json @@ -0,0 +1,5 @@ +{ + "type": "bugfix", + "category": "eks pod identity", + "description": "adds support to use eks pod identity" +} \ No newline at end of file diff --git a/lib/credentials/remote_credentials.js b/lib/credentials/remote_credentials.js index a98d4da9fd..9d924b1c7b 100644 --- a/lib/credentials/remote_credentials.js +++ b/lib/credentials/remote_credentials.js @@ -1,10 +1,13 @@ +var fs = require('fs'); + var AWS = require('../core'), ENV_RELATIVE_URI = 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI', ENV_FULL_URI = 'AWS_CONTAINER_CREDENTIALS_FULL_URI', ENV_AUTH_TOKEN = 'AWS_CONTAINER_AUTHORIZATION_TOKEN', + ENV_AUTH_TOKEN_FILE = 'AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE', FULL_URI_UNRESTRICTED_PROTOCOLS = ['https:'], FULL_URI_ALLOWED_PROTOCOLS = ['http:', 'https:'], - FULL_URI_ALLOWED_HOSTNAMES = ['localhost', '127.0.0.1'], + FULL_URI_ALLOWED_HOSTNAMES = ['localhost', '127.0.0.1', '169.254.170.23'], RELATIVE_URI_HOST = '169.254.170.2'; /** @@ -113,7 +116,16 @@ AWS.RemoteCredentials = AWS.util.inherit(AWS.Credentials, { * @api private */ getECSAuthToken: function getECSAuthToken() { - if (process && process.env && process.env[ENV_FULL_URI]) { + if (process && process.env && (process.env[ENV_FULL_URI] || process.env[ENV_AUTH_TOKEN_FILE])) { + if (!process.env[ENV_AUTH_TOKEN] && process.env[ENV_AUTH_TOKEN_FILE]) { + try { + var data = fs.readFileSync(process.env[ENV_AUTH_TOKEN_FILE]).toString(); + return data; + } catch (error) { + console.error('Error reading token file:', error); + throw error; // Re-throw the error to propagate it + } + } return process.env[ENV_AUTH_TOKEN]; } },