Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance FIPS, DualStack, IMDS Endpoint Support #22804

Merged
merged 13 commits into from
Feb 2, 2022
Merged

Enhance FIPS, DualStack, IMDS Endpoint Support #22804

merged 13 commits into from
Feb 2, 2022

Conversation

YakDriver
Copy link
Member

@YakDriver YakDriver commented Jan 27, 2022
edited
Loading

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #20824
Requires hashicorp/aws-sdk-go-base#88
Relates aws/aws-sdk-go#3938

Running a similar config to #20824:

provider "aws" {
  region = "us-west-2"

  assume_role {
    role_arn = "arn:aws:iam::012345678901:role/Litnupras"
  }

  endpoints {
    sts = "https://sts-fips.us-west-2.amazonaws.com"
  }
}

data "aws_caller_identity" "this" {}

The current provider throws the error shown in #20824. However, with a provider built from this branch, this is the result (the correct result since it creates no resources):

% terraform apply

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Output from acceptance testing (randomly chosen to make sure things work as normal):

% make testacc TESTS=TestAccS3Object_ PKG=s3     
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/s3/... -v -count 1 -parallel 20 -run='TestAccS3Object_'  -timeout 180m
--- SKIP: TestAccS3Object_nonVersioned (1.43s)
--- PASS: TestAccS3Object_noNameNoKey (4.72s)
--- PASS: TestAccS3Object_withContentCharacteristics (37.20s)
--- PASS: TestAccS3Object_objectBucketKeyEnabled (42.14s)
--- PASS: TestAccS3Object_defaultBucketSSE (44.44s)
--- PASS: TestAccS3Object_etagEncryption (43.17s)
--- PASS: TestAccS3Object_bucketBucketKeyEnabled (44.73s)
--- PASS: TestAccS3Object_sse (44.75s)
--- PASS: TestAccS3Object_kms (45.31s)
--- PASS: TestAccS3Object_updates (71.94s)
--- PASS: TestAccS3Object_updateSameFile (72.64s)
--- PASS: TestAccS3Object_contentBase64 (30.58s)
--- PASS: TestAccS3Object_ignoreTags (74.07s)
--- PASS: TestAccS3Object_updatesWithVersioningViaAccessPoint (74.38s)
--- PASS: TestAccS3Object_updatesWithVersioning (76.49s)
--- PASS: TestAccS3Object_content (33.55s)
--- PASS: TestAccS3Object_source (33.57s)
--- PASS: TestAccS3Object_metadata (100.18s)
--- PASS: TestAccS3Object_objectLockLegalHoldStartWithNone (102.18s)
--- PASS: TestAccS3Object_sourceHashTrigger (60.50s)
--- PASS: TestAccS3Object_empty (30.88s)
--- PASS: TestAccS3Object_acl (103.58s)
--- PASS: TestAccS3Object_objectLockLegalHoldStartWithOn (61.97s)
--- PASS: TestAccS3Object_tagsLeadingMultipleSlashes (125.72s)
--- PASS: TestAccS3Object_tagsMultipleSlashes (125.82s)
--- PASS: TestAccS3Object_tagsLeadingSingleSlash (128.17s)
--- PASS: TestAccS3Object_tags (128.34s)
--- PASS: TestAccS3Object_objectLockRetentionStartWithNone (87.50s)
--- PASS: TestAccS3Object_storageClass (150.26s)
--- PASS: TestAccS3Object_objectLockRetentionStartWithSet (110.37s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/s3	156.292s

@github-actions github-actions bot added client-connections Pertains to the AWS Client and service connections. provider Pertains to the provider itself, rather than any interaction with AWS. size/XL Managed by automation to categorize the size of a PR. labels Jan 27, 2022
@YakDriver YakDriver marked this pull request as draft January 27, 2022 19:41
@YakDriver YakDriver added this to the v4.0.0 milestone Jan 27, 2022
@YakDriver YakDriver changed the title Enhance FIPS Support Enhance FIPS, DualStack, Unique STS Region Support Jan 27, 2022
@YakDriver YakDriver force-pushed the f-enhance-fips-support branch from 22b5c80 to 4623d65 Compare February 2, 2022 01:06
@YakDriver YakDriver marked this pull request as ready for review February 2, 2022 01:12
@github-actions github-actions bot added sweeper Pertains to changes to or issues with the sweeper. and removed sweeper Pertains to changes to or issues with the sweeper. labels Feb 2, 2022
@ewbankkit
Copy link
Contributor

Also need to update website/docs/index.html.markdown.

ewbankkit
ewbankkit approved these changes Feb 2, 2022
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccEC2Instance_basic' PKG=ec2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 20  -run=TestAccEC2Instance_basic -timeout 180m
=== RUN   TestAccEC2Instance_basic
=== PAUSE TestAccEC2Instance_basic
=== CONT  TestAccEC2Instance_basic
--- PASS: TestAccEC2Instance_basic (117.74s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/ec2	121.414s
% AWS_USE_FIPS_ENDPOINT=true make testacc TESTARGS='-run=TestAccEC2Instance_basic' PKG=ec2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 20  -run=TestAccEC2Instance_basic -timeout 180m
=== RUN   TestAccEC2Instance_basic
=== PAUSE TestAccEC2Instance_basic
=== CONT  TestAccEC2Instance_basic
--- PASS: TestAccEC2Instance_basic (130.23s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/ec2	133.764s

@github-actions github-actions bot added documentation Introduces or discusses updates to documentation. sweeper Pertains to changes to or issues with the sweeper. labels Feb 2, 2022
@YakDriver YakDriver merged commit 70750f7 into main Feb 2, 2022
@YakDriver YakDriver deleted the f-enhance-fips-support branch February 2, 2022 23:03
github-actions bot pushed a commit that referenced this pull request Feb 2, 2022
Update CHANGELOG.md for #22804
ada73cd
@YakDriver YakDriver mentioned this pull request Feb 3, 2022
Closed
@anGie44 anGie44 mentioned this pull request Feb 7, 2022
Closed
@YakDriver YakDriver mentioned this pull request Feb 7, 2022
Merged
@github-actions
Copy link

This functionality has been released in v4.0.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@YakDriver YakDriver mentioned this pull request Feb 10, 2022
Closed
@YakDriver YakDriver changed the title Enhance FIPS, DualStack, Unique STS Region Support Enhance FIPS, DualStack, IMDS Endpoint Support Feb 10, 2022
@YakDriver YakDriver mentioned this pull request Feb 14, 2022
Closed
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 20, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees
No one assigned
Labels
client-connections Pertains to the AWS Client and service connections. documentation Introduces or discusses updates to documentation. provider Pertains to the provider itself, rather than any interaction with AWS. size/XL Managed by automation to categorize the size of a PR. sweeper Pertains to changes to or issues with the sweeper.
Projects
None yet
Milestone
v4.0.0
Development

Successfully merging this pull request may close these issues.

Provider assume_role fails when using FIPS endpoint for STS and regions other than us-east-1
2 participants
@YakDriver @ewbankkit