Add support for AWS IMDSv2 in Availability Zone resolver #2688
Conversation
|
Can one of the admins verify this patch? |
|
|
|
|
||
| def v2_token | ||
| @v2_token ||= begin | ||
| token = Facter::Util::Resolvers::AwsToken.get |
There was a problem hiding this comment.
Maybe you need to add this file to your commit? Also could you describe how the behavior changes and why? Some questions that come to mind are: If v2 is unavailable do we fall back to v1? Is v2 versus v1 configurable?
There was a problem hiding this comment.
Hi,
I don't really understand your question about adding a file.
I just copied what happens in ec2.rb
https://github.com/puppetlabs/facter/blob/main/lib/facter/resolvers/ec2.rb
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
IMDSv2 is never supposed to be unavailable. It is a superset on the v1 service.
v1 is supposed to be deprecated at a future date.
Regards,
Stefan.
There was a problem hiding this comment.
I don't really understand your question about adding a file.
Oh sorry, I thought maybe that was why spec tests were failing. But it looks like the webmock expectation needs updating
Thanks for the context about v2. Could you amend your git commit with that info?
zipkid
force-pushed
the
feature/imdsv2-for-aws-az
branch
from
0514fc0 to
62f9312
Compare
This is an advised security improvement for AWS instances. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
zipkid
force-pushed
the
feature/imdsv2-for-aws-az
branch
from
62f9312 to
dd4b584
Compare
|
Closing and reopening to trigger tests |
No description provided.