First pass on ECS port override support + default credentials provide…

…r update (#148)

include/aws/auth/credentials.h

@@ -256,6 +256,11 @@ struct aws_credentials_provider_ecs_options {
 
     /* For mocking the http layer in tests, leave NULL otherwise */
     struct aws_auth_http_system_vtable *function_table;
+
+    /*
+     * Port to query credentials from.  If zero, 80/443 will be used based on whether or not tls is enabled.
+     */
+    uint16_t port;
 };
 
 /**

source/credentials_provider_default_chain.c

@@ -93,6 +93,7 @@ static struct aws_credentials_provider *s_aws_credentials_provider_new_ecs_or_im
             .path_and_query = uri.path_and_query,
             .tls_ctx = aws_byte_cursor_eq_c_str_ignore_case(&(uri.scheme), "HTTPS") ? tls_ctx : NULL,
             .auth_token = auth_token_cursor,
+            .port = uri.port,
         };
 
         ecs_or_imds_provider = aws_credentials_provider_new_ecs(allocator, &ecs_options);

source/credentials_provider_ecs.c

@@ -552,7 +552,11 @@ struct aws_credentials_provider *aws_credentials_provider_new_ecs(
     manager_options.initial_window_size = ECS_RESPONSE_SIZE_LIMIT;
     manager_options.socket_options = &socket_options;
     manager_options.host = options->host;
-    manager_options.port = options->tls_ctx ? 443 : 80;
+    if (options->port == 0) {
+        manager_options.port = options->tls_ctx ? 443 : 80;
+    } else {
+        manager_options.port = options->port;
+    }
     manager_options.max_connections = 2;
     manager_options.shutdown_complete_callback = s_on_connection_manager_shutdown;
     manager_options.shutdown_complete_user_data = provider;

tests/credentials_provider_ecs_tests.c

@@ -32,6 +32,7 @@ struct aws_mock_ecs_tester {
     struct aws_credentials *credentials;
     bool has_received_credentials_callback;
     bool has_received_shutdown_callback;
+    uint16_t selected_port;
 
     int error_code;
 };
@@ -67,6 +68,10 @@ static struct aws_http_connection_manager *s_aws_http_connection_manager_new_moc
     (void)allocator;
     (void)options;
 
+    aws_mutex_lock(&s_tester.lock);
+    s_tester.selected_port = options->port;
+    aws_mutex_unlock(&s_tester.lock);
+
     return (struct aws_http_connection_manager *)1;
 }
 
@@ -305,8 +310,11 @@ static int s_credentials_provider_ecs_connect_failure(struct aws_allocator *allo
 
     s_aws_wait_for_credentials_result();
 
+    aws_mutex_lock(&s_tester.lock);
     ASSERT_TRUE(s_tester.has_received_credentials_callback == true);
     ASSERT_TRUE(s_tester.credentials == NULL);
+    ASSERT_UINT_EQUALS(80, s_tester.selected_port);
+    aws_mutex_unlock(&s_tester.lock);
 
     aws_credentials_provider_release(provider);
 
@@ -349,13 +357,16 @@ static int s_credentials_provider_ecs_request_failure(struct aws_allocator *allo
 
     s_aws_wait_for_credentials_result();
 
+    aws_mutex_lock(&s_tester.lock);
     ASSERT_BIN_ARRAYS_EQUALS(
         s_tester.request_uri.buffer,
         s_tester.request_uri.len,
         s_expected_ecs_relative_uri->bytes,
         s_expected_ecs_relative_uri->len);
     ASSERT_TRUE(s_tester.has_received_credentials_callback == true);
     ASSERT_TRUE(s_tester.credentials == NULL);
+    ASSERT_UINT_EQUALS(80, s_tester.selected_port);
+    aws_mutex_unlock(&s_tester.lock);
 
     aws_credentials_provider_release(provider);
 
@@ -392,6 +403,7 @@ static int s_credentials_provider_ecs_bad_document_failure(struct aws_allocator
         .host = aws_byte_cursor_from_c_str("www.xxx123321testmocknonexsitingawsservice.com"),
         .path_and_query = aws_byte_cursor_from_c_str("/path/to/resource/?a=b&c=d"),
         .auth_token = aws_byte_cursor_from_c_str("test-token-1234-abcd"),
+        .port = 555,
     };
 
     struct aws_credentials_provider *provider = aws_credentials_provider_new_ecs(allocator, &options);
@@ -400,6 +412,7 @@ static int s_credentials_provider_ecs_bad_document_failure(struct aws_allocator
 
     s_aws_wait_for_credentials_result();
 
+    aws_mutex_lock(&s_tester.lock);
     ASSERT_BIN_ARRAYS_EQUALS(
         s_tester.request_uri.buffer,
         s_tester.request_uri.len,
@@ -408,6 +421,8 @@ static int s_credentials_provider_ecs_bad_document_failure(struct aws_allocator
 
     ASSERT_TRUE(s_tester.has_received_credentials_callback == true);
     ASSERT_TRUE(s_tester.credentials == NULL);
+    ASSERT_UINT_EQUALS(555, s_tester.selected_port);
+    aws_mutex_unlock(&s_tester.lock);
 
     aws_credentials_provider_release(provider);
 
@@ -441,6 +456,7 @@ static int s_do_ecs_success_test(
 
     s_aws_wait_for_credentials_result();
 
+    aws_mutex_lock(&s_tester.lock);
     ASSERT_BIN_ARRAYS_EQUALS(
         s_tester.request_uri.buffer,
         s_tester.request_uri.len,
@@ -459,6 +475,7 @@ static int s_do_ecs_success_test(
     aws_date_time_init_from_str_cursor(&expiration, &date_cursor, AWS_DATE_FORMAT_ISO_8601);
     ASSERT_TRUE(
         aws_credentials_get_expiration_timepoint_seconds(s_tester.credentials) == (uint64_t)expiration.timestamp);
+    aws_mutex_unlock(&s_tester.lock);
 
     aws_credentials_provider_release(provider);
 
@@ -564,6 +581,7 @@ static int s_credentials_provider_ecs_success_multi_part_doc(struct aws_allocato
 
     s_aws_wait_for_credentials_result();
 
+    aws_mutex_lock(&s_tester.lock);
     ASSERT_BIN_ARRAYS_EQUALS(
         s_tester.request_uri.buffer,
         s_tester.request_uri.len,
@@ -582,6 +600,7 @@ static int s_credentials_provider_ecs_success_multi_part_doc(struct aws_allocato
     aws_date_time_init_from_str_cursor(&expiration, &date_cursor, AWS_DATE_FORMAT_ISO_8601);
     ASSERT_TRUE(
         aws_credentials_get_expiration_timepoint_seconds(s_tester.credentials) == (uint64_t)expiration.timestamp);
+    aws_mutex_unlock(&s_tester.lock);
 
     aws_credentials_provider_release(provider);
 
@@ -692,7 +711,9 @@ static int s_credentials_provider_ecs_real_success(struct aws_allocator *allocat
 
     s_aws_wait_for_credentials_result();
 
+    aws_mutex_lock(&s_tester.lock);
     ASSERT_TRUE(s_tester.credentials != NULL);
+    aws_mutex_unlock(&s_tester.lock);
 
     aws_credentials_provider_release(provider);