-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IMDSv2 support #11
base: master
Are you sure you want to change the base?
IMDSv2 support #11
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Test 1: EC2 using IMDSv1, Sys.setenv(USE_IMDS_TOKEN="TRUE")
Expected result: Should be able to access S3.
Actual result: Success, able to access S3.
Test 2: EC2 using IMDSv1, Sys.setenv(USE_IMDS_TOKEN="FALSE") or not set at all.
Expected result: Should be able to access S3, as in the original code.
Actual result: Failure - see comment. Header cannot be NULL.
Test 3: EC2 using IMDSv2, Sys.setenv(USE_IMDS_TOKEN="TRUE")
Expected result: Should be able to access S3 (unlike before).
Actual result: Success, able to access S3.
Test 4: EC2 using IMDSv2, Sys.setenv(USE_IMDS_TOKEN="FALSE") or not set at all.
Expected result: Should not be able to access S3, as in the original code.
Actual result: Not able to access S3, but for wrong reason (header = NULL). Addressing test #2's failure will fix this.
R/aws.ec2metadata-package.R
Outdated
timeout <- get_timeout() | ||
handle <- curl::new_handle(timeout_ms = timeout) | ||
|
||
curl::handle_setheaders(handle, 'X-aws-ec2-metadata-token' = token) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This fails if token = NULL. For example if I use an EC2 using IMDSv1, and I don't set USE_IMDS_TOKEN
to TRUE, and I run aws.ec2metadata::metadata$iam_role_names()
I get the following error:
Error in curl::handle_setheaders(handle, X-aws-ec2-metadata-token
= token): All headers must be strings.
Using a blank string instead seems to work when a token isn't required (IMDSv1).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added a check for is.null prior to setting the header. I'm unable to test at the moment, so I would appreciate if you can verify that it solves the issue. Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This works! The tests described above all have the expected results now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! Now I guess we just need someone to merge?
Is there a reason this hasnt been merged? |
Would be great to see it merged |
Please! |
Please ensure the following before submitting a PR:
/R
not/man
and rundevtools::document()
to update documentation/tests
for any new functionality or bug fixR CMD check
runs without error before submitting the PR