fix(aws): cn-north-1 support

To use EC2 inside `cn-north-1` (China) region, you must set `SPINNAKER_AWS_DEFAULT_REGION` to `cn-north-1`. To use outside of EC2 (e.g. docker-compose) for China region, you must set both `SPINNAKER_AWS_DEFAULT_REGION` and `AWS_REGION` to `cn-north-1`.

clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/CopyLastAsgAtomicOperation.groovy

@@ -43,7 +43,7 @@ import org.springframework.validation.Errors
 import java.util.regex.Pattern
 
 class CopyLastAsgAtomicOperation implements AtomicOperation<DeploymentResult> {
-  private static final Pattern ALB_ARN_PATTERN = Pattern.compile(/^arn:aws:elasticloadbalancing:[^:]+:[^:]+:loadbalancer\/app\/([^\/]+)\/.+$/)
+  private static final Pattern ALB_ARN_PATTERN = Pattern.compile(/^arn:aws(?:-cn)?:elasticloadbalancing:[^:]+:[^:]+:loadbalancer\/app\/([^\/]+)\/.+$/)
   private static final String BASE_PHASE = "COPY_LAST_ASG"
 
   private static Task getTask() {

clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/health/AmazonHealthIndicator.groovy

@@ -65,7 +65,8 @@ class AmazonHealthIndicator implements HealthIndicator {
       } as Set<NetflixAmazonCredentials>
       for (NetflixAmazonCredentials credentials in amazonCredentials) {
         try {
-          def ec2 = amazonClientProvider.getAmazonEC2(credentials, AmazonClientProvider.DEFAULT_REGION, true)
+          def region = AmazonClientProvider.DEFAULT_REGION ?: credentials.getRegions().get(0).name
+          def ec2 = amazonClientProvider.getAmazonEC2(credentials, region, true)
           if (!ec2) {
             throw new AmazonClientException("Could not create Amazon client for ${credentials.name}")
           }

clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/ARN.java

@@ -24,7 +24,7 @@
 
 class ARN {
 
-  static final Pattern PATTERN = Pattern.compile("arn:aws:.*:(.*):(\\d+):(.*)");
+  static final Pattern PATTERN = Pattern.compile("arn:aws(?:-cn)?:.*:(.*):(\\d+):(.*)");
 
   String arn;
   String region;

clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonLoadBalancerV2InstanceStateCachingAgent.groovy

@@ -45,7 +45,7 @@ import static com.netflix.spinnaker.clouddriver.core.provider.agent.Namespace.IN
 
 @Slf4j
 class AmazonLoadBalancerV2InstanceStateCachingAgent implements CachingAgent, HealthProvidingCachingAgent {
-  private static final Pattern ALB_ARN_PATTERN = Pattern.compile(/^arn:aws:elasticloadbalancing:[^:]+:[^:]+:loadbalancer\/app\/([^\/]+)\/.+$/)
+  private static final Pattern ALB_ARN_PATTERN = Pattern.compile(/^arn:aws(?:-cn)?:elasticloadbalancing:[^:]+:[^:]+:loadbalancer\/app\/([^\/]+)\/.+$/)
   final AmazonClientProvider amazonClientProvider
   final NetflixAmazonCredentials account
   final String region

clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonClientProvider.java

@@ -16,8 +16,13 @@
 
 package com.netflix.spinnaker.clouddriver.aws.security;
 
+import com.amazonaws.AmazonClientException;
 import com.amazonaws.auth.AWSCredentialsProvider;
 import com.amazonaws.handlers.RequestHandler2;
+import com.amazonaws.regions.AwsRegionProvider;
+import com.amazonaws.regions.DefaultAwsRegionProviderChain;
+import com.amazonaws.regions.Region;
+import com.amazonaws.regions.Regions;
 import com.amazonaws.retry.PredefinedRetryPolicies;
 import com.amazonaws.retry.RetryPolicy;
 import com.amazonaws.services.autoscaling.AmazonAutoScaling;
@@ -65,7 +70,23 @@
  */
 public class AmazonClientProvider {
 
-  public static final String DEFAULT_REGION = null;
+  public static final String DEFAULT_REGION;
+
+  static {
+    final AwsRegionProvider defaultRegionProvider = new DefaultAwsRegionProviderChain();
+    String region;
+    try {
+      region = defaultRegionProvider.getRegion();
+    } catch (AmazonClientException _e) {
+      region = null;
+    }
+    if (region == null) {
+      final Region currentRegion = Regions.getCurrentRegion();
+      DEFAULT_REGION = currentRegion == null ? null : currentRegion.getName();
+    } else {
+      DEFAULT_REGION = region;
+    }
+  }
 
   private final AwsSdkClientSupplier awsSdkClientSupplier;
   private final ProxyHandlerBuilder proxyHandlerBuilder;

clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AssumeRoleAmazonCredentials.java

@@ -32,9 +32,13 @@ public class AssumeRoleAmazonCredentials extends AmazonCredentials {
     static final String DEFAULT_SESSION_NAME = "Spinnaker";
 
     static AWSCredentialsProvider createSTSCredentialsProvider(AWSCredentialsProvider credentialsProvider, String accountId, String assumeRole, String sessionName) {
+        String assumeRoleValue = Objects.requireNonNull(assumeRole, "assumeRole");
+        if (!assumeRoleValue.startsWith("arn:")) {
+          assumeRoleValue = String.format("arn:aws:iam::%s:%s", Objects.requireNonNull(accountId, "accountId"), assumeRoleValue);
+        }
         return credentialsProvider == null ? null : new NetflixSTSAssumeRoleSessionCredentialsProvider(
           credentialsProvider,
-          String.format("arn:aws:iam::%s:%s", Objects.requireNonNull(accountId, "accountId"), Objects.requireNonNull(assumeRole, "assumeRole")),
+          assumeRoleValue,
           Objects.requireNonNull(sessionName, "sessionName"),
           accountId
         );

clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/DefaultAWSAccountInfoLookup.java

@@ -34,7 +34,7 @@
 
 public class DefaultAWSAccountInfoLookup implements AWSAccountInfoLookup {
     private static final String DEFAULT_SECURITY_GROUP_NAME = "default";
-    private static final Pattern IAM_ARN_PATTERN = Pattern.compile(".*?arn:aws:(?:iam|sts)::(\\d+):.*");
+    private static final Pattern IAM_ARN_PATTERN = Pattern.compile(".*?arn:aws(?:-cn)?:(?:iam|sts)::(\\d+):.*");
 
     private final AWSCredentialsProvider credentialsProvider;
     private final AmazonClientProvider amazonClientProvider;