diff --git a/agent/taskresource/fsxwindowsfileserver/fsxwindowsfileserver_windows.go b/agent/taskresource/fsxwindowsfileserver/fsxwindowsfileserver_windows.go index 6b9e5e87992..271b25d90d7 100644 --- a/agent/taskresource/fsxwindowsfileserver/fsxwindowsfileserver_windows.go +++ b/agent/taskresource/fsxwindowsfileserver/fsxwindowsfileserver_windows.go @@ -20,7 +20,6 @@ import ( "encoding/json" "fmt" "os/exec" - "path/filepath" "strings" "sync" "time" @@ -479,15 +478,24 @@ func (fv *FSxWindowsFileServerResource) retrieveSSMCredentials(credentialsParame } ssmClient := fv.ssmClientCreator.NewSSMClient(fv.region, iamCredentials) - ssmParam := filepath.Base(parsedARN.Resource) - ssmParams := []string{ssmParam} + // parsedARN.Resource looks like "arn:aws:ssm:us-west-2:123456789012:parameter/sample1/sample2/parameter1" + // We cut by parameter and get "arn:aws:ssm:us-west-2:123456789012:parameter", "/sample1/sample2/parameter1", True/False + _, ssmParamName, found := strings.Cut(parsedARN.Resource, "parameter") + if !found { + err = errors.New("unxpected error. expected fsx credential ssm arn but did not find string 'parameter' in the arn") + fv.setTerminalReason(err.Error()) + return err + + } + + ssmParams := []string{ssmParamName} ssmParamMap, err := ssm.GetParametersFromSSM(ssmParams, ssmClient) if err != nil { return err } - ssmParamData, _ := ssmParamMap[ssmParam] + ssmParamData, _ := ssmParamMap[ssmParamName] creds := FSxWindowsFileServerCredentials{} if err := json.Unmarshal([]byte(ssmParamData), &creds); err != nil { diff --git a/agent/taskresource/fsxwindowsfileserver/fsxwindowsfileserver_windows_test.go b/agent/taskresource/fsxwindowsfileserver/fsxwindowsfileserver_windows_test.go index 20682d960a6..6c40c8e5091 100644 --- a/agent/taskresource/fsxwindowsfileserver/fsxwindowsfileserver_windows_test.go +++ b/agent/taskresource/fsxwindowsfileserver/fsxwindowsfileserver_windows_test.go @@ -143,7 +143,7 @@ func TestRetrieveCredentials(t *testing.T) { InvalidParameters: []*string{}, Parameters: []*ssm.Parameter{ &ssm.Parameter{ - Name: aws.String("test"), + Name: aws.String("/test"), Value: aws.String(ssmTestData), }, }, @@ -167,35 +167,74 @@ func TestRetrieveCredentials(t *testing.T) { } func TestRetrieveSSMCredentials(t *testing.T) { - fv, _, ssmClientCreator, _, _, mockSSMClient, _, _ := setup(t) - credentialsParameterARN := "arn:aws:ssm:us-west-2:123456789012:parameter/test" - - ssmTestData := "{\n\"username\": \"user\", \n\"password\": \"pass\"\n}" - ssmClientOutput := &ssm.GetParametersOutput{ - InvalidParameters: []*string{}, - Parameters: []*ssm.Parameter{ - &ssm.Parameter{ - Name: aws.String("test"), - Value: aws.String(ssmTestData), - }, + cases := []struct { + Name string + CredentialsParameterARN string + CredentialsParameterName string + }{ + { + Name: "TestRetrieveSSMCredentialsSimple", + CredentialsParameterARN: "arn:aws:ssm:us-west-2:123456789012:parameter/hello", + CredentialsParameterName: "/hello", + }, + { + Name: "TestRetrieveSSMCredentialsPath", + CredentialsParameterARN: "arn:aws:ssm:us-west-2:123456789012:parameter/path1/path2/hello", + CredentialsParameterName: "/path1/path2/hello", + }, + { + Name: "TestRetrieveSSMCredentialsSimpleWithParameter", + CredentialsParameterARN: "arn:aws:ssm:us-east-2:958991572715:parameter/parameter", + CredentialsParameterName: "/parameter", + }, + { + Name: "TestRetrieveSSMCredentialsPathWithParameter", + CredentialsParameterARN: "arn:aws:ssm:us-east-2:958991572715:parameter/path1/path2/parameter", + CredentialsParameterName: "/path1/path2/parameter", + }, + { + Name: "TestRetrieveSSMCredentialsPathWithParameter2", + CredentialsParameterARN: "arn:aws:ssm:us-east-2:958991572715:parameter/path1/parameter/hello", + CredentialsParameterName: "/path1/parameter/hello", }, } - - iamCredentials := credentials.IAMRoleCredentials{ - CredentialsID: "test-cred-id", + for _, tc := range cases { + t.Run(tc.Name, func(t *testing.T) { + fv, _, ssmClientCreator, _, _, mockSSMClient, _, _ := setup(t) + credentialsParameterARN := tc.CredentialsParameterARN + + ssmTestData := "{\n\"username\": \"user\", \n\"password\": \"pass\"\n}" + ssmClientOutput := &ssm.GetParametersOutput{ + InvalidParameters: []*string{}, + Parameters: []*ssm.Parameter{ + &ssm.Parameter{ + Name: aws.String(tc.CredentialsParameterName), + Value: aws.String(ssmTestData), + }, + }, + } + + iamCredentials := credentials.IAMRoleCredentials{ + CredentialsID: "test-cred-id", + } + + gomock.InOrder( + ssmClientCreator.EXPECT().NewSSMClient(gomock.Any(), gomock.Any()).Return(mockSSMClient), + mockSSMClient.EXPECT().GetParameters(&ssm.GetParametersInput{ + Names: []*string{&tc.CredentialsParameterName}, + WithDecryption: aws.Bool(false), + }).Return(ssmClientOutput, nil).Times(1), + ) + + err := fv.retrieveSSMCredentials(credentialsParameterARN, iamCredentials) + assert.NoError(t, err) + + credentials := fv.Credentials + assert.Equal(t, "user", credentials.Username) + assert.Equal(t, "pass", credentials.Password) + }) } - gomock.InOrder( - ssmClientCreator.EXPECT().NewSSMClient(gomock.Any(), gomock.Any()).Return(mockSSMClient), - mockSSMClient.EXPECT().GetParameters(gomock.Any()).Return(ssmClientOutput, nil).Times(1), - ) - - err := fv.retrieveSSMCredentials(credentialsParameterARN, iamCredentials) - assert.NoError(t, err) - - credentials := fv.Credentials - assert.Equal(t, "user", credentials.Username) - assert.Equal(t, "pass", credentials.Password) } func TestRetrieveASMCredentials(t *testing.T) { @@ -489,7 +528,7 @@ func TestCreateUnavailableLocalPath(t *testing.T) { InvalidParameters: []*string{}, Parameters: []*ssm.Parameter{ &ssm.Parameter{ - Name: aws.String("test"), + Name: aws.String("/test"), Value: aws.String(ssmTestData), }, }, @@ -574,7 +613,7 @@ func TestCreateSSM(t *testing.T) { InvalidParameters: []*string{}, Parameters: []*ssm.Parameter{ &ssm.Parameter{ - Name: aws.String("test"), + Name: aws.String("/test"), Value: aws.String(ssmTestData), }, },