From d5e6eb03b5dc36845cc44995c6afbbce19a287af Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Khan Date: Thu, 12 Sep 2024 14:42:18 -0700 Subject: [PATCH 1/3] Fix Multiple Shutdown Callback for Profile with STS Code Path (#251) --- source/credentials_provider_profile.c | 14 +++-- tests/credentials_provider_sts_tests.c | 73 +++++++++++++++++++------- 2 files changed, 63 insertions(+), 24 deletions(-) diff --git a/source/credentials_provider_profile.c b/source/credentials_provider_profile.c index 50a0f0d3..264e42ba 100644 --- a/source/credentials_provider_profile.c +++ b/source/credentials_provider_profile.c @@ -344,11 +344,15 @@ static struct aws_credentials_provider *s_create_sts_based_provider( "static: source_profile set to %s", aws_string_c_str(aws_profile_property_get_value(source_profile_property))); - struct aws_credentials_provider_profile_options profile_provider_options = *options; - profile_provider_options.profile_name_override = - aws_byte_cursor_from_string(aws_profile_property_get_value(source_profile_property)); - /* reuse profile collection instead of reading it again */ - profile_provider_options.profile_collection_cached = merged_profiles; + struct aws_credentials_provider_profile_options profile_provider_options = { + .bootstrap = options->bootstrap, + .profile_name_override = + aws_byte_cursor_from_string(aws_profile_property_get_value(source_profile_property)), + /* reuse profile collection instead of reading it again */ + .profile_collection_cached = merged_profiles, + .tls_ctx = options->tls_ctx, + .function_table = options->function_table, + }; sts_options.creds_provider = s_credentials_provider_new_profile_internal(allocator, &profile_provider_options, source_profiles_table); diff --git a/tests/credentials_provider_sts_tests.c b/tests/credentials_provider_sts_tests.c index cee07e8d..f3896db8 100644 --- a/tests/credentials_provider_sts_tests.c +++ b/tests/credentials_provider_sts_tests.c @@ -57,6 +57,8 @@ struct aws_mock_sts_tester { bool fail_connection; + int provider_shutdown_callback_count; + struct aws_event_loop_group *el_group; struct aws_host_resolver *resolver; @@ -78,16 +80,40 @@ static void s_on_connection_manager_shutdown_complete(void *user_data) { aws_condition_variable_notify_one(&s_tester.signal); } -static bool s_has_tester_received_shutdown_callback(void *user_data) { +static bool s_has_tester_received_connection_manager_shutdown_callback(void *user_data) { (void)user_data; return s_tester.mocked_connection_manager_shutdown_callback_count == s_tester.expected_connection_manager_shutdown_callback_count; } +static void s_aws_wait_for_connection_manager_shutdown_callback(void) { + aws_mutex_lock(&s_tester.lock); + aws_condition_variable_wait_pred( + &s_tester.signal, &s_tester.lock, s_has_tester_received_connection_manager_shutdown_callback, NULL); + aws_mutex_unlock(&s_tester.lock); +} + +static void s_on_provider_shutdown(void *user_data) { + (void)user_data; + + aws_mutex_lock(&s_tester.lock); + s_tester.provider_shutdown_callback_count++; + aws_mutex_unlock(&s_tester.lock); + + aws_condition_variable_notify_one(&s_tester.signal); +} + +static bool s_has_tester_received_provider_shutdown_callback(void *user_data) { + (void)user_data; + + return s_tester.provider_shutdown_callback_count; +} + static void s_aws_wait_for_provider_shutdown_callback(void) { aws_mutex_lock(&s_tester.lock); - aws_condition_variable_wait_pred(&s_tester.signal, &s_tester.lock, s_has_tester_received_shutdown_callback, NULL); + aws_condition_variable_wait_pred( + &s_tester.signal, &s_tester.lock, s_has_tester_received_provider_shutdown_callback, NULL); aws_mutex_unlock(&s_tester.lock); } @@ -508,7 +534,7 @@ static int s_credentials_provider_sts_direct_config_succeeds_fn(struct aws_alloc s_tester.mocked_requests[0].body.len); aws_credentials_provider_release(sts_provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); aws_credentials_provider_release(static_provider); ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); @@ -561,7 +587,7 @@ static int s_credentials_provider_sts_direct_config_with_external_id_succeeds_fn s_tester.mocked_requests[0].body.len); aws_credentials_provider_release(sts_provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); aws_credentials_provider_release(static_provider); ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); @@ -658,7 +684,7 @@ static int s_credentials_provider_sts_direct_config_with_region_succeeds_fn( s_tester.mocked_requests[0].body.len); aws_credentials_provider_release(sts_provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); aws_credentials_provider_release(static_provider); ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); @@ -741,7 +767,7 @@ static int s_credentials_provider_sts_direct_config_with_default_region_succeeds s_tester.mocked_requests[0].body.len); aws_credentials_provider_release(sts_provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); aws_credentials_provider_release(static_provider); ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); @@ -829,7 +855,7 @@ static int s_credentials_provider_sts_direct_config_with_region_from_config_succ s_tester.mocked_requests[0].body.len); aws_credentials_provider_release(sts_provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); aws_credentials_provider_release(static_provider); aws_file_delete(config_file_str); aws_string_destroy(config_file_str); @@ -915,7 +941,7 @@ static int s_credentials_provider_sts_direct_config_succeeds_after_retry_fn( s_tester.mocked_requests[0].body.len); aws_credentials_provider_release(sts_provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); aws_credentials_provider_release(static_provider); ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); @@ -999,7 +1025,7 @@ static int s_credentials_provider_sts_direct_config_invalid_doc_fn(struct aws_al s_tester.mocked_requests[0].body.len); aws_credentials_provider_release(sts_provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); aws_credentials_provider_release(static_provider); ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); @@ -1046,7 +1072,7 @@ static int s_credentials_provider_sts_direct_config_connection_failed_fn(struct ASSERT_NULL(s_tester.credentials); aws_credentials_provider_release(sts_provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); aws_credentials_provider_release(static_provider); ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); @@ -1096,7 +1122,7 @@ static int s_credentials_provider_sts_direct_config_service_fails_fn(struct aws_ ASSERT_NULL(s_tester.credentials); aws_credentials_provider_release(sts_provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); aws_credentials_provider_release(static_provider); ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); @@ -1166,6 +1192,10 @@ static int s_credentials_provider_sts_from_profile_config_with_chain_fn(struct a .profile_name_override = aws_byte_cursor_from_c_str("roletest"), .bootstrap = s_tester.bootstrap, .function_table = &s_mock_function_table, + .shutdown_options = + { + .shutdown_callback = s_on_provider_shutdown, + }, }; int expected_num_requests = 3; for (int i = 0; i < expected_num_requests; i++) { @@ -1223,7 +1253,12 @@ static int s_credentials_provider_sts_from_profile_config_with_chain_fn(struct a } aws_credentials_provider_release(provider); + s_aws_wait_for_connection_manager_shutdown_callback(); s_aws_wait_for_provider_shutdown_callback(); + /* There used to be a bug that triggered the shutdown callback multiple times. Sleep for a few seconds + * and validate that we don't trigger the shutdown callback multiple times */ + aws_thread_current_sleep(3000000000); + ASSERT_INT_EQUALS(1, s_tester.provider_shutdown_callback_count); ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); return AWS_OP_SUCCESS; @@ -1331,7 +1366,7 @@ static int s_credentials_provider_sts_from_profile_config_with_ecs_credentials_s } aws_credentials_provider_release(provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); aws_string_destroy(relative_uri_str); aws_string_destroy(config_file_str); aws_string_destroy(creds_file_str); @@ -1443,7 +1478,7 @@ static int s_credentials_provider_sts_from_profile_config_with_chain_and_profile } aws_credentials_provider_release(provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); return AWS_OP_SUCCESS; @@ -1514,7 +1549,7 @@ static int s_credentials_provider_sts_from_profile_config_with_chain_and_partial ASSERT_NULL(s_tester.credentials); ASSERT_INT_EQUALS(s_tester.error_code, AWS_AUTH_SIGNING_NO_CREDENTIALS); aws_credentials_provider_release(provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); return AWS_OP_SUCCESS; @@ -1607,7 +1642,7 @@ static int s_credentials_provider_sts_from_self_referencing_profile_fn(struct aw } aws_credentials_provider_release(provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); return AWS_OP_SUCCESS; @@ -1813,7 +1848,7 @@ static int s_credentials_provider_sts_from_profile_config_succeeds( s_tester.mocked_requests[0].body.len); aws_credentials_provider_release(provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); return AWS_OP_SUCCESS; @@ -1885,7 +1920,7 @@ static int s_credentials_provider_sts_from_profile_config_with_external_id_fn( s_tester.mocked_requests[0].body.len); aws_credentials_provider_release(provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); return AWS_OP_SUCCESS; @@ -1982,7 +2017,7 @@ static int s_credentials_provider_sts_from_profile_config_environment_succeeds_f s_tester.mocked_requests[0].body.len); aws_credentials_provider_release(provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); @@ -2105,7 +2140,7 @@ static int s_credentials_provider_sts_cache_expiration_conflict(struct aws_alloc aws_credentials_provider_release(cached_provider); aws_credentials_provider_release(sts_provider); - s_aws_wait_for_provider_shutdown_callback(); + s_aws_wait_for_connection_manager_shutdown_callback(); aws_credentials_provider_release(static_provider); ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); From 48d647bf43f8872e4dc5ec6343b0c5974195fbdd Mon Sep 17 00:00:00 2001 From: Dmitriy Musatkin <63878209+DmitriyMusatkin@users.noreply.github.com> Date: Mon, 16 Sep 2024 16:28:54 -0700 Subject: [PATCH 2/3] Add more partitions for sts cred provider (#253) --- .gitignore | 1 + include/aws/auth/private/credentials_utils.h | 4 +- source/credentials_utils.c | 56 +++++++-- tests/CMakeLists.txt | 2 + tests/credentials_provider_sts_tests.c | 114 +++++++++---------- tests/credentials_utils_tests.c | 58 ++++++++++ 6 files changed, 169 insertions(+), 66 deletions(-) create mode 100644 tests/credentials_utils_tests.c diff --git a/.gitignore b/.gitignore index 6a8a3686..8b120dc3 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,7 @@ Release *# *.iml tags +.vscode #vim swap file *.swp diff --git a/include/aws/auth/private/credentials_utils.h b/include/aws/auth/private/credentials_utils.h index 269789e9..041023b0 100644 --- a/include/aws/auth/private/credentials_utils.h +++ b/include/aws/auth/private/credentials_utils.h @@ -144,7 +144,7 @@ void aws_credentials_provider_invoke_shutdown_callback(struct aws_credentials_pr * A valid credentials must have "access key" and "secrete access key". * For some services, token and expiration are not required. * So in this API, the keys are provided by callers and this API will - * performe a case insensitive search. + * perform a case insensitive search. */ AWS_AUTH_API struct aws_credentials *aws_parse_credentials_from_aws_json_object( @@ -154,7 +154,7 @@ struct aws_credentials *aws_parse_credentials_from_aws_json_object( /** * This API is similar to aws_parse_credentials_from_aws_json_object, - * except it accpets a char buffer json document as it's input. + * except it accepts a char buffer json document as it's input. */ AWS_AUTH_API struct aws_credentials *aws_parse_credentials_from_json_document( diff --git a/source/credentials_utils.c b/source/credentials_utils.c index b032f541..2cc48a29 100644 --- a/source/credentials_utils.c +++ b/source/credentials_utils.c @@ -359,8 +359,29 @@ struct aws_profile_collection *aws_load_profile_collection_from_config_file( } static struct aws_byte_cursor s_dot_cursor = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("."); -static struct aws_byte_cursor s_amazonaws_cursor = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("amazonaws.com"); -static struct aws_byte_cursor s_cn_cursor = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL(".cn"); + +/* AWS */ +static struct aws_byte_cursor s_aws_dns_suffix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("amazonaws.com"); + +/* AWS CN */ +static struct aws_byte_cursor s_cn_region_prefix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("cn-"); +static struct aws_byte_cursor s_aws_cn_dns_suffix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("amazonaws.com.cn"); + +/* AWS ISO */ +static struct aws_byte_cursor s_iso_region_prefix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("us-iso-"); +static struct aws_byte_cursor s_aws_iso_dns_suffix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("c2s.ic.gov"); + +/* AWS ISO B */ +static struct aws_byte_cursor s_isob_region_prefix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("us-isob-"); +static struct aws_byte_cursor s_aws_isob_dns_suffix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("sc2s.sgov.gov"); + +/* AWS ISO E */ +static struct aws_byte_cursor s_isoe_region_prefix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("eu-isoe-"); +static struct aws_byte_cursor s_aws_isoe_dns_suffix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("cloud.adc-e.uk"); + +/* AWS ISO F */ +static struct aws_byte_cursor s_isof_region_prefix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("us-isof-"); +static struct aws_byte_cursor s_aws_isof_dns_suffix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("csp.hci.ic.gov"); int aws_credentials_provider_construct_regional_endpoint( struct aws_allocator *allocator, @@ -384,17 +405,38 @@ int aws_credentials_provider_construct_regional_endpoint( if (aws_byte_buf_append_dynamic(&endpoint, &service_cursor) || aws_byte_buf_append_dynamic(&endpoint, &s_dot_cursor) || aws_byte_buf_append_dynamic(&endpoint, ®ion_cursor) || - aws_byte_buf_append_dynamic(&endpoint, &s_dot_cursor) || - aws_byte_buf_append_dynamic(&endpoint, &s_amazonaws_cursor)) { + aws_byte_buf_append_dynamic(&endpoint, &s_dot_cursor)) { goto on_error; } - if (aws_string_eq_c_str_ignore_case(region, "cn-north-1") || - aws_string_eq_c_str_ignore_case(region, "cn-northwest-1")) { - if (aws_byte_buf_append_dynamic(&endpoint, &s_cn_cursor)) { + const struct aws_byte_cursor region_cur = aws_byte_cursor_from_string(region); + + if (aws_byte_cursor_starts_with(®ion_cur, &s_cn_region_prefix)) { /* AWS CN partition */ + if (aws_byte_buf_append_dynamic(&endpoint, &s_aws_cn_dns_suffix)) { + goto on_error; + } + } else if (aws_byte_cursor_starts_with(®ion_cur, &s_iso_region_prefix)) { /* AWS ISO partition */ + if (aws_byte_buf_append_dynamic(&endpoint, &s_aws_iso_dns_suffix)) { + goto on_error; + } + } else if (aws_byte_cursor_starts_with(®ion_cur, &s_isob_region_prefix)) { /* AWS ISOB partition */ + if (aws_byte_buf_append_dynamic(&endpoint, &s_aws_isob_dns_suffix)) { + goto on_error; + } + } else if (aws_byte_cursor_starts_with(®ion_cur, &s_isoe_region_prefix)) { /* AWS ISOE partition */ + if (aws_byte_buf_append_dynamic(&endpoint, &s_aws_isoe_dns_suffix)) { + goto on_error; + } + } else if (aws_byte_cursor_starts_with(®ion_cur, &s_isof_region_prefix)) { /* AWS ISOF partition */ + if (aws_byte_buf_append_dynamic(&endpoint, &s_aws_isof_dns_suffix)) { + goto on_error; + } + } else { /* Assume AWS partition for all other regions */ + if (aws_byte_buf_append_dynamic(&endpoint, &s_aws_dns_suffix)) { goto on_error; } } + *out_endpoint = aws_string_new_from_buf(allocator, &endpoint); result = AWS_OP_SUCCESS; diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index a2f9bf6a..b884191d 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -190,6 +190,8 @@ add_test_case(credentials_file_path_environment_test) add_test_case(profile_override_test) add_test_case(profile_environment_test) +add_test_case(credentials_utils_construct_endpoint_test) + add_test_case(sigv4_skip_xray_header_test) add_test_case(sigv4_skip_user_agent_header_test) add_test_case(sigv4_skip_custom_header_test) diff --git a/tests/credentials_provider_sts_tests.c b/tests/credentials_provider_sts_tests.c index f3896db8..3ab73258 100644 --- a/tests/credentials_provider_sts_tests.c +++ b/tests/credentials_provider_sts_tests.c @@ -1268,10 +1268,10 @@ AWS_TEST_CASE( s_credentials_provider_sts_from_profile_config_with_chain_fn) AWS_STATIC_STRING_FROM_LITERAL(s_ecs_creds_env_relative_uri, "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"); -static const char *s_soure_credentials_ecs_config_file = "[default]\n" - "role_arn=arn:aws:iam::67895:role/test_role\n" - "credential_source=EcsContainer\n" - "role_session_name=test_session\n"; +static const char *s_source_credentials_ecs_config_file = "[default]\n" + "role_arn=arn:aws:iam::67895:role/test_role\n" + "credential_source=EcsContainer\n" + "role_session_name=test_session\n"; static struct aws_byte_cursor s_ecs_good_response = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL( "{\"AccessKeyId\":\"SuccessfulAccessKey\", \n \"SecretAccessKey\":\"SuccessfulSecret\", \n " "\"Token\":\"TokenSuccess\", \n \"Expiration\":\"2020-02-25T06:03:31Z\"}"); @@ -1290,9 +1290,9 @@ static int s_credentials_provider_sts_from_profile_config_with_ecs_credentials_s ASSERT_SUCCESS(aws_set_environment_value(s_ecs_creds_env_relative_uri, relative_uri_str)); s_aws_sts_tester_init(allocator); - /* one for ecs provdier and one for sts provider */ + /* one for ecs provider and one for sts provider */ s_tester.expected_connection_manager_shutdown_callback_count = 2; - struct aws_string *config_contents = aws_string_new_from_c_str(allocator, s_soure_credentials_ecs_config_file); + struct aws_string *config_contents = aws_string_new_from_c_str(allocator, s_source_credentials_ecs_config_file); struct aws_string *config_file_str = aws_create_process_unique_file_name(allocator); struct aws_string *creds_file_str = aws_create_process_unique_file_name(allocator); @@ -1378,24 +1378,24 @@ AWS_TEST_CASE( credentials_provider_sts_from_profile_config_with_ecs_credentials_source, s_credentials_provider_sts_from_profile_config_with_ecs_credentials_source_fn) -static const char *s_soure_profile_chain_and_profile_config_file = "[default]\n" - "aws_access_key_id=BLAHBLAH\n" - "aws_secret_access_key=BLAHBLAHBLAH\n" - "\n" - "[roletest]\n" - "role_arn=arn:aws:iam::67895:role/test_role\n" - "source_profile=roletest2\n" - "role_session_name=test_session\n" - "[roletest2]\n" - "role_arn=arn:aws:iam::67896:role/test_role\n" - "source_profile=roletest3\n" - "role_session_name=test_session2\n" - "[roletest3]\n" - "role_arn=arn:aws:iam::67897:role/test_role\n" - "source_profile=default\n" - "role_session_name=test_session3\n" - "aws_access_key_id = BLAH\n" - "aws_secret_access_key = BLAHBLAH\n"; +static const char *s_source_profile_chain_and_profile_config_file = "[default]\n" + "aws_access_key_id=BLAHBLAH\n" + "aws_secret_access_key=BLAHBLAHBLAH\n" + "\n" + "[roletest]\n" + "role_arn=arn:aws:iam::67895:role/test_role\n" + "source_profile=roletest2\n" + "role_session_name=test_session\n" + "[roletest2]\n" + "role_arn=arn:aws:iam::67896:role/test_role\n" + "source_profile=roletest3\n" + "role_session_name=test_session2\n" + "[roletest3]\n" + "role_arn=arn:aws:iam::67897:role/test_role\n" + "source_profile=default\n" + "role_session_name=test_session3\n" + "aws_access_key_id = BLAH\n" + "aws_secret_access_key = BLAHBLAH\n"; static int s_credentials_provider_sts_from_profile_config_with_chain_and_profile_creds_fn( struct aws_allocator *allocator, void *ctx) { @@ -1408,7 +1408,7 @@ static int s_credentials_provider_sts_from_profile_config_with_chain_and_profile s_aws_sts_tester_init(allocator); s_tester.expected_connection_manager_shutdown_callback_count = 2; struct aws_string *config_contents = - aws_string_new_from_c_str(allocator, s_soure_profile_chain_and_profile_config_file); + aws_string_new_from_c_str(allocator, s_source_profile_chain_and_profile_config_file); struct aws_string *config_file_str = aws_create_process_unique_file_name(allocator); struct aws_string *creds_file_str = aws_create_process_unique_file_name(allocator); @@ -1487,7 +1487,7 @@ AWS_TEST_CASE( credentials_provider_sts_from_profile_config_with_chain_and_profile_creds, s_credentials_provider_sts_from_profile_config_with_chain_and_profile_creds_fn) -static const char *s_soure_profile_chain_and_partial_profile_config_file = +static const char *s_source_profile_chain_and_partial_profile_config_file = "[default]\n" "aws_access_key_id=BLAHBLAH\n" "aws_secret_access_key=BLAHBLAHBLAH\n" @@ -1517,7 +1517,7 @@ static int s_credentials_provider_sts_from_profile_config_with_chain_and_partial s_aws_sts_tester_init(allocator); s_tester.expected_connection_manager_shutdown_callback_count = 2; struct aws_string *config_contents = - aws_string_new_from_c_str(allocator, s_soure_profile_chain_and_partial_profile_config_file); + aws_string_new_from_c_str(allocator, s_source_profile_chain_and_partial_profile_config_file); struct aws_string *config_file_str = aws_create_process_unique_file_name(allocator); struct aws_string *creds_file_str = aws_create_process_unique_file_name(allocator); @@ -1558,16 +1558,16 @@ AWS_TEST_CASE( credentials_provider_sts_from_profile_config_with_chain_and_partial_profile_creds, s_credentials_provider_sts_from_profile_config_with_chain_and_partial_profile_creds_fn) -static const char *s_soure_profile_self_assume_role_config_file = "[default]\n" - "aws_access_key_id=BLAHBLAH\n" - "aws_secret_access_key=BLAHBLAHBLAH\n" - "\n" - "[roletest]\n" - "role_arn=arn:aws:iam::67895:role/test_role\n" - "source_profile=roletest\n" - "role_session_name=test_session\n" - "aws_access_key_id = BLAH\n" - "aws_secret_access_key = BLAHBLAH\n"; +static const char *s_source_profile_self_assume_role_config_file = "[default]\n" + "aws_access_key_id=BLAHBLAH\n" + "aws_secret_access_key=BLAHBLAHBLAH\n" + "\n" + "[roletest]\n" + "role_arn=arn:aws:iam::67895:role/test_role\n" + "source_profile=roletest\n" + "role_session_name=test_session\n" + "aws_access_key_id = BLAH\n" + "aws_secret_access_key = BLAHBLAH\n"; static int s_credentials_provider_sts_from_self_referencing_profile_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; @@ -1577,7 +1577,7 @@ static int s_credentials_provider_sts_from_self_referencing_profile_fn(struct aw s_aws_sts_tester_init(allocator); struct aws_string *config_contents = - aws_string_new_from_c_str(allocator, s_soure_profile_self_assume_role_config_file); + aws_string_new_from_c_str(allocator, s_source_profile_self_assume_role_config_file); struct aws_string *config_file_str = aws_create_process_unique_file_name(allocator); struct aws_string *creds_file_str = aws_create_process_unique_file_name(allocator); @@ -1651,22 +1651,22 @@ AWS_TEST_CASE( credentials_provider_sts_from_self_referencing_profile, s_credentials_provider_sts_from_self_referencing_profile_fn) -static const char *s_soure_profile_chain_cycle_config_file = "[default]\n" - "aws_access_key_id=BLAHBLAH\n" - "aws_secret_access_key=BLAHBLAHBLAH\n" - "\n" - "[roletest]\n" - "role_arn=arn:aws:iam::67895:role/test_role\n" - "source_profile=roletest2\n" - "role_session_name=test_session\n" - "[roletest2]\n" - "role_arn=arn:aws:iam::67896:role/test_role\n" - "source_profile=roletest3\n" - "role_session_name=test_session2\n" - "[roletest3]\n" - "role_arn=arn:aws:iam::67897:role/test_role\n" - "source_profile=roletest2\n" - "role_session_name=test_session3\n"; +static const char *s_source_profile_chain_cycle_config_file = "[default]\n" + "aws_access_key_id=BLAHBLAH\n" + "aws_secret_access_key=BLAHBLAHBLAH\n" + "\n" + "[roletest]\n" + "role_arn=arn:aws:iam::67895:role/test_role\n" + "source_profile=roletest2\n" + "role_session_name=test_session\n" + "[roletest2]\n" + "role_arn=arn:aws:iam::67896:role/test_role\n" + "source_profile=roletest3\n" + "role_session_name=test_session2\n" + "[roletest3]\n" + "role_arn=arn:aws:iam::67897:role/test_role\n" + "source_profile=roletest2\n" + "role_session_name=test_session3\n"; static int s_credentials_provider_sts_from_profile_config_with_chain_cycle_fn( struct aws_allocator *allocator, @@ -1679,7 +1679,7 @@ static int s_credentials_provider_sts_from_profile_config_with_chain_cycle_fn( s_aws_sts_tester_init(allocator); - struct aws_string *config_contents = aws_string_new_from_c_str(allocator, s_soure_profile_chain_cycle_config_file); + struct aws_string *config_contents = aws_string_new_from_c_str(allocator, s_source_profile_chain_cycle_config_file); struct aws_string *config_file_str = aws_create_process_unique_file_name(allocator); struct aws_string *creds_file_str = aws_create_process_unique_file_name(allocator); @@ -1712,7 +1712,7 @@ AWS_TEST_CASE( credentials_provider_sts_from_profile_config_with_chain_cycle, s_credentials_provider_sts_from_profile_config_with_chain_cycle_fn) -static const char *s_soure_profile_chain_cycle_and_static_creds_config_file = +static const char *s_source_profile_chain_cycle_and_static_creds_config_file = "[roletest]\n" "role_arn=arn:aws:iam::67895:role/test_role\n" "source_profile=roletest2\n" @@ -1740,7 +1740,7 @@ static int s_credentials_provider_sts_from_profile_config_with_chain_cycle_and_p s_aws_sts_tester_init(allocator); struct aws_string *config_contents = - aws_string_new_from_c_str(allocator, s_soure_profile_chain_cycle_and_static_creds_config_file); + aws_string_new_from_c_str(allocator, s_source_profile_chain_cycle_and_static_creds_config_file); struct aws_string *config_file_str = aws_create_process_unique_file_name(allocator); struct aws_string *creds_file_str = aws_create_process_unique_file_name(allocator); diff --git a/tests/credentials_utils_tests.c b/tests/credentials_utils_tests.c new file mode 100644 index 00000000..2ef5c79e --- /dev/null +++ b/tests/credentials_utils_tests.c @@ -0,0 +1,58 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#include +#include + +static int s_credentials_utils_construct_endpoint_test(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + struct aws_string *service_name = aws_string_new_from_c_str(allocator, "sts"); + + struct aws_string *endpoint; + struct aws_string *region; + + region = aws_string_new_from_c_str(allocator, "us-east-2"); + ASSERT_SUCCESS(aws_credentials_provider_construct_regional_endpoint(allocator, &endpoint, region, service_name)); + ASSERT_STR_EQUALS("sts.us-east-2.amazonaws.com", aws_string_c_str(endpoint)); + aws_string_destroy(endpoint); + aws_string_destroy(region); + + region = aws_string_new_from_c_str(allocator, "cn-northwest-1"); + ASSERT_SUCCESS(aws_credentials_provider_construct_regional_endpoint(allocator, &endpoint, region, service_name)); + ASSERT_STR_EQUALS("sts.cn-northwest-1.amazonaws.com.cn", aws_string_c_str(endpoint)); + aws_string_destroy(endpoint); + aws_string_destroy(region); + + region = aws_string_new_from_c_str(allocator, "us-iso-east-1"); + ASSERT_SUCCESS(aws_credentials_provider_construct_regional_endpoint(allocator, &endpoint, region, service_name)); + ASSERT_STR_EQUALS("sts.us-iso-east-1.c2s.ic.gov", aws_string_c_str(endpoint)); + aws_string_destroy(endpoint); + aws_string_destroy(region); + + region = aws_string_new_from_c_str(allocator, "us-isob-east-1"); + ASSERT_SUCCESS(aws_credentials_provider_construct_regional_endpoint(allocator, &endpoint, region, service_name)); + ASSERT_STR_EQUALS("sts.us-isob-east-1.sc2s.sgov.gov", aws_string_c_str(endpoint)); + aws_string_destroy(endpoint); + aws_string_destroy(region); + + region = aws_string_new_from_c_str(allocator, "eu-isoe-west-1"); + ASSERT_SUCCESS(aws_credentials_provider_construct_regional_endpoint(allocator, &endpoint, region, service_name)); + ASSERT_STR_EQUALS("sts.eu-isoe-west-1.cloud.adc-e.uk", aws_string_c_str(endpoint)); + aws_string_destroy(endpoint); + aws_string_destroy(region); + + region = aws_string_new_from_c_str(allocator, "us-isof-south-1"); + ASSERT_SUCCESS(aws_credentials_provider_construct_regional_endpoint(allocator, &endpoint, region, service_name)); + ASSERT_STR_EQUALS("sts.us-isof-south-1.csp.hci.ic.gov", aws_string_c_str(endpoint)); + aws_string_destroy(endpoint); + aws_string_destroy(region); + + aws_string_destroy(service_name); + + return 0; +} + +AWS_TEST_CASE(credentials_utils_construct_endpoint_test, s_credentials_utils_construct_endpoint_test); From 3982bd75fea74efd8f9b462b27fedd4599db4f53 Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Khan Date: Wed, 23 Oct 2024 10:05:03 -0700 Subject: [PATCH 3/3] Update CMake to 3.9 (#255) Co-authored-by: Michael Graeb --- CMakeLists.txt | 6 +----- README.md | 4 ++-- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 9f43c289..99e6a76c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,11 +1,7 @@ -cmake_minimum_required(VERSION 3.1) +cmake_minimum_required(VERSION 3.9) project(aws-c-auth C) -if (POLICY CMP0069) - cmake_policy(SET CMP0069 NEW) # Enable LTO/IPO if available in the compiler, see AwsCFlags -endif() - if (DEFINED CMAKE_PREFIX_PATH) file(TO_CMAKE_PATH "${CMAKE_PREFIX_PATH}" CMAKE_PREFIX_PATH) endif() diff --git a/README.md b/README.md index 088feba5..f465b624 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ This library is licensed under the Apache 2.0 License. ### Building -CMake 3.1+ is required to build. +CMake 3.9+ is required to build. `` must be an absolute path in the following instructions. @@ -62,7 +62,7 @@ cmake --build aws-c-auth/build --target install ### Testing Certain tests require a specific environment setup in order to run successfully. This may be a specific execution environment (EC2, ECS, etc...) or it may require certain environment variables to be set that configure properties -(often sensitive materials, like keys). Whether or not these tests are enabled is controlled by certain CMAKE +(often sensitive materials, like keys). Whether or not these tests are enabled is controlled by certain CMAKE properties: * AWS_BUILDING_ON_EC2 - indicates real IMDS credentials provider test(s) should run * AWS_BUILDING_ON_ECS - indciates real ECS credentials provider tests(s) should run