From 610045b8379fc798a81186b5cd7fc9a42aa69d16 Mon Sep 17 00:00:00 2001 From: jgolda Date: Mon, 15 Jan 2024 20:04:50 +0100 Subject: [PATCH 1/3] Support for non-default port in custom endpoint for AWS IAM credentials provider --- api/src/main/java/io/minio/credentials/IamAwsProvider.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/api/src/main/java/io/minio/credentials/IamAwsProvider.java b/api/src/main/java/io/minio/credentials/IamAwsProvider.java index feaeb4e4e..08abb1050 100644 --- a/api/src/main/java/io/minio/credentials/IamAwsProvider.java +++ b/api/src/main/java/io/minio/credentials/IamAwsProvider.java @@ -140,6 +140,7 @@ private String fetchImdsToken() { new HttpUrl.Builder() .scheme(url.scheme()) .host(url.host()) + .port(url.port()) .addPathSegments("latest/api/token") .build(); } @@ -188,6 +189,7 @@ private HttpUrl getIamRoleNamedUrl(String token) { new HttpUrl.Builder() .scheme(url.scheme()) .host(url.host()) + .port(url.port()) .addPathSegments("latest/meta-data/iam/security-credentials/") .build(); } From ef21d6850b1d627d3dca14d9a3b0b0912a8610dc Mon Sep 17 00:00:00 2001 From: jgolda Date: Wed, 17 Jan 2024 19:20:58 +0100 Subject: [PATCH 2/3] Review fixes - specifying port only in case it's a nonstandard one in relation to the used protocol --- .../io/minio/credentials/IamAwsProvider.java | 40 ++++++++++++------- 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/api/src/main/java/io/minio/credentials/IamAwsProvider.java b/api/src/main/java/io/minio/credentials/IamAwsProvider.java index 08abb1050..9718147df 100644 --- a/api/src/main/java/io/minio/credentials/IamAwsProvider.java +++ b/api/src/main/java/io/minio/credentials/IamAwsProvider.java @@ -45,6 +45,11 @@ * for Amazon EC2. */ public class IamAwsProvider extends EnvironmentProvider { + + private static final int DEFAULT_PORT_HTTP = 80; + private static final int DEFAULT_PORT_HTTPS = 443; + private static final String SCHEME_HTTP = "http"; + private static final String SCHEME_HTTPS = "https"; // Custom endpoint to fetch IAM role credentials. private final HttpUrl customEndpoint; private final OkHttpClient httpClient; @@ -136,13 +141,9 @@ private String fetchImdsToken() { if (url == null) { url = HttpUrl.parse("http://169.254.169.254/latest/api/token"); } else { - url = - new HttpUrl.Builder() - .scheme(url.scheme()) - .host(url.host()) - .port(url.port()) - .addPathSegments("latest/api/token") - .build(); + HttpUrl.Builder urlBuilder = new HttpUrl.Builder().scheme(url.scheme()).host(url.host()); + setPortIfRequired(urlBuilder, url); + url = urlBuilder.addPathSegments("latest/api/token").build(); } String token = ""; Request request = @@ -159,6 +160,21 @@ private String fetchImdsToken() { return token; } + private void setPortIfRequired(HttpUrl.Builder builder, HttpUrl sourceUrl) { + if (shouldAddPortToUrl(sourceUrl)) { + builder.port(sourceUrl.port()); + } + } + + private boolean shouldAddPortToUrl(HttpUrl sourceUrl) { + String scheme = sourceUrl.scheme(); + int port = sourceUrl.port(); + boolean isDefaultPortForProtocolUsed = + (SCHEME_HTTP.equals(scheme) && port == DEFAULT_PORT_HTTP) + || (SCHEME_HTTPS.equals(scheme) && port == DEFAULT_PORT_HTTPS); + return !isDefaultPortForProtocolUsed; + } + private String getIamRoleName(HttpUrl url, String token) { String[] roleNames = null; Request.Builder builder = new Request.Builder().url(url).method("GET", null); @@ -185,13 +201,9 @@ private HttpUrl getIamRoleNamedUrl(String token) { if (url == null) { url = HttpUrl.parse("http://169.254.169.254/latest/meta-data/iam/security-credentials/"); } else { - url = - new HttpUrl.Builder() - .scheme(url.scheme()) - .host(url.host()) - .port(url.port()) - .addPathSegments("latest/meta-data/iam/security-credentials/") - .build(); + HttpUrl.Builder urlBuilder = new HttpUrl.Builder().scheme(url.scheme()).host(url.host()); + setPortIfRequired(urlBuilder, url); + url = urlBuilder.addPathSegments("latest/meta-data/iam/security-credentials/").build(); } String roleName = getIamRoleName(url, token); From c07abb7836a8dda8f13488d1a73b5b2c4ecf86a1 Mon Sep 17 00:00:00 2001 From: Bala FA Date: Thu, 22 Feb 2024 10:34:51 +0530 Subject: [PATCH 3/3] Apply suggestions from code review --- .../io/minio/credentials/IamAwsProvider.java | 40 +++++++------------ 1 file changed, 14 insertions(+), 26 deletions(-) diff --git a/api/src/main/java/io/minio/credentials/IamAwsProvider.java b/api/src/main/java/io/minio/credentials/IamAwsProvider.java index 9718147df..08abb1050 100644 --- a/api/src/main/java/io/minio/credentials/IamAwsProvider.java +++ b/api/src/main/java/io/minio/credentials/IamAwsProvider.java @@ -45,11 +45,6 @@ * for Amazon EC2. */ public class IamAwsProvider extends EnvironmentProvider { - - private static final int DEFAULT_PORT_HTTP = 80; - private static final int DEFAULT_PORT_HTTPS = 443; - private static final String SCHEME_HTTP = "http"; - private static final String SCHEME_HTTPS = "https"; // Custom endpoint to fetch IAM role credentials. private final HttpUrl customEndpoint; private final OkHttpClient httpClient; @@ -141,9 +136,13 @@ private String fetchImdsToken() { if (url == null) { url = HttpUrl.parse("http://169.254.169.254/latest/api/token"); } else { - HttpUrl.Builder urlBuilder = new HttpUrl.Builder().scheme(url.scheme()).host(url.host()); - setPortIfRequired(urlBuilder, url); - url = urlBuilder.addPathSegments("latest/api/token").build(); + url = + new HttpUrl.Builder() + .scheme(url.scheme()) + .host(url.host()) + .port(url.port()) + .addPathSegments("latest/api/token") + .build(); } String token = ""; Request request = @@ -160,21 +159,6 @@ private String fetchImdsToken() { return token; } - private void setPortIfRequired(HttpUrl.Builder builder, HttpUrl sourceUrl) { - if (shouldAddPortToUrl(sourceUrl)) { - builder.port(sourceUrl.port()); - } - } - - private boolean shouldAddPortToUrl(HttpUrl sourceUrl) { - String scheme = sourceUrl.scheme(); - int port = sourceUrl.port(); - boolean isDefaultPortForProtocolUsed = - (SCHEME_HTTP.equals(scheme) && port == DEFAULT_PORT_HTTP) - || (SCHEME_HTTPS.equals(scheme) && port == DEFAULT_PORT_HTTPS); - return !isDefaultPortForProtocolUsed; - } - private String getIamRoleName(HttpUrl url, String token) { String[] roleNames = null; Request.Builder builder = new Request.Builder().url(url).method("GET", null); @@ -201,9 +185,13 @@ private HttpUrl getIamRoleNamedUrl(String token) { if (url == null) { url = HttpUrl.parse("http://169.254.169.254/latest/meta-data/iam/security-credentials/"); } else { - HttpUrl.Builder urlBuilder = new HttpUrl.Builder().scheme(url.scheme()).host(url.host()); - setPortIfRequired(urlBuilder, url); - url = urlBuilder.addPathSegments("latest/meta-data/iam/security-credentials/").build(); + url = + new HttpUrl.Builder() + .scheme(url.scheme()) + .host(url.host()) + .port(url.port()) + .addPathSegments("latest/meta-data/iam/security-credentials/") + .build(); } String roleName = getIamRoleName(url, token);