scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 18:17:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

adding private DNS name as EC2 metadata (#25418)

Browse Source 
add instance dns name as inferred_hostname metadata field

Co-authored-by: kpcraig <3031348+kpcraig@users.noreply.github.com>
This commit is contained in:
Isabelle Kraemer
2024-05-01 18:45:22 +02:00
committed by GitHub
parent 9e39a5f2a4
commit b4a2e40124
4 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
builtin/credential/aws/path_config_identity.go
View File

@@ -32,6 +32,7 @@ var (
"inferred_aws_region", "inferred_aws_region",
"inferred_entity_id", "inferred_entity_id",
"inferred_entity_type", "inferred_entity_type",
"inferred_hostname",
}, },
} }

4
builtin/credential/aws/path_login.go
View File

@@ -1456,6 +1456,7 @@ func (b *backend) pathLoginUpdateIam(ctx context.Context, req *logical.Request,
inferredEntityType := "" inferredEntityType := ""
inferredEntityID := "" inferredEntityID := ""
inferredHostname := ""
if roleEntry.InferredEntityType == ec2EntityType { if roleEntry.InferredEntityType == ec2EntityType {
instance, err := b.validateInstance(ctx, req.Storage, entity.SessionInfo, roleEntry.InferredAWSRegion, callerID.Account) instance, err := b.validateInstance(ctx, req.Storage, entity.SessionInfo, roleEntry.InferredAWSRegion, callerID.Account)
if err != nil { if err != nil {
@@ -1482,6 +1483,7 @@ func (b *backend) pathLoginUpdateIam(ctx context.Context, req *logical.Request,
inferredEntityType = ec2EntityType inferredEntityType = ec2EntityType
inferredEntityID = entity.SessionInfo inferredEntityID = entity.SessionInfo
inferredHostname = *instance.PrivateDnsName
} }
auth := &logical.Auth{ auth := &logical.Auth{
@@ -1496,6 +1498,7 @@ func (b *backend) pathLoginUpdateIam(ctx context.Context, req *logical.Request,
"inferred_entity_id": inferredEntityID, "inferred_entity_id": inferredEntityID,
"inferred_aws_region": roleEntry.InferredAWSRegion, "inferred_aws_region": roleEntry.InferredAWSRegion,
"account_id": entity.AccountNumber, "account_id": entity.AccountNumber,
"inferred_hostname": inferredHostname,
}, },
DisplayName: entity.FriendlyName, DisplayName: entity.FriendlyName,
Alias: &logical.Alias{ Alias: &logical.Alias{
@@ -1517,6 +1520,7 @@ func (b *backend) pathLoginUpdateIam(ctx context.Context, req *logical.Request,
"inferred_entity_id": inferredEntityID, "inferred_entity_id": inferredEntityID,
"inferred_aws_region": roleEntry.InferredAWSRegion, "inferred_aws_region": roleEntry.InferredAWSRegion,
"account_id": entity.AccountNumber, "account_id": entity.AccountNumber,
"inferred_hostname": inferredHostname,
}); err != nil { }); err != nil {
b.Logger().Warn(fmt.Sprintf("unable to set alias metadata due to %s", err)) b.Logger().Warn(fmt.Sprintf("unable to set alias metadata due to %s", err))
} }

2
builtin/credential/aws/path_login_test.go
View File

@@ -408,6 +408,7 @@ func TestBackend_pathLogin_IAMHeaders(t *testing.T) {
"inferred_aws_region", "inferred_aws_region",
"inferred_entity_id", "inferred_entity_id",
"inferred_entity_type", "inferred_entity_type",
"inferred_hostname",
}, },
"ec2_alias": "role_id", "ec2_alias": "role_id",
"ec2_metadata": []string{ "ec2_metadata": []string{
@@ -614,6 +615,7 @@ func TestBackend_pathLogin_IAMRoleResolution(t *testing.T) {
"inferred_aws_region", "inferred_aws_region",
"inferred_entity_id", "inferred_entity_id",
"inferred_entity_type", "inferred_entity_type",
"inferred_hostname",
}, },
"ec2_alias": "role_id", "ec2_alias": "role_id",
"ec2_metadata": []string{ "ec2_metadata": []string{

4
changelog/25418.txt Normal file
View File

@@ -0,0 +1,4 @@
```release-note:improvement
auth/aws: Add inferred_hostname metadata for IAM AWS authentication method.
```