Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EcsCredentialsProvider ignores query params passed via AWS_CONTAINER_CREDENTIALS_RELATIVE_URI #1248

Closed
1 task
romangoward opened this issue Jan 20, 2025 · 2 comments
Closed
1 task

EcsCredentialsProvider ignores query params passed via AWS_CONTAINER_CREDENTIALS_RELATIVE_URI #1248

romangoward opened this issue Jan 20, 2025 · 2 comments
Assignees
@ysaito1001
Labels
bug This issue is a bug. pending-release This issue will be fixed by an approved PR that hasn't been released yet.

Comments

@romangoward
Copy link

Describe the bug

As per current documentation: https://docs.aws.amazon.com/sdk-for-rust/latest/dg/credproviders.html the aws-rust-sdk should fully support Amazon ECS and Amazon EKS container credentials providers.
I spot a bug that doesn't allow me to pass query parameters to a http request.

A bug has been introduced in: smithy-lang/smithy-rs#2997

On line aws/rust-runtime/aws-config/src/ecs.rs#169 a new variable has been introduced

let path = uri.path().to_string();

and on line aws/rust-runtime/aws-config/src/ecs.rs#186 we now pass it to http builder instead of the uri variable.

            .build("EcsContainer", &endpoint, path);

As uri.path() method returns only a path info we've lost all query info.
A simplest way to fix this is to call a path_and_query() method on uri to populate query parameters to the path variable, kinda:

 % git diff
diff --git a/src/ecs.rs b/src/ecs.rs
index fc7e8ad..1dc2928 100644
--- a/src/ecs.rs
+++ b/src/ecs.rs
@@ -191,7 +191,7 @@ impl Provider {
             Err(EcsConfigurationError::NotConfigured) => return Provider::NotConfigured,
             Err(err) => return Provider::InvalidConfiguration(err),
         };
-        let path = uri.path().to_string();
+        let path = uri.path_and_query().unwrap().to_string();
         let endpoint = {
             let mut parts = uri.into_parts();
             parts.path_and_query = Some(PathAndQuery::from_static("/"));

Regression Issue

  • Select this option if this issue appears to be a regression.

Expected Behavior

  • expected: to pass query parameters to cred's http request:
% sudo ncat --listen 80

GET /my-credentials/?applicationName=test2024 HTTP/1.1
accept: application/json
host: 169.254.170.2

Current Behavior

observed: passed only uri

% sudo ncat --listen 80

GET /my-credentials/ HTTP/1.1
accept: application/json
host: 169.254.170.2

Reproduction Steps

  • code snippet
use aws_config::BehaviorVersion;
use aws_config::ecs::EcsCredentialsProvider;
use aws_sdk_cloudwatch::Client;

#[tokio::main]
async fn main() {
    std::env::set_var("RUST_LOG", "debug");
    std::env::set_var("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI", "/my-credentials/?applicationName=test2024");
    let provider: EcsCredentialsProvider = EcsCredentialsProvider::builder().build();
    let config = aws_config::defaults(BehaviorVersion::latest())
        .region("eu-west-1")
        .credentials_provider(provider)
        .load()
        .await;
 
    let client = Client::new(&config);
    let req = client.list_dashboards();
    let resp = req.send().await;
    println!("resp: {:?}", resp);
}
  • add ip_addr to localhost
% sudo ip addr add 169.254.170.2 dev lo
  • run netcat to check http requests
% sudo ncat --listen 80
  • run code snippet
./target/debug/hello_world

Possible Solution

No response

Additional Information/Context

No response

Version

% cargo tree | grep aws-
├── aws-config v1.5.10 (/home/romangoward/aws-config)
│   ├── aws-credential-types v1.2.1
│   │   ├── aws-smithy-async v1.2.2
│   │   ├── aws-smithy-runtime-api v1.7.3
│   │   │   ├── aws-smithy-async v1.2.2 (*)
│   │   │   ├── aws-smithy-types v1.2.10
│   │   ├── aws-smithy-types v1.2.10 (*)
│   ├── aws-runtime v1.5.1
│   │   ├── aws-credential-types v1.2.1 (*)
│   │   ├── aws-sigv4 v1.2.6
│   │   │   ├── aws-credential-types v1.2.1 (*)
│   │   │   ├── aws-smithy-http v0.60.11
│   │   │   │   ├── aws-smithy-runtime-api v1.7.3 (*)
│   │   │   │   ├── aws-smithy-types v1.2.10 (*)
│   │   │   ├── aws-smithy-runtime-api v1.7.3 (*)
│   │   │   ├── aws-smithy-types v1.2.10 (*)
│   │   ├── aws-smithy-async v1.2.2 (*)
│   │   ├── aws-smithy-http v0.60.11 (*)
│   │   ├── aws-smithy-runtime v1.7.5
│   │   │   ├── aws-smithy-async v1.2.2 (*)
│   │   │   ├── aws-smithy-http v0.60.11 (*)
│   │   │   ├── aws-smithy-runtime-api v1.7.3 (*)
│   │   │   ├── aws-smithy-types v1.2.10 (*)
│   │   ├── aws-smithy-runtime-api v1.7.3 (*)
│   │   ├── aws-smithy-types v1.2.10 (*)
│   │   ├── aws-types v1.3.3
│   │   │   ├── aws-credential-types v1.2.1 (*)
│   │   │   ├── aws-smithy-async v1.2.2 (*)
│   │   │   ├── aws-smithy-runtime-api v1.7.3 (*)
│   │   │   ├── aws-smithy-types v1.2.10 (*)
│   ├── aws-sdk-sso v1.51.0
│   │   ├── aws-credential-types v1.2.1 (*)
│   │   ├── aws-runtime v1.5.1 (*)
│   │   ├── aws-smithy-async v1.2.2 (*)
│   │   ├── aws-smithy-http v0.60.11 (*)
│   │   ├── aws-smithy-json v0.61.1
│   │   │   └── aws-smithy-types v1.2.10 (*)
│   │   ├── aws-smithy-runtime v1.7.5 (*)
│   │   ├── aws-smithy-runtime-api v1.7.3 (*)
│   │   ├── aws-smithy-types v1.2.10 (*)
│   │   ├── aws-types v1.3.3 (*)
│   ├── aws-sdk-ssooidc v1.52.0
│   │   ├── aws-credential-types v1.2.1 (*)
│   │   ├── aws-runtime v1.5.1 (*)
│   │   ├── aws-smithy-async v1.2.2 (*)
│   │   ├── aws-smithy-http v0.60.11 (*)
│   │   ├── aws-smithy-json v0.61.1 (*)
│   │   ├── aws-smithy-runtime v1.7.5 (*)
│   │   ├── aws-smithy-runtime-api v1.7.3 (*)
│   │   ├── aws-smithy-types v1.2.10 (*)
│   │   ├── aws-types v1.3.3 (*)
│   ├── aws-sdk-sts v1.52.0
│   │   ├── aws-credential-types v1.2.1 (*)
│   │   ├── aws-runtime v1.5.1 (*)
│   │   ├── aws-smithy-async v1.2.2 (*)
│   │   ├── aws-smithy-http v0.60.11 (*)
│   │   ├── aws-smithy-json v0.61.1 (*)
│   │   ├── aws-smithy-query v0.60.7
│   │   │   ├── aws-smithy-types v1.2.10 (*)
│   │   ├── aws-smithy-runtime v1.7.5 (*)
│   │   ├── aws-smithy-runtime-api v1.7.3 (*)
│   │   ├── aws-smithy-types v1.2.10 (*)
│   │   ├── aws-smithy-xml v0.60.9
│   │   ├── aws-types v1.3.3 (*)
│   ├── aws-smithy-async v1.2.2 (*)
│   ├── aws-smithy-http v0.60.11 (*)
│   ├── aws-smithy-json v0.60.7
│   │   └── aws-smithy-types v1.2.10 (*)
│   ├── aws-smithy-runtime v1.7.5 (*)
│   ├── aws-smithy-runtime-api v1.7.3 (*)
│   ├── aws-smithy-types v1.2.10 (*)
│   ├── aws-types v1.3.3 (*)
├── aws-sdk-cloudwatch v1.57.0
│   ├── aws-credential-types v1.2.1 (*)
│   ├── aws-runtime v1.5.1 (*)
│   ├── aws-smithy-async v1.2.2 (*)
│   ├── aws-smithy-compression v0.0.2
│   │   ├── aws-smithy-runtime-api v1.7.3 (*)
│   │   ├── aws-smithy-types v1.2.10 (*)
│   ├── aws-smithy-http v0.60.11 (*)
│   ├── aws-smithy-json v0.61.1 (*)
│   ├── aws-smithy-query v0.60.7 (*)
│   ├── aws-smithy-runtime v1.7.5 (*)
│   ├── aws-smithy-runtime-api v1.7.3 (*)
│   ├── aws-smithy-types v1.2.10 (*)
│   ├── aws-smithy-xml v0.60.9 (*)
│   ├── aws-types v1.3.3 (*)
├── aws-sdk-sts v1.52.0 (*)

Environment details (OS name and version, etc.)

Amazon Linux 2 @ 5.10.230-202.885.amzn2int.x86_64

Logs

No response
@romangoward romangoward added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jan 20, 2025
@ysaito1001 ysaito1001 mentioned this issue Jan 21, 2025
Merged
1 task
@ysaito1001 ysaito1001 self-assigned this Jan 21, 2025
@ysaito1001 ysaito1001 added pending-release This issue will be fixed by an approved PR that hasn't been released yet. and removed needs-triage This issue or PR still needs to be triaged. labels Jan 21, 2025
github-merge-queue bot pushed a commit to smithy-lang/smithy-rs that referenced this issue Jan 22, 2025
@ysaito1001
Fix EcsCredentialsProvider to respect query params (#3977)
1f9c608 
## Motivation and Context
awslabs/aws-sdk-rust#1248, and implemented the
fix as prescribed.

## Testing
Added a request matching unit test to the `ecs` module to ensure that
query params are included in credential's HTTP request.

## Checklist
- [x] For changes to the AWS SDK, generated SDK code, or SDK runtime
crates, I have created a changelog entry Markdown file in the
`.changelog` directory, specifying "aws-sdk-rust" in the `applies_to`
key.

----

_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
@ysaito1001
Copy link
Collaborator

The fix was released on 2025-01-23

@github-actions GitHub Actions
Copy link

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ysaito1001 ysaito1001

Labels
bug This issue is a bug. pending-release This issue will be fixed by an approved PR that hasn't been released yet.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@romangoward @ysaito1001