Skip to content

Commit

Permalink
fix: Remove AWS credential source validation. (#1177)
Browse files Browse the repository at this point in the history
  • Loading branch information
lsirac authored Mar 6, 2023
1 parent e6c23d3 commit 77a99c9
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 85 deletions.
28 changes: 0 additions & 28 deletions oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,6 @@
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collection;
Expand Down Expand Up @@ -137,32 +135,6 @@ static class AwsCredentialSource extends CredentialSource {
} else {
this.imdsv2SessionTokenUrl = null;
}

this.validateMetadataServerUrls();
}

private void validateMetadataServerUrls() {
validateMetadataServerUrlIfAny(this.regionUrl, "region_url");
validateMetadataServerUrlIfAny(this.url, "url");
validateMetadataServerUrlIfAny(this.imdsv2SessionTokenUrl, "imdsv2_session_token_url");
}

@VisibleForTesting
static void validateMetadataServerUrlIfAny(String urlString, String nameInConfig) {
if (urlString == null || urlString.trim().length() == 0) {
return;
}

try {
URL url = new URL(urlString);
String host = url.getHost();
if (!host.equals("169.254.169.254") && !host.equals("[fd00:ec2::254]")) {
throw new IllegalArgumentException(
String.format("Invalid host %s for %s.", host, nameInConfig));
}
} catch (MalformedURLException malformedURLException) {
throw new IllegalArgumentException(malformedURLException);
}
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertThrows;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;

Expand All @@ -57,7 +56,6 @@
import java.util.List;
import java.util.Map;
import org.junit.Test;
import org.junit.function.ThrowingRunnable;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;

Expand Down Expand Up @@ -106,28 +104,14 @@ public class AwsCredentialsTest extends BaseSerializationTest {
.build();

@Test
public void test_awsCredentialSource_ipv6() {
// If no exception is thrown, it means the urls were valid.
new AwsCredentialSource(buildAwsIpv6CredentialSourceMap());
}

@Test
public void test_awsCredentialSource_invalid_urls() {
public void test_awsCredentialSource() {
String keys[] = {"region_url", "url", "imdsv2_session_token_url"};
for (String key : keys) {
Map<String, Object> credentialSourceWithInvalidUrl = buildAwsIpv6CredentialSourceMap();
credentialSourceWithInvalidUrl.put(key, "https://badhost.com/fake");
IllegalArgumentException e =
assertThrows(
IllegalArgumentException.class,
new ThrowingRunnable() {
@Override
public void run() throws Throwable {
new AwsCredentialSource(credentialSourceWithInvalidUrl);
}
});

assertEquals(String.format("Invalid host badhost.com for %s.", key), e.getMessage());

// Should succeed as no validation is done.
new AwsCredentialSource(credentialSourceWithInvalidUrl);
}
}

Expand Down Expand Up @@ -613,43 +597,6 @@ public void getAwsSecurityCredentials_fromEnvironmentVariables_noMetadataServerC
assertEquals("awsSessionToken", credentials.getToken());
}

@Test
public void validateMetadataServerUrlIfAny_validOrEmptyUrls() {
String[] urls = {
"http://[fd00:ec2::254]/region",
"http://169.254.169.254",
"http://169.254.169.254/xyz",
" ",
"",
null
};
for (String url : urls) {
AwsCredentialSource.validateMetadataServerUrlIfAny(url, "url");
}
}

@Test
public void validateMetadataServerUrlIfAny_invalidUrls() {
Map<String, String> urls = new HashMap<String, String>();
urls.put("http://[fd00:ec2::255]/region", "[fd00:ec2::255]");
urls.put("http://fake.com/region", "fake.com");
urls.put("http://169.254.169.255", "169.254.169.255");

for (Map.Entry<String, String> entry : urls.entrySet()) {
IllegalArgumentException e =
assertThrows(
IllegalArgumentException.class,
new ThrowingRunnable() {
@Override
public void run() throws Throwable {
AwsCredentialSource.validateMetadataServerUrlIfAny(entry.getKey(), "url");
}
});

assertEquals(String.format("Invalid host %s for url.", entry.getValue()), e.getMessage());
}
}

@Test
public void getAwsSecurityCredentials_fromMetadataServer() throws IOException {
MockExternalAccountCredentialsTransportFactory transportFactory =
Expand Down

0 comments on commit 77a99c9

Please sign in to comment.