Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: removes AWS credential source validation. #1177

Merged
merged 1 commit into from
Mar 6, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 0 additions & 28 deletions oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,6 @@
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collection;
Expand Down Expand Up @@ -137,32 +135,6 @@ static class AwsCredentialSource extends CredentialSource {
} else {
this.imdsv2SessionTokenUrl = null;
}

this.validateMetadataServerUrls();
}

private void validateMetadataServerUrls() {
validateMetadataServerUrlIfAny(this.regionUrl, "region_url");
validateMetadataServerUrlIfAny(this.url, "url");
validateMetadataServerUrlIfAny(this.imdsv2SessionTokenUrl, "imdsv2_session_token_url");
}

@VisibleForTesting
static void validateMetadataServerUrlIfAny(String urlString, String nameInConfig) {
if (urlString == null || urlString.trim().length() == 0) {
return;
}

try {
URL url = new URL(urlString);
String host = url.getHost();
if (!host.equals("169.254.169.254") && !host.equals("[fd00:ec2::254]")) {
throw new IllegalArgumentException(
String.format("Invalid host %s for %s.", host, nameInConfig));
}
} catch (MalformedURLException malformedURLException) {
throw new IllegalArgumentException(malformedURLException);
}
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertThrows;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;

Expand All @@ -57,7 +56,6 @@
import java.util.List;
import java.util.Map;
import org.junit.Test;
import org.junit.function.ThrowingRunnable;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;

Expand Down Expand Up @@ -106,28 +104,14 @@ public class AwsCredentialsTest extends BaseSerializationTest {
.build();

@Test
public void test_awsCredentialSource_ipv6() {
// If no exception is thrown, it means the urls were valid.
new AwsCredentialSource(buildAwsIpv6CredentialSourceMap());
}

@Test
public void test_awsCredentialSource_invalid_urls() {
public void test_awsCredentialSource() {
String keys[] = {"region_url", "url", "imdsv2_session_token_url"};
for (String key : keys) {
Map<String, Object> credentialSourceWithInvalidUrl = buildAwsIpv6CredentialSourceMap();
credentialSourceWithInvalidUrl.put(key, "https://badhost.com/fake");
IllegalArgumentException e =
assertThrows(
IllegalArgumentException.class,
new ThrowingRunnable() {
@Override
public void run() throws Throwable {
new AwsCredentialSource(credentialSourceWithInvalidUrl);
}
});

assertEquals(String.format("Invalid host badhost.com for %s.", key), e.getMessage());

// Should succeed as no validation is done.
new AwsCredentialSource(credentialSourceWithInvalidUrl);
}
}

Expand Down Expand Up @@ -613,43 +597,6 @@ public void getAwsSecurityCredentials_fromEnvironmentVariables_noMetadataServerC
assertEquals("awsSessionToken", credentials.getToken());
}

@Test
public void validateMetadataServerUrlIfAny_validOrEmptyUrls() {
String[] urls = {
"http://[fd00:ec2::254]/region",
"http://169.254.169.254",
"http://169.254.169.254/xyz",
" ",
"",
null
};
for (String url : urls) {
AwsCredentialSource.validateMetadataServerUrlIfAny(url, "url");
}
}

@Test
public void validateMetadataServerUrlIfAny_invalidUrls() {
Map<String, String> urls = new HashMap<String, String>();
urls.put("http://[fd00:ec2::255]/region", "[fd00:ec2::255]");
urls.put("http://fake.com/region", "fake.com");
urls.put("http://169.254.169.255", "169.254.169.255");

for (Map.Entry<String, String> entry : urls.entrySet()) {
IllegalArgumentException e =
assertThrows(
IllegalArgumentException.class,
new ThrowingRunnable() {
@Override
public void run() throws Throwable {
AwsCredentialSource.validateMetadataServerUrlIfAny(entry.getKey(), "url");
}
});

assertEquals(String.format("Invalid host %s for url.", entry.getValue()), e.getMessage());
}
}

@Test
public void getAwsSecurityCredentials_fromMetadataServer() throws IOException {
MockExternalAccountCredentialsTransportFactory transportFactory =
Expand Down