add missing shared config

config/env_config.go

@@ -57,8 +57,8 @@ const (
 
 	awsEc2MetadataServiceEndpointEnvVar = "AWS_EC2_METADATA_SERVICE_ENDPOINT"
 
-	awsEc2MetadataDisabled   = "AWS_EC2_METADATA_DISABLED"
-	awsEc2MetadataV1Disabled = "AWS_EC2_METADATA_V1_DISABLED"
+	awsEc2MetadataDisabled         = "AWS_EC2_METADATA_DISABLED"
+	awsEc2MetadataV1DisabledEnvVar = "AWS_EC2_METADATA_V1_DISABLED"
 
 	awsS3DisableMultiRegionAccessPointEnvVar = "AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS"
 
@@ -209,7 +209,7 @@ type EnvConfig struct {
 	// Specifies if EC2 IMDSv1 fallback is disabled.
 	//
 	// AWS_EC2_METADATA_V1_DISABLED=true
-	EC2IMDSV1FallbackDisabled *bool
+	EC2IMDSv1Disabled *bool
 
 	// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
 	//
@@ -307,6 +307,9 @@ func NewEnvConfig() (EnvConfig, error) {
 		return cfg, err
 	}
 	cfg.EC2IMDSEndpoint = os.Getenv(awsEc2MetadataServiceEndpointEnvVar)
+	if err := setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, []string{awsEc2MetadataV1DisabledEnvVar}); err != nil {
+		return cfg, err
+	}
 
 	if err := setBoolPtrFromEnvVal(&cfg.S3DisableMultiRegionAccessPoints, []string{awsS3DisableMultiRegionAccessPointEnvVar}); err != nil {
 		return cfg, err
@@ -330,9 +333,6 @@ func NewEnvConfig() (EnvConfig, error) {
 	if err := setRetryModeFromEnvVal(&cfg.RetryMode, []string{awsRetryMode}); err != nil {
 		return cfg, err
 	}
-	if err := setBoolPtrFromEnvVal(&cfg.EC2IMDSV1FallbackDisabled, []string{awsEc2MetadataV1Disabled}); err != nil {
-		return cfg, err
-	}
 
 	return cfg, nil
 }
@@ -655,15 +655,6 @@ func (c EnvConfig) GetEC2IMDSClientEnableState() (imds.ClientEnableState, bool,
 	return c.EC2IMDSClientEnableState, true, nil
 }
 
-// GetEC2IMDSV1FallbackDisabled ...
-func (c EnvConfig) GetEC2IMDSV1FallbackDisabled() (bool, bool) {
-	if c.EC2IMDSV1FallbackDisabled == nil {
-		return false, false
-	}
-
-	return *c.EC2IMDSV1FallbackDisabled, true
-}
-
 // GetEC2IMDSEndpointMode implements a EC2IMDSEndpointMode option resolver interface.
 func (c EnvConfig) GetEC2IMDSEndpointMode() (imds.EndpointModeState, bool, error) {
 	if c.EC2IMDSEndpointMode == imds.EndpointModeStateUnset {
@@ -681,3 +672,13 @@ func (c EnvConfig) GetEC2IMDSEndpoint() (string, bool, error) {
 
 	return c.EC2IMDSEndpoint, true, nil
 }
+
+// GetEC2IMDSV1FallbackDisabled implements an EC2IMDSV1FallbackDisabled option
+// resolver interface.
+func (c EnvConfig) GetEC2IMDSV1FallbackDisabled() (bool, bool) {
+	if c.EC2IMDSv1Disabled == nil {
+		return false, false
+	}
+
+	return *c.EC2IMDSv1Disabled, true
+}

config/env_config_test.go

@@ -423,6 +423,31 @@ func TestNewEnvConfig(t *testing.T) {
 			Config:  EnvConfig{},
 			WantErr: true,
 		},
+		38: {
+			Env: map[string]string{
+				"AWS_EC2_METADATA_V1_DISABLED": "fAlSe",
+			},
+			Config: EnvConfig{
+				EC2IMDSv1Disabled: aws.Bool(false),
+			},
+		},
+		39: {
+			Env: map[string]string{
+				"AWS_EC2_METADATA_V1_DISABLED": "tRuE",
+			},
+			Config: EnvConfig{
+				EC2IMDSv1Disabled: aws.Bool(true),
+			},
+		},
+		40: {
+			Env: map[string]string{
+				"AWS_EC2_METADATA_V1_DISABLED": "invalid",
+			},
+			Config: EnvConfig{
+				EC2IMDSv1Disabled: aws.Bool(false), // setBoolPtrFromEnvVal new()s the bool even if it errors
+			},
+			WantErr: true,
+		},
 	}
 
 	for i, c := range cases {

config/shared_config.go

@@ -75,6 +75,8 @@ const (
 
 	ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint"
 
+	ec2MetadataV1DisabledKey = "ec2_metadata_v1_disabled"
+
 	// Use DualStack Endpoint Resolution
 	useDualStackEndpoint = "use_dualstack_endpoint"
 
@@ -220,6 +222,12 @@ type SharedConfig struct {
 	// ec2_metadata_service_endpoint=http://fd00:ec2::254
 	EC2IMDSEndpoint string
 
+	// Specifies that IMDS clients should not fallback to IMDSv1 if token
+	// requests fail.
+	//
+	// ec2_metadata_v1_disabled=true
+	EC2IMDSv1Disabled *bool
+
 	// Specifies if the S3 service should disable support for Multi-Region
 	// access-points
 	//
@@ -361,6 +369,16 @@ func (c SharedConfig) GetEC2IMDSEndpoint() (string, bool, error) {
 	return c.EC2IMDSEndpoint, true, nil
 }
 
+// GetEC2IMDSV1FallbackDisabled implements an EC2IMDSV1FallbackDisabled option
+// resolver interface.
+func (c SharedConfig) GetEC2IMDSV1FallbackDisabled() (bool, bool) {
+	if c.EC2IMDSv1Disabled == nil {
+		return false, false
+	}
+
+	return *c.EC2IMDSv1Disabled, true
+}
+
 // GetUseDualStackEndpoint returns whether the service's dual-stack endpoint should be
 // used for requests.
 func (c SharedConfig) GetUseDualStackEndpoint(ctx context.Context) (value aws.DualStackEndpointState, found bool, err error) {
@@ -735,6 +753,7 @@ func mergeSections(dst *ini.Sections, src ini.Sections) error {
 			s3DisableMultiRegionAccessPointsKey,
 			ec2MetadataServiceEndpointModeKey,
 			ec2MetadataServiceEndpointKey,
+			ec2MetadataV1DisabledKey,
 			useDualStackEndpoint,
 			useFIPSEndpointKey,
 			defaultsModeKey,
@@ -957,6 +976,7 @@ func (c *SharedConfig) setFromIniSection(profile string, section ini.Section) er
 		return fmt.Errorf("failed to load %s from shared config, %v", ec2MetadataServiceEndpointModeKey, err)
 	}
 	updateString(&c.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey)
+	updateBoolPtr(&c.EC2IMDSv1Disabled, section, ec2MetadataV1DisabledKey)
 
 	updateUseDualStackEndpoint(&c.UseDualStackEndpoint, section, useDualStackEndpoint)
 	updateUseFIPSEndpoint(&c.UseFIPSEndpoint, section, useFIPSEndpointKey)

config/shared_config_test.go

@@ -652,6 +652,30 @@ func TestNewSharedConfig(t *testing.T) {
 				AppID:   "12345",
 			},
 		},
+		"imdsv1 disabled = false": {
+			ConfigFilenames: []string{testConfigFilename},
+			Profile:         "ec2-metadata-v1-disabled-false",
+			Expected: SharedConfig{
+				Profile:           "ec2-metadata-v1-disabled-false",
+				EC2IMDSv1Disabled: aws.Bool(false),
+			},
+		},
+		"imdsv1 disabled = true": {
+			ConfigFilenames: []string{testConfigFilename},
+			Profile:         "ec2-metadata-v1-disabled-true",
+			Expected: SharedConfig{
+				Profile:           "ec2-metadata-v1-disabled-true",
+				EC2IMDSv1Disabled: aws.Bool(true),
+			},
+		},
+		"imdsv1 disabled = invalid": {
+			ConfigFilenames: []string{testConfigFilename},
+			Profile:         "ec2-metadata-v1-disabled-invalid",
+			Expected: SharedConfig{
+				Profile:           "ec2-metadata-v1-disabled-invalid",
+				EC2IMDSv1Disabled: aws.Bool(false),
+			},
+		},
 	}
 
 	for name, c := range cases {

config/testdata/shared_config

@@ -278,3 +278,12 @@ ca_bundle = custom_ca_bundle_file.pem
 
 [profile sdk_app_id]
 sdk_ua_app_id = 12345
+
+[profile ec2-metadata-v1-disabled-false]
+ec2_metadata_v1_disabled=False
+
+[profile ec2-metadata-v1-disabled-true]
+ec2_metadata_v1_disabled=True
+
+[profile ec2-metadata-v1-disabled-invalid]
+ec2_metadata_v1_disabled=invalid