-
Notifications
You must be signed in to change notification settings - Fork 0
/
imds_mocks.go
189 lines (165 loc) · 4.84 KB
/
imds_mocks.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
package awsmocker
import (
"fmt"
"net/http"
"time"
"github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
)
// Override the default settings when using a default IMDS mock
type IMDSMockOptions struct {
// The identity document to return
IdentityDocument imds.InstanceIdentityDocument
// any custom user data
UserData string
// if you want to override the role name that is used for EC2 creds
RoleName string
// Override the instance profile name
InstanceProfileName string
}
func getDefaultImdsIdentityDocument() imds.InstanceIdentityDocument {
return imds.InstanceIdentityDocument{
Version: "2017-09-30",
InstanceID: "i-000deadbeef",
AccountID: DefaultAccountId,
Region: DefaultRegion,
AvailabilityZone: DefaultRegion + "a",
InstanceType: "t3.medium",
}
}
// Provides an array of mocks that will provide a decent replication of the
// EC2 Instance Metadata Service
func Mock_IMDS_Common(optFns ...func(*IMDSMockOptions)) []*MockedEndpoint {
cfg := IMDSMockOptions{
IdentityDocument: getDefaultImdsIdentityDocument(),
UserData: "# awsmocker",
RoleName: "awsmocker_role",
InstanceProfileName: "awsmocker-instance-profile",
}
for _, f := range optFns {
f(&cfg)
}
mocks := make([]*MockedEndpoint, 0, 10)
mocks = append(mocks, Mock_IMDS_IdentityDocument(func(iid *imds.InstanceIdentityDocument) {
*iid = cfg.IdentityDocument
}))
for k, v := range map[string]string{
"instance-id": cfg.IdentityDocument.InstanceID,
"instance-type": cfg.IdentityDocument.InstanceType,
"instance-life-cycle": "on-demand",
} {
mocks = append(mocks, Mock_IMDS_MetaData_KeyValue(k, v))
}
mocks = append(mocks, Mock_IMDS_UserData(cfg.UserData))
mocks = append(mocks, Mock_IMDS_IAM_Info(cfg.InstanceProfileName))
mocks = append(mocks, Mock_IMDS_IAM_RoleList(cfg.RoleName))
mocks = append(mocks, Mock_IMDS_IAM_Credentials(cfg.RoleName))
mocks = append(mocks, Mock_IMDS_API_Token())
return mocks
}
// Provide a document to be returned, or nil to use a default one
func Mock_IMDS_IdentityDocument(optFns ...func(*imds.InstanceIdentityDocument)) *MockedEndpoint {
doc := getDefaultImdsIdentityDocument()
for _, f := range optFns {
f(&doc)
}
return &MockedEndpoint{
Request: &MockedRequest{
Method: http.MethodGet,
Path: "/latest/dynamic/instance-identity/document",
IsEc2IMDS: true,
},
Response: &MockedResponse{
Encoding: ResponseEncodingJSON,
Body: doc,
},
}
}
func Mock_IMDS_MetaData_KeyValue(k, v string) *MockedEndpoint {
return &MockedEndpoint{
Request: &MockedRequest{
Method: http.MethodGet,
Path: "/latest/meta-data/" + k,
IsEc2IMDS: true,
},
Response: &MockedResponse{
Encoding: ResponseEncodingText,
Body: v,
},
}
}
func Mock_IMDS_UserData(userData string) *MockedEndpoint {
return &MockedEndpoint{
Request: &MockedRequest{
Method: http.MethodGet,
Path: "/latest/user-data",
IsEc2IMDS: true,
},
Response: &MockedResponse{
Encoding: ResponseEncodingText,
Body: userData,
},
}
}
func Mock_IMDS_API_Token() *MockedEndpoint {
return &MockedEndpoint{
Request: &MockedRequest{
Path: "/latest/api/token",
IsEc2IMDS: true,
},
Response: &MockedResponse{
Encoding: ResponseEncodingText,
Body: "AwsMockerImdsToken",
},
}
}
func Mock_IMDS_IAM_Info(profileName string) *MockedEndpoint {
return &MockedEndpoint{
Request: &MockedRequest{
Method: http.MethodGet,
Path: "/latest/meta-data/iam/info",
IsEc2IMDS: true,
},
Response: &MockedResponse{
Encoding: ResponseEncodingJSON,
Body: map[string]interface{}{
"Code": "Success",
"LastUpdated": time.Now().UTC().Format(time.RFC3339),
"InstanceProfileArn": fmt.Sprintf("arn:aws:iam::%s:instance-profile/%s", DefaultAccountId, profileName),
"InstanceProfileId": "AIPAABCDEFGHIJKLMN123",
},
},
}
}
func Mock_IMDS_IAM_RoleList(roleName string) *MockedEndpoint {
return &MockedEndpoint{
Request: &MockedRequest{
Method: http.MethodGet,
Path: "/latest/meta-data/iam/security-credentials/",
IsEc2IMDS: true,
},
Response: &MockedResponse{
Encoding: ResponseEncodingText,
Body: roleName,
},
}
}
func Mock_IMDS_IAM_Credentials(roleName string) *MockedEndpoint {
return &MockedEndpoint{
Request: &MockedRequest{
Method: http.MethodGet,
Path: "/latest/meta-data/iam/security-credentials/" + roleName,
},
Response: &MockedResponse{
Encoding: ResponseEncodingJSON,
Body: map[string]interface{}{
"Code": "Success",
"Type": "AWS-HMAC",
"LastUpdated": time.Now().UTC().Format(time.RFC3339),
"Expiration": time.Now().UTC().Add(1 * time.Hour).Format(time.RFC3339),
"AccessKeyID": "FAKEKEY",
"SecretAccessKey": "fakeSecretKEY",
"Token": "FAKETOKEN",
},
},
}
}