summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Smith <tsmith@chef.io>2021-01-25 12:53:13 -0800
committerGitHub <noreply@github.com>2021-01-25 12:53:13 -0800
commitc33e81ba724c9ac4d5d9e2ced8a06ab4c4230a1c (patch)
treeb020bc64e701557bf7869076c44c5cdf42778bac
parentf4e5b68f35de8a5bdca06a2b2fff5fd8337f611e (diff)
parentdc6955ed7b9a04f58991857605513da2d17bbb44 (diff)
downloadohai-c33e81ba724c9ac4d5d9e2ced8a06ab4c4230a1c.tar.gz
Merge pull request #1520 from higanworks/imds-v2
Signed-off-by: Tim Smith <tsmith@chef.io>
-rw-r--r--lib/ohai/mixin/ec2_metadata.rb12
-rw-r--r--spec/unit/mixin/ec2_metadata_spec.rb10
-rw-r--r--spec/unit/plugins/ec2_spec.rb113
-rw-r--r--spec/unit/plugins/eucalyptus_spec.rb15
-rw-r--r--spec/unit/plugins/openstack_spec.rb6
5 files changed, 87 insertions, 69 deletions
diff --git a/lib/ohai/mixin/ec2_metadata.rb b/lib/ohai/mixin/ec2_metadata.rb
index 72894170..d183b962 100644
--- a/lib/ohai/mixin/ec2_metadata.rb
+++ b/lib/ohai/mixin/ec2_metadata.rb
@@ -51,7 +51,7 @@ module Ohai
def best_api_version
@api_version ||= begin
logger.trace("Mixin EC2: Fetching http://#{EC2_METADATA_ADDR}/ to determine the latest supported metadata release")
- response = http_client.get("/")
+ response = http_client.get("/", { 'X-aws-ec2-metadata-token': v2_token })
if response.code == "404"
logger.trace("Mixin EC2: Received HTTP 404 from metadata server while determining API version, assuming 'latest'")
return "latest"
@@ -84,6 +84,10 @@ module Ohai
end
end
+ def v2_token
+ @v2_token ||= http_client.put("/latest/api/token", nil, { 'X-aws-ec2-metadata-token-ttl-seconds': "60" })&.body
+ end
+
# Get metadata for a given path and API version
#
# Typically, a 200 response is expected for valid metadata.
@@ -93,7 +97,7 @@ module Ohai
def metadata_get(id, api_version)
path = "/#{api_version}/meta-data/#{id}"
logger.trace("Mixin EC2: Fetching http://#{EC2_METADATA_ADDR}#{path}")
- response = http_client.get(path)
+ response = http_client.get(path, { 'X-aws-ec2-metadata-token': v2_token })
case response.code
when "200"
response.body
@@ -174,13 +178,13 @@ module Ohai
def fetch_userdata
logger.trace("Mixin EC2: Fetching http://#{EC2_METADATA_ADDR}/#{best_api_version}/user-data/")
- response = http_client.get("/#{best_api_version}/user-data/")
+ response = http_client.get("/#{best_api_version}/user-data/", { 'X-aws-ec2-metadata-token': v2_token })
response.code == "200" ? response.body : nil
end
def fetch_dynamic_data
@fetch_dynamic_data ||= begin
- response = http_client.get("/#{best_api_version}/dynamic/instance-identity/document/")
+ response = http_client.get("/#{best_api_version}/dynamic/instance-identity/document/", { 'X-aws-ec2-metadata-token': v2_token })
if json?(response.body) && response.code == "200"
FFI_Yajl::Parser.parse(response.body)
diff --git a/spec/unit/mixin/ec2_metadata_spec.rb b/spec/unit/mixin/ec2_metadata_spec.rb
index 3144a6d5..4579686b 100644
--- a/spec/unit/mixin/ec2_metadata_spec.rb
+++ b/spec/unit/mixin/ec2_metadata_spec.rb
@@ -15,7 +15,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-
require "spec_helper"
require "ohai/mixin/ec2_metadata"
@@ -23,6 +22,7 @@ describe Ohai::Mixin::Ec2Metadata do
let(:mixin) do
metadata_object = Object.new.extend(described_class)
http_client = double("Net::HTTP client")
+ allow(http_client).to receive(:put) { double("Net::HTTP::PUT Response", body: "AQAEAE4UUd-3NE5EEeYYXKxicVfDOHsx0YSHFFSuCvo2GfCcxzJsvg==", code: "200") }
allow(http_client).to receive(:get).and_return(response)
allow(metadata_object).to receive(:http_client).and_return(http_client)
metadata_object
@@ -36,7 +36,6 @@ describe Ohai::Mixin::Ec2Metadata do
describe "#best_api_version" do
context "with a sorted list of metadata versions" do
let(:response) { double("Net::HTTP Response", body: "1.0\n2011-05-01\n2012-01-12\nUnsupported", code: "200") }
-
it "returns the most recent version" do
expect(mixin.best_api_version).to eq("2012-01-12")
end
@@ -74,6 +73,13 @@ describe Ohai::Mixin::Ec2Metadata do
expect { mixin.best_api_version }.to raise_error(RuntimeError)
end
end
+
+ context "when metadata service is disabled" do
+ let(:response) { double("Net::HTTP::PUT Response", body: "403 - Forbidden", code: "403") }
+ it "raises an error" do
+ expect { mixin.best_api_version }.to raise_error(RuntimeError)
+ end
+ end
end
describe "#metadata_get" do
diff --git a/spec/unit/plugins/ec2_spec.rb b/spec/unit/plugins/ec2_spec.rb
index c205953c..75a9c529 100644
--- a/spec/unit/plugins/ec2_spec.rb
+++ b/spec/unit/plugins/ec2_spec.rb
@@ -46,8 +46,11 @@ describe Ohai::System, "plugin ec2" do
t = double("connection")
allow(t).to receive(:connect_nonblock).and_raise(Errno::EINPROGRESS)
allow(Socket).to receive(:new).and_return(t)
+ token = "AQAEAE4UUd-3NE5EEeYYXKxicVfDOHsx0YSHFFSuCvo2GfCcxzJsvg=="
+ @get_req_token_header = { 'X-aws-ec2-metadata-token': token }
+ allow(@http_client).to receive(:put) { double("Net::HTTP::PUT Response", body: token, code: "200") }
expect(@http_client).to receive(:get)
- .with("/")
+ .with("/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "2012-01-12", code: "200"))
end
@@ -63,14 +66,14 @@ describe Ohai::System, "plugin ec2" do
it "recursively fetches all the ec2 metadata" do
paths.each do |name, body|
expect(@http_client).to receive(:get)
- .with("/2012-01-12/#{name}")
+ .with("/2012-01-12/#{name}", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: body, code: "200"))
end
expect(@http_client).to receive(:get)
- .with("/2012-01-12/user-data/")
+ .with("/2012-01-12/user-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "By the pricking of my thumb...", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/dynamic/instance-identity/document/")
+ .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "{\"accountId\":\"4815162342\"}", code: "200"))
plugin.run
@@ -84,14 +87,14 @@ describe Ohai::System, "plugin ec2" do
it "fetches binary userdata opaquely" do
paths.each do |name, body|
expect(@http_client).to receive(:get)
- .with("/2012-01-12/#{name}")
+ .with("/2012-01-12/#{name}", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: body, code: "200"))
end
expect(@http_client).to receive(:get)
- .with("/2012-01-12/user-data/")
+ .with("/2012-01-12/user-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "^_<8B>^H^H<C7>U^@^Csomething^@KT<C8><C9>,)<C9>IU(I-.I<CB><CC>I<E5>^B^@^Qz<BF><B0>^R^@^@^@", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/dynamic/instance-identity/document/")
+ .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "{\"accountId\":\"4815162342\"}", code: "200"))
plugin.run
@@ -106,14 +109,14 @@ describe Ohai::System, "plugin ec2" do
it "fetches AWS account id" do
paths.each do |name, body|
expect(@http_client).to receive(:get)
- .with("/2012-01-12/#{name}")
+ .with("/2012-01-12/#{name}", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: body, code: "200"))
end
expect(@http_client).to receive(:get)
- .with("/2012-01-12/user-data/")
+ .with("/2012-01-12/user-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "^_<8B>^H^H<C7>U^@^Csomething^@KT<C8><C9>,)<C9>IU(I-.I<CB><CC>I<E5>^B^@^Qz<BF><B0>^R^@^@^@", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/dynamic/instance-identity/document/")
+ .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "{\"accountId\":\"4815162342\"}", code: "200"))
plugin.run
@@ -128,14 +131,14 @@ describe Ohai::System, "plugin ec2" do
it "fetches AWS region" do
paths.each do |name, body|
expect(@http_client).to receive(:get)
- .with("/2012-01-12/#{name}")
+ .with("/2012-01-12/#{name}", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: body, code: "200"))
end
expect(@http_client).to receive(:get)
- .with("/2012-01-12/user-data/")
+ .with("/2012-01-12/user-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "^_<8B>^H^H<C7>U^@^Csomething^@KT<C8><C9>,)<C9>IU(I-.I<CB><CC>I<E5>^B^@^Qz<BF><B0>^R^@^@^@", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/dynamic/instance-identity/document/")
+ .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "{\"region\":\"us-east-1\"}", code: "200"))
plugin.run
@@ -150,14 +153,14 @@ describe Ohai::System, "plugin ec2" do
it "fetches AWS availability zone" do
paths.each do |name, body|
expect(@http_client).to receive(:get)
- .with("/2012-01-12/#{name}")
+ .with("/2012-01-12/#{name}", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: body, code: "200"))
end
expect(@http_client).to receive(:get)
- .with("/2012-01-12/user-data/")
+ .with("/2012-01-12/user-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "^_<8B>^H^H<C7>U^@^Csomething^@KT<C8><C9>,)<C9>IU(I-.I<CB><CC>I<E5>^B^@^Qz<BF><B0>^R^@^@^@", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/dynamic/instance-identity/document/")
+ .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "{\"availabilityZone\":\"us-east-1d\"}", code: "200"))
plugin.run
@@ -172,28 +175,28 @@ describe Ohai::System, "plugin ec2" do
it "parses ec2 network/ directory as a multi-level hash" do
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/")
+ .with("/2012-01-12/meta-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "network/", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/network/")
+ .with("/2012-01-12/meta-data/network/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "interfaces/", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/network/interfaces/")
+ .with("/2012-01-12/meta-data/network/interfaces/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "macs/", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/network/interfaces/macs/")
+ .with("/2012-01-12/meta-data/network/interfaces/macs/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "12:34:56:78:9a:bc/", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/network/interfaces/macs/12:34:56:78:9a:bc/")
+ .with("/2012-01-12/meta-data/network/interfaces/macs/12:34:56:78:9a:bc/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "public_hostname", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/network/interfaces/macs/12:34:56:78:9a:bc/public_hostname")
+ .with("/2012-01-12/meta-data/network/interfaces/macs/12:34:56:78:9a:bc/public_hostname", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "server17.opscode.com", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/user-data/")
+ .with("/2012-01-12/user-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "By the pricking of my thumb...", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/dynamic/instance-identity/document/")
+ .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "{\"accountId\":\"4815162342\"}", code: "200"))
plugin.run
@@ -209,22 +212,22 @@ describe Ohai::System, "plugin ec2" do
it "parses ec2 iam/ directory and collect iam/security-credentials/" do
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/")
+ .with("/2012-01-12/meta-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "iam/", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/iam/")
+ .with("/2012-01-12/meta-data/iam/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "security-credentials/", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/iam/security-credentials/")
+ .with("/2012-01-12/meta-data/iam/security-credentials/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "MyRole", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/iam/security-credentials/MyRole")
+ .with("/2012-01-12/meta-data/iam/security-credentials/MyRole", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "{\n \"Code\" : \"Success\",\n \"LastUpdated\" : \"2012-08-22T07:47:22Z\",\n \"Type\" : \"AWS-HMAC\",\n \"AccessKeyId\" : \"AAAAAAAA\",\n \"SecretAccessKey\" : \"SSSSSSSS\",\n \"Token\" : \"12345678\",\n \"Expiration\" : \"2012-08-22T11:25:52Z\"\n}", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/user-data/")
+ .with("/2012-01-12/user-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "By the pricking of my thumb...", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/dynamic/instance-identity/document/")
+ .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "{\"accountId\":\"4815162342\"}", code: "200"))
plugin.run
@@ -242,29 +245,28 @@ describe Ohai::System, "plugin ec2" do
it "parses ec2 iam/ directory and collect info and role_name and NOT collect iam/security-credentials/" do
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/")
+ .with("/2012-01-12/meta-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "iam/", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/iam/")
+ .with("/2012-01-12/meta-data/iam/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "info\nsecurity-credentials/", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/iam/info")
+ .with("/2012-01-12/meta-data/iam/info", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "{\n \"Code\" : \"Success\",\n \"LastUpdated\" : \"2020-10-08T20:47:08Z\",\n \"InstanceProfileArn\" : \"arn:aws:iam::111111111111:instance-profile/my_profile\",\n \"InstanceProfileId\" : \"AAAAAAAAAAAAAAAAAAAAA\"\n}", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/iam/security-credentials/")
+ .with("/2012-01-12/meta-data/iam/security-credentials/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "MyRole", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/iam/security-credentials/MyRole")
+ .with("/2012-01-12/meta-data/iam/security-credentials/MyRole", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "{\n \"Code\" : \"Success\",\n \"LastUpdated\" : \"2012-08-22T07:47:22Z\",\n \"Type\" : \"AWS-HMAC\",\n \"AccessKeyId\" : \"AAAAAAAA\",\n \"SecretAccessKey\" : \"SSSSSSSS\",\n \"Token\" : \"12345678\",\n \"Expiration\" : \"2012-08-22T11:25:52Z\"\n}", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/user-data/")
+ .with("/2012-01-12/user-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "By the pricking of my thumb...", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/dynamic/instance-identity/document/")
+ .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "{\"accountId\":\"4815162342\"}", code: "200"))
plugin.run
-
expect(plugin[:ec2]).not_to be_nil
expect(plugin[:ec2]["iam"]["info"]["InstanceProfileId"]).to eql "AAAAAAAAAAAAAAAAAAAAA"
expect(plugin[:ec2]["iam"]["security-credentials"]).to be_nil
@@ -274,37 +276,36 @@ describe Ohai::System, "plugin ec2" do
it "ignores \"./\" and \"../\" on ec2 metadata paths to avoid infinity loops" do
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/")
+ .with("/2012-01-12/meta-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: ".\n./\n..\n../\npath1/.\npath2/./\npath3/..\npath4/../", code: "200"))
-
expect(@http_client).not_to receive(:get)
- .with("/2012-01-12/meta-data/.")
+ .with("/2012-01-12/meta-data/.", @get_req_token_header)
expect(@http_client).not_to receive(:get)
- .with("/2012-01-12/meta-data/./")
+ .with("/2012-01-12/meta-data/./", @get_req_token_header)
expect(@http_client).not_to receive(:get)
- .with("/2012-01-12/meta-data/..")
+ .with("/2012-01-12/meta-data/..", @get_req_token_header)
expect(@http_client).not_to receive(:get)
- .with("/2012-01-12/meta-data/../")
+ .with("/2012-01-12/meta-data/../", @get_req_token_header)
expect(@http_client).not_to receive(:get)
- .with("/2012-01-12/meta-data/path1/..")
+ .with("/2012-01-12/meta-data/path1/..", @get_req_token_header)
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/path1/")
+ .with("/2012-01-12/meta-data/path1/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/path2/")
+ .with("/2012-01-12/meta-data/path2/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/path3/")
+ .with("/2012-01-12/meta-data/path3/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/path4/")
+ .with("/2012-01-12/meta-data/path4/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/user-data/")
+ .with("/2012-01-12/user-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "By the pricking of my thumb...", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/dynamic/instance-identity/document/")
+ .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "{\"accountId\":\"4815162342\"}", code: "200"))
plugin.run
@@ -314,19 +315,19 @@ describe Ohai::System, "plugin ec2" do
it "completes the run despite unavailable metadata" do
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/")
+ .with("/2012-01-12/meta-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "metrics/", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/metrics/")
+ .with("/2012-01-12/meta-data/metrics/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "vhostmd", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/metrics/vhostmd")
+ .with("/2012-01-12/meta-data/metrics/vhostmd", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "", code: "404"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/user-data/")
+ .with("/2012-01-12/user-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "By the pricking of my thumb...", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/dynamic/instance-identity/document/")
+ .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "{\"accountId\":\"4815162342\"}", code: "200"))
plugin.run
diff --git a/spec/unit/plugins/eucalyptus_spec.rb b/spec/unit/plugins/eucalyptus_spec.rb
index 93bb08b7..24ac95d8 100644
--- a/spec/unit/plugins/eucalyptus_spec.rb
+++ b/spec/unit/plugins/eucalyptus_spec.rb
@@ -33,25 +33,28 @@ describe Ohai::System, "plugin eucalyptus" do
shared_examples_for "eucalyptus" do
before do
@http_client = double("Net::HTTP client")
+ @token = "AQAEAE4UUd-3NE5EEeYYXKxicVfDOHsx0YSHFFSuCvo2GfCcxzJsvg=="
+ @get_req_token_header = { 'X-aws-ec2-metadata-token': @token }
allow(plugin).to receive(:http_client).and_return(@http_client)
+ allow(@http_client).to receive(:put) { double("Net::HTTP::PUT Response", body: @token, code: "200") }
expect(@http_client).to receive(:get)
- .with("/")
+ .with("/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "2012-01-12", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/")
+ .with("/2012-01-12/meta-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "instance_type\nami_id\nsecurity-groups", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/instance_type")
+ .with("/2012-01-12/meta-data/instance_type", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "c1.medium", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/ami_id")
+ .with("/2012-01-12/meta-data/ami_id", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "ami-5d2dc934", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/meta-data/security-groups")
+ .with("/2012-01-12/meta-data/security-groups", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "group1\ngroup2", code: "200"))
expect(@http_client).to receive(:get)
- .with("/2012-01-12/user-data/")
+ .with("/2012-01-12/user-data/", @get_req_token_header)
.and_return(double("Net::HTTP Response", body: "By the pricking of my thumb...", code: "200"))
end
diff --git a/spec/unit/plugins/openstack_spec.rb b/spec/unit/plugins/openstack_spec.rb
index e73c0dc5..9f0e843e 100644
--- a/spec/unit/plugins/openstack_spec.rb
+++ b/spec/unit/plugins/openstack_spec.rb
@@ -187,12 +187,16 @@ describe Ohai::System, "plugin openstack" do
let(:http_client) { double("Net::HTTP", { :read_timeout= => nil, :keep_alive_timeout= => nil } ) }
def allow_get(url, response_body)
+ token = "AQAEAE4UUd-3NE5EEeYYXKxicVfDOHsx0YSHFFSuCvo2GfCcxzJsvg=="
+ allow(http_client).to receive(:put) { double("Net::HTTP::PUT Response", body: token, code: "200") }
allow(http_client).to receive(:get)
- .with(url)
+ .with(url, { 'X-aws-ec2-metadata-token': token })
.and_return(double("HTTP Response", code: "200", body: response_body))
end
def allow_get_response(url, response_body)
+ token = "AQAEAE4UUd-3NE5EEeYYXKxicVfDOHsx0YSHFFSuCvo2GfCcxzJsvg=="
+ allow(http_client).to receive(:put) { double("Net::HTTP::PUT Response", body: token, code: "200") }
allow(http_client).to receive(:get_response)
.with(url, nil, nil)
.and_return(double("HTTP Response", code: "200", body: response_body))