diff options
author | Tim Smith <tsmith@chef.io> | 2021-01-25 12:53:13 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-25 12:53:13 -0800 |
commit | c33e81ba724c9ac4d5d9e2ced8a06ab4c4230a1c (patch) | |
tree | b020bc64e701557bf7869076c44c5cdf42778bac | |
parent | f4e5b68f35de8a5bdca06a2b2fff5fd8337f611e (diff) | |
parent | dc6955ed7b9a04f58991857605513da2d17bbb44 (diff) | |
download | ohai-c33e81ba724c9ac4d5d9e2ced8a06ab4c4230a1c.tar.gz |
Merge pull request #1520 from higanworks/imds-v2
Signed-off-by: Tim Smith <tsmith@chef.io>
-rw-r--r-- | lib/ohai/mixin/ec2_metadata.rb | 12 | ||||
-rw-r--r-- | spec/unit/mixin/ec2_metadata_spec.rb | 10 | ||||
-rw-r--r-- | spec/unit/plugins/ec2_spec.rb | 113 | ||||
-rw-r--r-- | spec/unit/plugins/eucalyptus_spec.rb | 15 | ||||
-rw-r--r-- | spec/unit/plugins/openstack_spec.rb | 6 |
5 files changed, 87 insertions, 69 deletions
diff --git a/lib/ohai/mixin/ec2_metadata.rb b/lib/ohai/mixin/ec2_metadata.rb index 72894170..d183b962 100644 --- a/lib/ohai/mixin/ec2_metadata.rb +++ b/lib/ohai/mixin/ec2_metadata.rb @@ -51,7 +51,7 @@ module Ohai def best_api_version @api_version ||= begin logger.trace("Mixin EC2: Fetching http://#{EC2_METADATA_ADDR}/ to determine the latest supported metadata release") - response = http_client.get("/") + response = http_client.get("/", { 'X-aws-ec2-metadata-token': v2_token }) if response.code == "404" logger.trace("Mixin EC2: Received HTTP 404 from metadata server while determining API version, assuming 'latest'") return "latest" @@ -84,6 +84,10 @@ module Ohai end end + def v2_token + @v2_token ||= http_client.put("/latest/api/token", nil, { 'X-aws-ec2-metadata-token-ttl-seconds': "60" })&.body + end + # Get metadata for a given path and API version # # Typically, a 200 response is expected for valid metadata. @@ -93,7 +97,7 @@ module Ohai def metadata_get(id, api_version) path = "/#{api_version}/meta-data/#{id}" logger.trace("Mixin EC2: Fetching http://#{EC2_METADATA_ADDR}#{path}") - response = http_client.get(path) + response = http_client.get(path, { 'X-aws-ec2-metadata-token': v2_token }) case response.code when "200" response.body @@ -174,13 +178,13 @@ module Ohai def fetch_userdata logger.trace("Mixin EC2: Fetching http://#{EC2_METADATA_ADDR}/#{best_api_version}/user-data/") - response = http_client.get("/#{best_api_version}/user-data/") + response = http_client.get("/#{best_api_version}/user-data/", { 'X-aws-ec2-metadata-token': v2_token }) response.code == "200" ? response.body : nil end def fetch_dynamic_data @fetch_dynamic_data ||= begin - response = http_client.get("/#{best_api_version}/dynamic/instance-identity/document/") + response = http_client.get("/#{best_api_version}/dynamic/instance-identity/document/", { 'X-aws-ec2-metadata-token': v2_token }) if json?(response.body) && response.code == "200" FFI_Yajl::Parser.parse(response.body) diff --git a/spec/unit/mixin/ec2_metadata_spec.rb b/spec/unit/mixin/ec2_metadata_spec.rb index 3144a6d5..4579686b 100644 --- a/spec/unit/mixin/ec2_metadata_spec.rb +++ b/spec/unit/mixin/ec2_metadata_spec.rb @@ -15,7 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # - require "spec_helper" require "ohai/mixin/ec2_metadata" @@ -23,6 +22,7 @@ describe Ohai::Mixin::Ec2Metadata do let(:mixin) do metadata_object = Object.new.extend(described_class) http_client = double("Net::HTTP client") + allow(http_client).to receive(:put) { double("Net::HTTP::PUT Response", body: "AQAEAE4UUd-3NE5EEeYYXKxicVfDOHsx0YSHFFSuCvo2GfCcxzJsvg==", code: "200") } allow(http_client).to receive(:get).and_return(response) allow(metadata_object).to receive(:http_client).and_return(http_client) metadata_object @@ -36,7 +36,6 @@ describe Ohai::Mixin::Ec2Metadata do describe "#best_api_version" do context "with a sorted list of metadata versions" do let(:response) { double("Net::HTTP Response", body: "1.0\n2011-05-01\n2012-01-12\nUnsupported", code: "200") } - it "returns the most recent version" do expect(mixin.best_api_version).to eq("2012-01-12") end @@ -74,6 +73,13 @@ describe Ohai::Mixin::Ec2Metadata do expect { mixin.best_api_version }.to raise_error(RuntimeError) end end + + context "when metadata service is disabled" do + let(:response) { double("Net::HTTP::PUT Response", body: "403 - Forbidden", code: "403") } + it "raises an error" do + expect { mixin.best_api_version }.to raise_error(RuntimeError) + end + end end describe "#metadata_get" do diff --git a/spec/unit/plugins/ec2_spec.rb b/spec/unit/plugins/ec2_spec.rb index c205953c..75a9c529 100644 --- a/spec/unit/plugins/ec2_spec.rb +++ b/spec/unit/plugins/ec2_spec.rb @@ -46,8 +46,11 @@ describe Ohai::System, "plugin ec2" do t = double("connection") allow(t).to receive(:connect_nonblock).and_raise(Errno::EINPROGRESS) allow(Socket).to receive(:new).and_return(t) + token = "AQAEAE4UUd-3NE5EEeYYXKxicVfDOHsx0YSHFFSuCvo2GfCcxzJsvg==" + @get_req_token_header = { 'X-aws-ec2-metadata-token': token } + allow(@http_client).to receive(:put) { double("Net::HTTP::PUT Response", body: token, code: "200") } expect(@http_client).to receive(:get) - .with("/") + .with("/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "2012-01-12", code: "200")) end @@ -63,14 +66,14 @@ describe Ohai::System, "plugin ec2" do it "recursively fetches all the ec2 metadata" do paths.each do |name, body| expect(@http_client).to receive(:get) - .with("/2012-01-12/#{name}") + .with("/2012-01-12/#{name}", @get_req_token_header) .and_return(double("Net::HTTP Response", body: body, code: "200")) end expect(@http_client).to receive(:get) - .with("/2012-01-12/user-data/") + .with("/2012-01-12/user-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "By the pricking of my thumb...", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/dynamic/instance-identity/document/") + .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "{\"accountId\":\"4815162342\"}", code: "200")) plugin.run @@ -84,14 +87,14 @@ describe Ohai::System, "plugin ec2" do it "fetches binary userdata opaquely" do paths.each do |name, body| expect(@http_client).to receive(:get) - .with("/2012-01-12/#{name}") + .with("/2012-01-12/#{name}", @get_req_token_header) .and_return(double("Net::HTTP Response", body: body, code: "200")) end expect(@http_client).to receive(:get) - .with("/2012-01-12/user-data/") + .with("/2012-01-12/user-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "^_<8B>^H^H<C7>U^@^Csomething^@KT<C8><C9>,)<C9>IU(I-.I<CB><CC>I<E5>^B^@^Qz<BF><B0>^R^@^@^@", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/dynamic/instance-identity/document/") + .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "{\"accountId\":\"4815162342\"}", code: "200")) plugin.run @@ -106,14 +109,14 @@ describe Ohai::System, "plugin ec2" do it "fetches AWS account id" do paths.each do |name, body| expect(@http_client).to receive(:get) - .with("/2012-01-12/#{name}") + .with("/2012-01-12/#{name}", @get_req_token_header) .and_return(double("Net::HTTP Response", body: body, code: "200")) end expect(@http_client).to receive(:get) - .with("/2012-01-12/user-data/") + .with("/2012-01-12/user-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "^_<8B>^H^H<C7>U^@^Csomething^@KT<C8><C9>,)<C9>IU(I-.I<CB><CC>I<E5>^B^@^Qz<BF><B0>^R^@^@^@", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/dynamic/instance-identity/document/") + .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "{\"accountId\":\"4815162342\"}", code: "200")) plugin.run @@ -128,14 +131,14 @@ describe Ohai::System, "plugin ec2" do it "fetches AWS region" do paths.each do |name, body| expect(@http_client).to receive(:get) - .with("/2012-01-12/#{name}") + .with("/2012-01-12/#{name}", @get_req_token_header) .and_return(double("Net::HTTP Response", body: body, code: "200")) end expect(@http_client).to receive(:get) - .with("/2012-01-12/user-data/") + .with("/2012-01-12/user-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "^_<8B>^H^H<C7>U^@^Csomething^@KT<C8><C9>,)<C9>IU(I-.I<CB><CC>I<E5>^B^@^Qz<BF><B0>^R^@^@^@", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/dynamic/instance-identity/document/") + .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "{\"region\":\"us-east-1\"}", code: "200")) plugin.run @@ -150,14 +153,14 @@ describe Ohai::System, "plugin ec2" do it "fetches AWS availability zone" do paths.each do |name, body| expect(@http_client).to receive(:get) - .with("/2012-01-12/#{name}") + .with("/2012-01-12/#{name}", @get_req_token_header) .and_return(double("Net::HTTP Response", body: body, code: "200")) end expect(@http_client).to receive(:get) - .with("/2012-01-12/user-data/") + .with("/2012-01-12/user-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "^_<8B>^H^H<C7>U^@^Csomething^@KT<C8><C9>,)<C9>IU(I-.I<CB><CC>I<E5>^B^@^Qz<BF><B0>^R^@^@^@", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/dynamic/instance-identity/document/") + .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "{\"availabilityZone\":\"us-east-1d\"}", code: "200")) plugin.run @@ -172,28 +175,28 @@ describe Ohai::System, "plugin ec2" do it "parses ec2 network/ directory as a multi-level hash" do expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/") + .with("/2012-01-12/meta-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "network/", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/network/") + .with("/2012-01-12/meta-data/network/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "interfaces/", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/network/interfaces/") + .with("/2012-01-12/meta-data/network/interfaces/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "macs/", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/network/interfaces/macs/") + .with("/2012-01-12/meta-data/network/interfaces/macs/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "12:34:56:78:9a:bc/", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/network/interfaces/macs/12:34:56:78:9a:bc/") + .with("/2012-01-12/meta-data/network/interfaces/macs/12:34:56:78:9a:bc/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "public_hostname", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/network/interfaces/macs/12:34:56:78:9a:bc/public_hostname") + .with("/2012-01-12/meta-data/network/interfaces/macs/12:34:56:78:9a:bc/public_hostname", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "server17.opscode.com", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/user-data/") + .with("/2012-01-12/user-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "By the pricking of my thumb...", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/dynamic/instance-identity/document/") + .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "{\"accountId\":\"4815162342\"}", code: "200")) plugin.run @@ -209,22 +212,22 @@ describe Ohai::System, "plugin ec2" do it "parses ec2 iam/ directory and collect iam/security-credentials/" do expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/") + .with("/2012-01-12/meta-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "iam/", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/iam/") + .with("/2012-01-12/meta-data/iam/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "security-credentials/", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/iam/security-credentials/") + .with("/2012-01-12/meta-data/iam/security-credentials/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "MyRole", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/iam/security-credentials/MyRole") + .with("/2012-01-12/meta-data/iam/security-credentials/MyRole", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "{\n \"Code\" : \"Success\",\n \"LastUpdated\" : \"2012-08-22T07:47:22Z\",\n \"Type\" : \"AWS-HMAC\",\n \"AccessKeyId\" : \"AAAAAAAA\",\n \"SecretAccessKey\" : \"SSSSSSSS\",\n \"Token\" : \"12345678\",\n \"Expiration\" : \"2012-08-22T11:25:52Z\"\n}", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/user-data/") + .with("/2012-01-12/user-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "By the pricking of my thumb...", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/dynamic/instance-identity/document/") + .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "{\"accountId\":\"4815162342\"}", code: "200")) plugin.run @@ -242,29 +245,28 @@ describe Ohai::System, "plugin ec2" do it "parses ec2 iam/ directory and collect info and role_name and NOT collect iam/security-credentials/" do expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/") + .with("/2012-01-12/meta-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "iam/", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/iam/") + .with("/2012-01-12/meta-data/iam/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "info\nsecurity-credentials/", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/iam/info") + .with("/2012-01-12/meta-data/iam/info", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "{\n \"Code\" : \"Success\",\n \"LastUpdated\" : \"2020-10-08T20:47:08Z\",\n \"InstanceProfileArn\" : \"arn:aws:iam::111111111111:instance-profile/my_profile\",\n \"InstanceProfileId\" : \"AAAAAAAAAAAAAAAAAAAAA\"\n}", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/iam/security-credentials/") + .with("/2012-01-12/meta-data/iam/security-credentials/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "MyRole", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/iam/security-credentials/MyRole") + .with("/2012-01-12/meta-data/iam/security-credentials/MyRole", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "{\n \"Code\" : \"Success\",\n \"LastUpdated\" : \"2012-08-22T07:47:22Z\",\n \"Type\" : \"AWS-HMAC\",\n \"AccessKeyId\" : \"AAAAAAAA\",\n \"SecretAccessKey\" : \"SSSSSSSS\",\n \"Token\" : \"12345678\",\n \"Expiration\" : \"2012-08-22T11:25:52Z\"\n}", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/user-data/") + .with("/2012-01-12/user-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "By the pricking of my thumb...", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/dynamic/instance-identity/document/") + .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "{\"accountId\":\"4815162342\"}", code: "200")) plugin.run - expect(plugin[:ec2]).not_to be_nil expect(plugin[:ec2]["iam"]["info"]["InstanceProfileId"]).to eql "AAAAAAAAAAAAAAAAAAAAA" expect(plugin[:ec2]["iam"]["security-credentials"]).to be_nil @@ -274,37 +276,36 @@ describe Ohai::System, "plugin ec2" do it "ignores \"./\" and \"../\" on ec2 metadata paths to avoid infinity loops" do expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/") + .with("/2012-01-12/meta-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: ".\n./\n..\n../\npath1/.\npath2/./\npath3/..\npath4/../", code: "200")) - expect(@http_client).not_to receive(:get) - .with("/2012-01-12/meta-data/.") + .with("/2012-01-12/meta-data/.", @get_req_token_header) expect(@http_client).not_to receive(:get) - .with("/2012-01-12/meta-data/./") + .with("/2012-01-12/meta-data/./", @get_req_token_header) expect(@http_client).not_to receive(:get) - .with("/2012-01-12/meta-data/..") + .with("/2012-01-12/meta-data/..", @get_req_token_header) expect(@http_client).not_to receive(:get) - .with("/2012-01-12/meta-data/../") + .with("/2012-01-12/meta-data/../", @get_req_token_header) expect(@http_client).not_to receive(:get) - .with("/2012-01-12/meta-data/path1/..") + .with("/2012-01-12/meta-data/path1/..", @get_req_token_header) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/path1/") + .with("/2012-01-12/meta-data/path1/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/path2/") + .with("/2012-01-12/meta-data/path2/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/path3/") + .with("/2012-01-12/meta-data/path3/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/path4/") + .with("/2012-01-12/meta-data/path4/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/user-data/") + .with("/2012-01-12/user-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "By the pricking of my thumb...", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/dynamic/instance-identity/document/") + .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "{\"accountId\":\"4815162342\"}", code: "200")) plugin.run @@ -314,19 +315,19 @@ describe Ohai::System, "plugin ec2" do it "completes the run despite unavailable metadata" do expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/") + .with("/2012-01-12/meta-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "metrics/", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/metrics/") + .with("/2012-01-12/meta-data/metrics/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "vhostmd", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/metrics/vhostmd") + .with("/2012-01-12/meta-data/metrics/vhostmd", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "", code: "404")) expect(@http_client).to receive(:get) - .with("/2012-01-12/user-data/") + .with("/2012-01-12/user-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "By the pricking of my thumb...", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/dynamic/instance-identity/document/") + .with("/2012-01-12/dynamic/instance-identity/document/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "{\"accountId\":\"4815162342\"}", code: "200")) plugin.run diff --git a/spec/unit/plugins/eucalyptus_spec.rb b/spec/unit/plugins/eucalyptus_spec.rb index 93bb08b7..24ac95d8 100644 --- a/spec/unit/plugins/eucalyptus_spec.rb +++ b/spec/unit/plugins/eucalyptus_spec.rb @@ -33,25 +33,28 @@ describe Ohai::System, "plugin eucalyptus" do shared_examples_for "eucalyptus" do before do @http_client = double("Net::HTTP client") + @token = "AQAEAE4UUd-3NE5EEeYYXKxicVfDOHsx0YSHFFSuCvo2GfCcxzJsvg==" + @get_req_token_header = { 'X-aws-ec2-metadata-token': @token } allow(plugin).to receive(:http_client).and_return(@http_client) + allow(@http_client).to receive(:put) { double("Net::HTTP::PUT Response", body: @token, code: "200") } expect(@http_client).to receive(:get) - .with("/") + .with("/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "2012-01-12", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/") + .with("/2012-01-12/meta-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "instance_type\nami_id\nsecurity-groups", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/instance_type") + .with("/2012-01-12/meta-data/instance_type", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "c1.medium", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/ami_id") + .with("/2012-01-12/meta-data/ami_id", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "ami-5d2dc934", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/meta-data/security-groups") + .with("/2012-01-12/meta-data/security-groups", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "group1\ngroup2", code: "200")) expect(@http_client).to receive(:get) - .with("/2012-01-12/user-data/") + .with("/2012-01-12/user-data/", @get_req_token_header) .and_return(double("Net::HTTP Response", body: "By the pricking of my thumb...", code: "200")) end diff --git a/spec/unit/plugins/openstack_spec.rb b/spec/unit/plugins/openstack_spec.rb index e73c0dc5..9f0e843e 100644 --- a/spec/unit/plugins/openstack_spec.rb +++ b/spec/unit/plugins/openstack_spec.rb @@ -187,12 +187,16 @@ describe Ohai::System, "plugin openstack" do let(:http_client) { double("Net::HTTP", { :read_timeout= => nil, :keep_alive_timeout= => nil } ) } def allow_get(url, response_body) + token = "AQAEAE4UUd-3NE5EEeYYXKxicVfDOHsx0YSHFFSuCvo2GfCcxzJsvg==" + allow(http_client).to receive(:put) { double("Net::HTTP::PUT Response", body: token, code: "200") } allow(http_client).to receive(:get) - .with(url) + .with(url, { 'X-aws-ec2-metadata-token': token }) .and_return(double("HTTP Response", code: "200", body: response_body)) end def allow_get_response(url, response_body) + token = "AQAEAE4UUd-3NE5EEeYYXKxicVfDOHsx0YSHFFSuCvo2GfCcxzJsvg==" + allow(http_client).to receive(:put) { double("Net::HTTP::PUT Response", body: token, code: "200") } allow(http_client).to receive(:get_response) .with(url, nil, nil) .and_return(double("HTTP Response", code: "200", body: response_body)) |