Add IMDSv2 support to AwsCandidateHarvester #294
Conversation
|
Hi, thanks for your contribution! |
|
already signed |
| @@ -183,11 +206,10 @@ private static boolean doTestEc2() | |||
| { | |||
| try | |||
| { | |||
| URLConnection conn = new URL(EC2_TEST_URL).openConnection(); | |||
| conn.setConnectTimeout(500); //don't hang for too long | |||
There was a problem hiding this comment.
Can you bring back the short timeout please?
| @@ -21,6 +21,8 @@ | |||
|
|
|||
| import java.io.*; | |||
| import java.net.*; | |||
| import java.util.Collections; | |||
There was a problem hiding this comment.
Change this to a * import please
|
Thanks for the contribution! I left a couple of minor requests. I'll run a manual test and let you know if I have more. Confirmed CLA. Jenkins, please add to whitelist |
|
Looks good after testing |
|
hi @bgrozev, thanks for the review! Actually for my deployment I ended up with the |
|
Sure, unless it's a large change let's go with HttpClient |
Hello, AWS recommend to disable IMDSv1 support for EC2 instances: https://aws.amazon.com/blogs/security/get-the-full-benefits-of-imdsv2-and-disable-imdsv1-across-your-aws-infrastructure/
However it breaks AwsCandidateHarvester functionality because REST endpoints it uses to detect EC2 and obtain private/public IPs become unavailable. I would like to propose the fix that will work for both IMDSv1 and IMDSv2:
doTestEc2()will now try to obtain an API token asEC2_TEST_URLis unavailable without a token.fetch()to set a method and pass required headers.