root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity

address review feedback

This commit is contained in:
Thuan Duong Ba 2021-04-06 17:54:40 -07:00 committed by Michael Klishin
parent ff78961206
commit 9634f8205a
No known key found for this signature in database
GPG Key ID: E80EDCFA0CDB21EE
5 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
deps/rabbit/priv/schema/rabbit.schema vendored
View File

@ -1921,8 +1921,8 @@ end}.
% AWS section
% ===============================
%% @doc Whether or not to prefer IMDSv2 when querying instance metadata service
%% If not set or set to true, IMDSv2 will be preferred to use first. If fails, IMDSv1 will be used.
%% @doc Whether or not to prefer EC2 IMDSv2 when querying instance metadata service.
%% If not set or set to true, EC2 IMDSv2 will be preferred to use first. If fails, IEC2 MDSv1 will be used.
%% See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html.
{mapping, "aws.prefer_imdsv2", "rabbit.aws_prefer_imdsv2",

2
deps/rabbitmq_aws/README.md vendored
View File

@ -54,7 +54,7 @@ configuration or to impact configuration behavior:
``rabbitmq_aws:set_region/1`` | Manually specify the AWS region to make requests to.
``rabbitmq_aws:set_credentials/2`` | Manually specify the request credentials to use.
``rabbitmq_aws:refresh_credentials/0`` | Refresh the credentials from the environment, filesystem, or EC2 Instance Metadata service.
``rabbitmq_aws:ensure_imdsv2_token_valid/0`` | Make sure IMDSv2 token is acctive and valid.
``rabbitmq_aws:ensure_imdsv2_token_valid/0`` | Make sure EC2 IMDSv2 token is active and valid.
``rabbitmq_aws:api_get_request/2`` | Perform an AWS service API request.
``rabbitmq_aws:get/2`` | Perform a GET request to the API specifying the service and request path.
``rabbitmq_aws:get/3`` | Perform a GET request specifying the service, path, and headers.

6
deps/rabbitmq_aws/include/rabbitmq_aws.hrl vendored
View File

@ -35,8 +35,10 @@
-define(METADATA_TOKEN_TLL_HEADER, "X-aws-ec2-metadata-token-ttl-seconds").
% AWS IMDSv2 is session-based and instance metadata service requests which are only needed for loading/refreshing credentials.
% We dont need to have long-live metadata token. In fact, we only need the token is valid for a sufficient period to successfully
% EC2 Instance Metadata service version 2 (IMDSv2) uses session-oriented authentication.
% Instance metadata service requests are only needed for loading/refreshing credentials.
% We dont need to have long-live metadata token.
% In fact, we only need the token is valid for a sufficient period to successfully
% load/refresh credentials. 60 seconds is more than enough for that goal.
-define(METADATA_TOKEN_TLL_SECONDS, 60).

4
deps/rabbitmq_aws/src/rabbitmq_aws.erl vendored
View File

@ -154,14 +154,14 @@ set_region(Region) ->
gen_server:call(rabbitmq_aws, {set_region, Region}).
-spec set_imdsv2_token(imdsv2token()) -> ok.
%% @doc Manually set the Imdsv2Token to perform instance metadata service requests.
%% @doc Manually set the Imdsv2Token used to perform instance metadata service requests.
%% @end
set_imdsv2_token(Imdsv2Token) ->
gen_server:call(rabbitmq_aws, {set_imdsv2_token, Imdsv2Token}).
-spec get_imdsv2_token() -> imdsv2token().
%% @doc return the current Imdsv2Token to perform instance metadata service requests.
%% @doc return the current Imdsv2Token used to perform instance metadata service requests.
%% @end
get_imdsv2_token() ->
{ok, Imdsv2Token}=gen_server:call(rabbitmq_aws, get_imdsv2_token),

7
deps/rabbitmq_aws/src/rabbitmq_aws_config.erl vendored
View File

@ -426,14 +426,13 @@ instance_role_url() ->
instance_metadata_url(string:join([?INSTANCE_METADATA_BASE, ?INSTANCE_CREDENTIALS], "/")).
-spec imdsv2_token_url() -> string().
%% @doc Return the URL for obtaining IMDSv2 token from the Instance Metadata service
%% @doc Return the URL for obtaining IMDSv2 token from the Instance Metadata service.
%% @end
imdsv2_token_url() ->
instance_metadata_url(?TOKEN_URL).
-spec instance_id_url() -> string().
%% @doc Return the URL for querying the id of the current
%% instance from the Instance Metadata service.
%% @doc Return the URL for querying the id of the current instance from the Instance Metadata service.
%% @end
instance_id_url() ->
instance_metadata_url(string:join([?INSTANCE_METADATA_BASE, ?INSTANCE_ID], "/")).
@ -735,7 +734,7 @@ region_from_availability_zone(Value) ->
-spec load_imdsv2_token() -> security_token().
%% @doc Attempt to obtain IMDSv2 token.
%% @doc Attempt to obtain EC2 IMDSv2 token.
%% @end
load_imdsv2_token() ->
TokenUrl=imdsv2_token_url(),