aws-sdk-kotlin Allow ECS metadata service to use hostnames

Allow ECS metadata service to use hostnames

Open aajtodd opened this issue 3 years ago • 0 comments

Describe the feature

The ECS credentials provider added in #475 only allows 127.0.0.1/[::1] IP addresses when AWS_CONTAINER_CREDENTIALS_FULL_URI is used with http. Metadata services should be allowed to provide any hostname they want as long as all of the IP addresses for said host resolve to the loopback device.

Is your Feature Request related to a problem?

N/A

Proposed Solution

We need a KMP compatible DNS host resolver, something like:

fun interface HostResolver {
    suspend fun resolve(hostname: String): List<IpAddr>
}

class IpAddr(...) {
    fun isLoopbackDevice(): Boolean
    ...
}

This needs to be added to the validate full URI check (or at construction time) and verify that all IP addresses are the loopback device:

class EcsCredentialsProvider(...) {
    suspend fun validateFullUri(uri: String) {
        ...
        
        val ips = hostResolver.resolve(hostname)
        return ips.all { it.isLoopbackDevice() }
    }
}

Describe alternative solutions or features you've considered

N/A

Acknowledge

[ ] I may be able to implement this feature request

AWS Kotlin SDK version used

N/A

Platform (JVM/JS/Native)

N/A

Operating System and version

N/A

Dec 16 '21 15:12 aajtodd

aws-sdk-kotlin aws-sdk-kotlin copied to clipboard

Allow ECS metadata service to use hostnames

Describe the feature

Is your Feature Request related to a problem?

Proposed Solution

Describe alternative solutions or features you've considered

Acknowledge

AWS Kotlin SDK version used

Platform (JVM/JS/Native)

Operating System and version

aws-sdk-kotlin
aws-sdk-kotlin copied to clipboard