Skip to content

Commit

Permalink
Bug: fsx windows fileserver SSM arn parsing was incorrect
Browse files Browse the repository at this point in the history
  • Loading branch information
arun-annamalai committed Dec 14, 2023
1 parent bd3d852 commit 1b5f2f0
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 30 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ import (
"encoding/json"
"fmt"
"os/exec"
"path/filepath"
"strings"
"sync"
"time"
Expand Down Expand Up @@ -479,7 +478,9 @@ func (fv *FSxWindowsFileServerResource) retrieveSSMCredentials(credentialsParame
}

ssmClient := fv.ssmClientCreator.NewSSMClient(fv.region, iamCredentials)
ssmParam := filepath.Base(parsedARN.Resource)
// parsedARN.Resource looks like "arn:aws:ssm:us-west-2:123456789012:parameter/sample1/sample2/parameter1"
// We split by parameter and get ["", "/sample1/sample2/parameter1"]
ssmParam := strings.Split(parsedARN.Resource, "parameter")[1]
ssmParams := []string{ssmParam}

ssmParamMap, err := ssm.GetParametersFromSSM(ssmParams, ssmClient)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ func TestRetrieveCredentials(t *testing.T) {
InvalidParameters: []*string{},
Parameters: []*ssm.Parameter{
&ssm.Parameter{
Name: aws.String("test"),
Name: aws.String("/test"),
Value: aws.String(ssmTestData),
},
},
Expand All @@ -167,35 +167,64 @@ func TestRetrieveCredentials(t *testing.T) {
}

func TestRetrieveSSMCredentials(t *testing.T) {
fv, _, ssmClientCreator, _, _, mockSSMClient, _, _ := setup(t)
credentialsParameterARN := "arn:aws:ssm:us-west-2:123456789012:parameter/test"

ssmTestData := "{\n\"username\": \"user\", \n\"password\": \"pass\"\n}"
ssmClientOutput := &ssm.GetParametersOutput{
InvalidParameters: []*string{},
Parameters: []*ssm.Parameter{
&ssm.Parameter{
Name: aws.String("test"),
Value: aws.String(ssmTestData),
},
cases := []struct {
Name string
CredentialsParameterARN string
CredentialsParameterName string
}{
{
Name: "TestRetrieveSSMCredentialsSimple",
CredentialsParameterARN: "arn:aws:ssm:us-west-2:123456789012:parameter/test",
CredentialsParameterName: "/test",
},
{
Name: "TestRetrieveSSMCredentialsSimple2",
CredentialsParameterARN: "arn:aws:ssm:us-west-2:123456789012:parameter/hello",
CredentialsParameterName: "/hello",
},
{
Name: "TestRetrieveSSMCredentialsPath",
CredentialsParameterARN: "arn:aws:ssm:us-west-2:123456789012:parameter/path1/path2/hello",
CredentialsParameterName: "/path1/path2/hello",
},
}

iamCredentials := credentials.IAMRoleCredentials{
CredentialsID: "test-cred-id",
for _, tc := range cases {
t.Run(tc.Name, func(t *testing.T) {
fv, _, ssmClientCreator, _, _, mockSSMClient, _, _ := setup(t)
credentialsParameterARN := tc.CredentialsParameterARN

ssmTestData := "{\n\"username\": \"user\", \n\"password\": \"pass\"\n}"
ssmClientOutput := &ssm.GetParametersOutput{
InvalidParameters: []*string{},
Parameters: []*ssm.Parameter{
&ssm.Parameter{
Name: aws.String(tc.CredentialsParameterName),
Value: aws.String(ssmTestData),
},
},
}

iamCredentials := credentials.IAMRoleCredentials{
CredentialsID: "test-cred-id",
}

gomock.InOrder(
ssmClientCreator.EXPECT().NewSSMClient(gomock.Any(), gomock.Any()).Return(mockSSMClient),
mockSSMClient.EXPECT().GetParameters(&ssm.GetParametersInput{
Names: []*string{&tc.CredentialsParameterName},
WithDecryption: aws.Bool(false),
}).Return(ssmClientOutput, nil).Times(1),
)

err := fv.retrieveSSMCredentials(credentialsParameterARN, iamCredentials)
assert.NoError(t, err)

credentials := fv.Credentials
assert.Equal(t, "user", credentials.Username)
assert.Equal(t, "pass", credentials.Password)
})
}

gomock.InOrder(
ssmClientCreator.EXPECT().NewSSMClient(gomock.Any(), gomock.Any()).Return(mockSSMClient),
mockSSMClient.EXPECT().GetParameters(gomock.Any()).Return(ssmClientOutput, nil).Times(1),
)

err := fv.retrieveSSMCredentials(credentialsParameterARN, iamCredentials)
assert.NoError(t, err)

credentials := fv.Credentials
assert.Equal(t, "user", credentials.Username)
assert.Equal(t, "pass", credentials.Password)
}

func TestRetrieveASMCredentials(t *testing.T) {
Expand Down Expand Up @@ -489,7 +518,7 @@ func TestCreateUnavailableLocalPath(t *testing.T) {
InvalidParameters: []*string{},
Parameters: []*ssm.Parameter{
&ssm.Parameter{
Name: aws.String("test"),
Name: aws.String("/test"),
Value: aws.String(ssmTestData),
},
},
Expand Down Expand Up @@ -574,7 +603,7 @@ func TestCreateSSM(t *testing.T) {
InvalidParameters: []*string{},
Parameters: []*ssm.Parameter{
&ssm.Parameter{
Name: aws.String("test"),
Name: aws.String("/test"),
Value: aws.String(ssmTestData),
},
},
Expand Down

0 comments on commit 1b5f2f0

Please sign in to comment.