Skip to content

Commit

Permalink
Bug: fsx windows fileserver SSM arn parsing was incorrect
Browse files Browse the repository at this point in the history
  • Loading branch information
arun-annamalai committed Dec 14, 2023
1 parent bd3d852 commit 67c84ef
Show file tree
Hide file tree
Showing 2 changed files with 61 additions and 27 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ import (
"encoding/json"
"fmt"
"os/exec"
"path/filepath"
"strings"
"sync"
"time"
Expand Down Expand Up @@ -479,7 +478,9 @@ func (fv *FSxWindowsFileServerResource) retrieveSSMCredentials(credentialsParame
}

ssmClient := fv.ssmClientCreator.NewSSMClient(fv.region, iamCredentials)
ssmParam := filepath.Base(parsedARN.Resource)
// parsedARN.Resource looks like "arn:aws:ssm:us-west-2:123456789012:parameter/sample1/sample2/parameter1"
// We split by parameter and get ["", "/sample1/sample2/parameter1"]
ssmParam := strings.Split(parsedARN.Resource, "parameter")[1]
ssmParams := []string{ssmParam}

ssmParamMap, err := ssm.GetParametersFromSSM(ssmParams, ssmClient)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -167,35 +167,68 @@ func TestRetrieveCredentials(t *testing.T) {
}

func TestRetrieveSSMCredentials(t *testing.T) {
fv, _, ssmClientCreator, _, _, mockSSMClient, _, _ := setup(t)
credentialsParameterARN := "arn:aws:ssm:us-west-2:123456789012:parameter/test"

ssmTestData := "{\n\"username\": \"user\", \n\"password\": \"pass\"\n}"
ssmClientOutput := &ssm.GetParametersOutput{
InvalidParameters: []*string{},
Parameters: []*ssm.Parameter{
&ssm.Parameter{
Name: aws.String("test"),
Value: aws.String(ssmTestData),
},
cases := []struct {
Name string
CredentialsParameterARN string
CredentialsParameterArgument string
}{
{
Name: "TestRetrieveSSMCredentialsSimple",
CredentialsParameterARN: "arn:aws:ssm:us-west-2:123456789012:parameter/test",
CredentialsParameterArgument: "/test",
},
{
Name: "TestRetrieveSSMCredentialsSimple2",
CredentialsParameterARN: "arn:aws:ssm:us-west-2:123456789012:parameter/hello",
CredentialsParameterArgument: "/hello",
},
{
Name: "TestRetrieveSSMCredentialsPath",
CredentialsParameterARN: "arn:aws:ssm:us-west-2:123456789012:parameter/path1/path2/hello",
CredentialsParameterArgument: "/path1/path2/hello",
},
}

iamCredentials := credentials.IAMRoleCredentials{
CredentialsID: "test-cred-id",
for _, tc := range cases {
t.Run(tc.Name, func(t *testing.T) {
fv, _, ssmClientCreator, _, _, mockSSMClient, _, _ := setup(t)
credentialsParameterARN := tc.CredentialsParameterARN

ssmTestData := "{\n\"username\": \"user\", \n\"password\": \"pass\"\n}"
ssmClientOutput := &ssm.GetParametersOutput{
InvalidParameters: []*string{},
Parameters: []*ssm.Parameter{
&ssm.Parameter{
Name: aws.String(tc.CredentialsParameterArgument),
Value: aws.String(ssmTestData),
},
},
}

iamCredentials := credentials.IAMRoleCredentials{
CredentialsID: "test-cred-id",
}

//&ssm.GetParametersInput{
// Names: []*string{&tc.CredentialsParameterArgument},
// WithDecryption: aws.Bool(false),
//}
gomock.InOrder(
ssmClientCreator.EXPECT().NewSSMClient(gomock.Any(), gomock.Any()).Return(mockSSMClient),
mockSSMClient.EXPECT().GetParameters(&ssm.GetParametersInput{
Names: []*string{&tc.CredentialsParameterARN},
WithDecryption: aws.Bool(false),
}).Return(ssmClientOutput, nil).Times(1),
)

err := fv.retrieveSSMCredentials(credentialsParameterARN, iamCredentials)
assert.NoError(t, err)

credentials := fv.Credentials
assert.Equal(t, "user", credentials.Username)
assert.Equal(t, "pass", credentials.Password)
})
}

gomock.InOrder(
ssmClientCreator.EXPECT().NewSSMClient(gomock.Any(), gomock.Any()).Return(mockSSMClient),
mockSSMClient.EXPECT().GetParameters(gomock.Any()).Return(ssmClientOutput, nil).Times(1),
)

err := fv.retrieveSSMCredentials(credentialsParameterARN, iamCredentials)
assert.NoError(t, err)

credentials := fv.Credentials
assert.Equal(t, "user", credentials.Username)
assert.Equal(t, "pass", credentials.Password)
}

func TestRetrieveASMCredentials(t *testing.T) {
Expand Down

0 comments on commit 67c84ef

Please sign in to comment.