Skip to content

Commit

Permalink
Bug: fsx windows fileserver SSM arn parsing was incorrect
Browse files Browse the repository at this point in the history
  • Loading branch information
@arun-annamalai
arun-annamalai committed Dec 21, 2023
1 parent fef8e10 commit ad0fb37
Show file tree
Hide file tree
Showing 2 changed files with 79 additions and 32 deletions.
16 changes: 12 additions & 4 deletions agent/taskresource/fsxwindowsfileserver/fsxwindowsfileserver_windows.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ import (
"encoding/json"
"fmt"
"os/exec"
"path/filepath"
"strings"
"sync"
"time"
Expand Down Expand Up @@ -479,15 +478,24 @@ func (fv *FSxWindowsFileServerResource) retrieveSSMCredentials(credentialsParame
}

ssmClient := fv.ssmClientCreator.NewSSMClient(fv.region, iamCredentials)
ssmParam := filepath.Base(parsedARN.Resource)
ssmParams := []string{ssmParam}
// parsedARN.Resource looks like "arn:aws:ssm:us-west-2:123456789012:parameter/sample1/sample2/parameter1"
// We cut by parameter and get "arn:aws:ssm:us-west-2:123456789012:parameter", "/sample1/sample2/parameter1", True/False
_, ssmParamName, found := strings.Cut(parsedARN.Resource, "parameter")
if !found {
err = errors.New("unxpected error. expected fsx credential ssm arn but did not find string 'parameter' in the arn")
fv.setTerminalReason(err.Error())
return err

}

ssmParams := []string{ssmParamName}

ssmParamMap, err := ssm.GetParametersFromSSM(ssmParams, ssmClient)
if err != nil {
return err
}

ssmParamData, _ := ssmParamMap[ssmParam]
ssmParamData, _ := ssmParamMap[ssmParamName]
creds := FSxWindowsFileServerCredentials{}

if err := json.Unmarshal([]byte(ssmParamData), &creds); err != nil {
Expand Down
95 changes: 67 additions & 28 deletions agent/taskresource/fsxwindowsfileserver/fsxwindowsfileserver_windows_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ func TestRetrieveCredentials(t *testing.T) {
InvalidParameters: []*string{},
Parameters: []*ssm.Parameter{
&ssm.Parameter{
Name: aws.String("test"),
Name: aws.String("/test"),
Value: aws.String(ssmTestData),
},
},
Expand All @@ -167,35 +167,74 @@ func TestRetrieveCredentials(t *testing.T) {
}

func TestRetrieveSSMCredentials(t *testing.T) {
fv, _, ssmClientCreator, _, _, mockSSMClient, _, _ := setup(t)
credentialsParameterARN := "arn:aws:ssm:us-west-2:123456789012:parameter/test"

ssmTestData := "{\n\"username\": \"user\", \n\"password\": \"pass\"\n}"
ssmClientOutput := &ssm.GetParametersOutput{
InvalidParameters: []*string{},
Parameters: []*ssm.Parameter{
&ssm.Parameter{
Name: aws.String("test"),
Value: aws.String(ssmTestData),
},
cases := []struct {
Name string
CredentialsParameterARN string
CredentialsParameterName string
}{
{
Name: "TestRetrieveSSMCredentialsSimple",
CredentialsParameterARN: "arn:aws:ssm:us-west-2:123456789012:parameter/hello",
CredentialsParameterName: "/hello",
},
{
Name: "TestRetrieveSSMCredentialsPath",
CredentialsParameterARN: "arn:aws:ssm:us-west-2:123456789012:parameter/path1/path2/hello",
CredentialsParameterName: "/path1/path2/hello",
},
{
Name: "TestRetrieveSSMCredentialsSimpleWithParameter",
CredentialsParameterARN: "arn:aws:ssm:us-east-2:958991572715:parameter/parameter",
CredentialsParameterName: "/parameter",
},
{
Name: "TestRetrieveSSMCredentialsPathWithParameter",
CredentialsParameterARN: "arn:aws:ssm:us-east-2:958991572715:parameter/path1/path2/parameter",
CredentialsParameterName: "/path1/path2/parameter",
},
{
Name: "TestRetrieveSSMCredentialsPathWithParameter2",
CredentialsParameterARN: "arn:aws:ssm:us-east-2:958991572715:parameter/path1/parameter/hello",
CredentialsParameterName: "/path1/parameter/hello",
},
}

iamCredentials := credentials.IAMRoleCredentials{
CredentialsID: "test-cred-id",
for _, tc := range cases {
t.Run(tc.Name, func(t *testing.T) {
fv, _, ssmClientCreator, _, _, mockSSMClient, _, _ := setup(t)
credentialsParameterARN := tc.CredentialsParameterARN

ssmTestData := "{\n\"username\": \"user\", \n\"password\": \"pass\"\n}"
ssmClientOutput := &ssm.GetParametersOutput{
InvalidParameters: []*string{},
Parameters: []*ssm.Parameter{
&ssm.Parameter{
Name: aws.String(tc.CredentialsParameterName),
Value: aws.String(ssmTestData),
},
},
}

iamCredentials := credentials.IAMRoleCredentials{
CredentialsID: "test-cred-id",
}

gomock.InOrder(
ssmClientCreator.EXPECT().NewSSMClient(gomock.Any(), gomock.Any()).Return(mockSSMClient),
mockSSMClient.EXPECT().GetParameters(&ssm.GetParametersInput{
Names: []*string{&tc.CredentialsParameterName},
WithDecryption: aws.Bool(false),
}).Return(ssmClientOutput, nil).Times(1),
)

err := fv.retrieveSSMCredentials(credentialsParameterARN, iamCredentials)
assert.NoError(t, err)

credentials := fv.Credentials
assert.Equal(t, "user", credentials.Username)
assert.Equal(t, "pass", credentials.Password)
})
}

gomock.InOrder(
ssmClientCreator.EXPECT().NewSSMClient(gomock.Any(), gomock.Any()).Return(mockSSMClient),
mockSSMClient.EXPECT().GetParameters(gomock.Any()).Return(ssmClientOutput, nil).Times(1),
)

err := fv.retrieveSSMCredentials(credentialsParameterARN, iamCredentials)
assert.NoError(t, err)

credentials := fv.Credentials
assert.Equal(t, "user", credentials.Username)
assert.Equal(t, "pass", credentials.Password)
}

func TestRetrieveASMCredentials(t *testing.T) {
Expand Down Expand Up @@ -489,7 +528,7 @@ func TestCreateUnavailableLocalPath(t *testing.T) {
InvalidParameters: []*string{},
Parameters: []*ssm.Parameter{
&ssm.Parameter{
Name: aws.String("test"),
Name: aws.String("/test"),
Value: aws.String(ssmTestData),
},
},
Expand Down Expand Up @@ -574,7 +613,7 @@ func TestCreateSSM(t *testing.T) {
InvalidParameters: []*string{},
Parameters: []*ssm.Parameter{
&ssm.Parameter{
Name: aws.String("test"),
Name: aws.String("/test"),
Value: aws.String(ssmTestData),
},
},
Expand Down

0 comments on commit ad0fb37

Please sign in to comment.