Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CN-714] Add support of IMDSv2 for AWS Discovery plugin #23545

Merged
merged 1 commit into from
Feb 6, 2023
Merged

[CN-714] Add support of IMDSv2 for AWS Discovery plugin #23545

merged 1 commit into from
Feb 6, 2023

Conversation

dzeromski-hazelcast
Copy link
Contributor

@dzeromski-hazelcast dzeromski-hazelcast commented Feb 2, 2023
edited by hasancelik

Before making requests to metadata service we now try to get token using /latest/api/token endpoint.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

Checklist:

  • Labels (Team:, Type:, Source:, Module:) and Milestone set
  • Label Add to Release Notes or Not Release Notes content set
  • Request reviewers if possible
  • Send backports/forwardports if fix needs to be applied to past/future releases
  • New public APIs have @Nonnull/@Nullable annotations
  • New public APIs have @since tags in Javadoc

@hasancelik
Copy link
Contributor

fixes hazelcast/hazelcast-aws#240

@hasancelik hasancelik added this to the 5.3.0 milestone Feb 2, 2023
hasancelik
hasancelik reviewed Feb 2, 2023
View reviewed changes
Copy link
Contributor

@hasancelik hasancelik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if the IMDSv2 endpoint is not reachable in the user's environment? Do we continue to support IMDSv1?

@dzeromski-hazelcast
Copy link
Contributor Author

What if the IMDSv2 endpoint is not reachable in the user's environment? Do we continue to support IMDSv1?

Yes. IMDSv1 is a legacy mode that can be disabled. IMDSv2 is always enabled.

Good explanation:

http_tokens - (Optional) Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. Defaults to optional.

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#http_tokens

@hasancelik
Copy link
Contributor

Yes. IMDSv1 is a legacy mode that can be disabled. IMDSv2 is always enabled.

Then why we are keeping IMDSv1-related code?

@dzeromski-hazelcast
Copy link
Contributor Author

Yes. IMDSv1 is a legacy mode that can be disabled. IMDSv2 is always enabled.

Then why we are keeping IMDSv1-related code?

Not sure I understand. IMDSv2 is a superset of IMDSv1. Could you point me to code you were refering?

@SeriyBg
Copy link
Contributor

SeriyBg commented Feb 3, 2023

Yes. IMDSv1 is a legacy mode that can be disabled. IMDSv2 is always enabled.

Then why we are keeping IMDSv1-related code?

Not sure I understand. IMDSv2 is a superset of IMDSv1. Could you point me to code you were refering?

I guess it's just a misunderstanding of what the IMDSv2. @hasancelik, for the IMDSv2, we don't use the new endpoints; there are just the same endpoints; the only difference is that all the requests must contain a token, thus all the code used for IMDSv1 will also be used with IMDSv2

@hasancelik
Copy link
Contributor

Yes. IMDSv1 is a legacy mode that can be disabled. IMDSv2 is always enabled.

Then why we are keeping IMDSv1-related code?

Not sure I understand. IMDSv2 is a superset of IMDSv1. Could you point me to code you were refering?

I guess it's just a misunderstanding of what the IMDSv2. @hasancelik, for the IMDSv2, we don't use the new endpoints; there are just the same endpoints; the only difference is that all the requests must contain a token, thus all the code used for IMDSv1 will also be used with IMDSv2

I see, thanks for the explanation guys 👍 🙂

@dzeromski-hazelcast dzeromski-hazelcast merged commit d606d82 into hazelcast:master Feb 6, 2023
dzeromski-hazelcast added a commit to dzeromski-hazelcast/hazelcast that referenced this pull request Feb 6, 2023
@dzeromski-hazelcast
[CN-714] Add support of IMDSv2 for AWS Discovery plugin [5.1.z] (haze…
a731e87 
…lcast#23545)

Before making requests to metadata service we now try to get token using
`/latest/api/token` endpoint.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

Backport: hazelcast#23545
@dzeromski-hazelcast dzeromski-hazelcast mentioned this pull request Feb 6, 2023
Merged
6 tasks
dzeromski-hazelcast added a commit to dzeromski-hazelcast/hazelcast that referenced this pull request Feb 6, 2023
@dzeromski-hazelcast
[CN-714] Add support of IMDSv2 for AWS Discovery plugin [5.2.z] (haze…
26ba29f 
…lcast#23545)

Before making requests to metadata service we now try to get token using
`/latest/api/token` endpoint.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

Backport: hazelcast#23545
dzeromski-hazelcast added a commit that referenced this pull request Feb 6, 2023
@dzeromski-hazelcast
[CN-714] Add support of IMDSv2 for AWS Discovery plugin (#23591)
852f83d 
Before making requests to metadata service we now try to get token using
`/latest/api/token` endpoint.


https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

Backport: #23545

Checklist:
- [x] Labels (`Team:`, `Type:`, `Source:`, `Module:`) and Milestone set
- [x] Label `Add to Release Notes` or `Not Release Notes content` set
- [x] Request reviewers if possible
- [ ] Send backports/forwardports if fix needs to be applied to
past/future releases
- [ ] New public APIs have `@Nonnull/@Nullable` annotations
- [ ] New public APIs have `@since` tags in Javadoc
dzeromski-hazelcast added a commit to dzeromski-hazelcast/hazelcast that referenced this pull request Feb 6, 2023
@dzeromski-hazelcast
[CN-714] Add support of IMDSv2 for AWS Discovery plugin (hazelcast#23545
5a0689c 
)

Before making requests to metadata service we now try to get token using
`/latest/api/token` endpoint.


https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

Checklist:
- [x] Labels (`Team:`, `Type:`, `Source:`, `Module:`) and Milestone set
- [x] Label `Add to Release Notes` or `Not Release Notes content` set
- [x] Request reviewers if possible
- [ ] Send backports/forwardports if fix needs to be applied to
past/future releases
- [ ] New public APIs have `@Nonnull/@Nullable` annotations
- [ ] New public APIs have `@since` tags in Javadoc
@dzeromski-hazelcast dzeromski-hazelcast mentioned this pull request Feb 6, 2023
Merged
4 tasks
dzeromski-hazelcast added a commit to dzeromski-hazelcast/hazelcast that referenced this pull request Feb 8, 2023
@dzeromski-hazelcast
[CN-714] Add support of IMDSv2 for AWS Discovery plugin (hazelcast#23545
bed3d16 
)

Before making requests to metadata service we now try to get token using
`/latest/api/token` endpoint.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
@dzeromski-hazelcast dzeromski-hazelcast mentioned this pull request Feb 8, 2023
Merged
4 tasks
dzeromski-hazelcast added a commit that referenced this pull request Feb 8, 2023
@dzeromski-hazelcast
[CN-714] Add support of IMDSv2 for AWS Discovery plugin (#23545) (#23594
dea7766 
)

Before making requests to metadata service we now try to get token using
`/latest/api/token` endpoint.


https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

Backport: #23545

Checklist:
- [x] Labels (`Team:`, `Type:`, `Source:`, `Module:`) and Milestone set
- [x] Label `Add to Release Notes` or `Not Release Notes content` set
- [x] Request reviewers if possible
- [x] Send backports/forwardports if fix needs to be applied to
past/future releases
dzeromski-hazelcast added a commit that referenced this pull request Feb 9, 2023
@dzeromski-hazelcast
[CN-714] Add support of IMDSv2 for AWS Discovery plugin (#23545) (#23606
45fcafc 
)

Before making requests to metadata service we now try to get token using
`/latest/api/token` endpoint.


https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

Backport: #23545

Checklist:
- [x] Labels (`Team:`, `Type:`, `Source:`, `Module:`) and Milestone set
- [x] Label `Add to Release Notes` or `Not Release Notes content` set
- [x] Request reviewers if possible
- [x] Send backports/forwardports if fix needs to be applied to
past/future releases
@hasancelik hasancelik mentioned this pull request Aug 18, 2023
Closed
@UdeshAthukorala
Copy link

Hi all,

Are you going to provide support of IMDSv2 for AWS Discovery plugin for hazelcast IMDG[1] product too? In the release notes I saw that this is only added to the hazelecast platform product[2].

[1] https://docs.hazelcast.com/imdg/4.2/
[2] https://docs.hazelcast.com/hazelcast/5.2/release-notes/5-2-2#enhancements

@UdeshAthukorala UdeshAthukorala mentioned this pull request Sep 8, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SeriyBg SeriyBg SeriyBg approved these changes

@hasancelik hasancelik hasancelik approved these changes

Assignees
No one assigned
Labels
Add to Release Notes Module: Discovery SPI Source: Internal PR or issue was opened by an employee Team: Cloud Native Type: Enhancement
Projects
None yet
Milestone
5.3.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@dzeromski-hazelcast @hasancelik @SeriyBg @UdeshAthukorala