From 05e4ff2ab3e160e29f4075fbb80fd74774fea18a Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Mon, 9 Sep 2024 06:46:30 -0700 Subject: [PATCH] Support AWS_ENDPOINT_URL_STS environment variable (#724) As described in https://docs.aws.amazon.com/sdkref/latest/guide/ss-endpoints-table.html, the STS endpoint can be configured with the AWS_ENDPOINT_URL_STS environment variable. This might be necessary for users of Amazon Secret Cloud (https://aws.amazon.com/federal/secret-cloud/), for example. --- lib/fog/aws/credential_fetcher.rb | 4 +++- tests/credentials_tests.rb | 14 ++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/lib/fog/aws/credential_fetcher.rb b/lib/fog/aws/credential_fetcher.rb index c39fd3b11..95f98795e 100644 --- a/lib/fog/aws/credential_fetcher.rb +++ b/lib/fog/aws/credential_fetcher.rb @@ -56,7 +56,9 @@ def fetch_credentials(options) } sts_endpoint = - if ENV["AWS_STS_REGIONAL_ENDPOINTS"] == "regional" && region + if ENV["AWS_ENDPOINT_URL_STS"] + ENV["AWS_ENDPOINT_URL_STS"] + elsif ENV["AWS_STS_REGIONAL_ENDPOINTS"] == "regional" && region "https://sts.#{region}.amazonaws.com" else "https://sts.amazonaws.com" diff --git a/tests/credentials_tests.rb b/tests/credentials_tests.rb index e40722f8c..d9fa200ee 100644 --- a/tests/credentials_tests.rb +++ b/tests/credentials_tests.rb @@ -202,6 +202,20 @@ ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true) } end + ENV["AWS_ENDPOINT_URL_STS"] = "https://my-special-sts.amazonaws.com" + + tests('#fetch_credentials with global STS endpoint set in env') do + returns( + aws_access_key_id: 'dummykey', + aws_secret_access_key: 'dummysecret', + aws_session_token: 'dummytoken', + region: 'us-west-1', + sts_endpoint: "https://my-special-sts.amazonaws.com", + aws_credentials_expire_at: expires_at + ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true) } + end + + ENV["AWS_ENDPOINT_URL_STS"] = nil ENV["AWS_STS_REGIONAL_ENDPOINTS"] = nil ENV["AWS_DEFAULT_REGION"] = nil ENV["AWS_REGION"] = nil