aws / amazon-ec2-metadata-mock Goto Github PK

ec2-metadata-mock should support a trailing slash:

## CURRENT BEHAVIOR
$ curl localhost:1338/latest/meta-data/instance-type/
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>404 - Not Found</title>
 </head>
 <body>
  <h1>404 - Not Found</h1>
 </body>
</html>

## Without the trailing slash works fine
$ curl localhost:1338/latest/meta-data/instance-type
m4.xlarge

## SHOULD RETURN
$ ec2-metadata-mock -p 1338 &
$ curl localhost:1338/latest/meta-data/instance-type/
m4.xlarge

Also, when querying paths, ec2-metadata-mock should list the subpaths:

## CURRENT BEHAVIOR
$ ec2-metadata-mock -p 1338 &
$ curl localhost:1338/latest/meta-data/spot
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>404 - Not Found</title>
 </head>
 <body>
  <h1>404 - Not Found</h1>
 </body>
</html>

## SHOULD RETURN
$ curl localhost:1338/latest/meta-data/spot
instance-action
termination-time

Describe the bug
IAM security credentials do not contain realistic values for AccessKeyId and SecretAccessKey:

• AccessKeyId is missing the AKIA prefix and is too short.
• SecretAccessKey is too short

See https://github.com/aws/amazon-ec2-metadata-mock/blob/main/pkg/config/defaults/aemm-metadata-default-values.json#L135

Steps to reproduce
GET /latest/meta-data/iam/security-credentials/baskinc-role

Expected outcome

{
  "Code": "Success",
  "LastUpdated": "2020-04-02T18:50:40Z",
  "Type": "AWS-HMAC",
  "AccessKeyId": "AKIA1234567890ABCDEF",
  "SecretAccessKey": "v/12345678901abcdefghijklmnopqrstuvwxyzx",
  "Token": "TEST92test48TEST+y6RpoTEST92test48TEST/8oWVAiBqTEsT5Ky7ty2tEStxC1T==",
  "Expiration": "2020-04-02T00:49:51Z"
}

Application Logs
N/A

Environment

• AEMM Version: v1.11.2
• OS/Arch: linux/amd64
• Installation method: Docker

Hi,

I've try to run the mock on my spot server with aws-node-termination-handler and I successfully received the events coming from this mock.
However my problem is that the moment I've run the mock the pods on the spot terminate immediately and the cluster-autoscaler takes time to spin up a new spot so I left with downtime.
My question is how do I set up the mock to mark the spot as terminate and the termination-handler to move the pods prior to "evicting" them from the spot.

Is this how it will reflect on real termination? if so how should I configure the termination-handler to catch the event and drain only after spinning up the new pods?

Describe the bug
Server header is missing - EC2ws

Steps to reproduce
GET any endpoint and look at the header.

Expected outcome
It contains the header.

Similar to this issue from another project

jtblin/aws-mock-metadata#3

Hi team,

I am building a 'aws-glue' development environment in my local computer. When I build the dev environment, aws-glue needs dynamic data when I use amazon-ec2-metadata-mock to similar metadata service. Do you have plan to support dynamic data, such as '/latest/dynamic/instance-identity/document' in the future release?

NOTE: I already build my own patch in my fork.

@bwagner5 First of all thank you for introducing me AEMM. Please advise.

What is available with me ? I had to fix my kops cluster issues and now it's stable and it has been upgraded to the version where it supports this startergy. So you maybe reading it again I, apologize for that.

1. Spot instances as a kubernetes nodes are provisioned. I used spot Allocation: capacity optimized startergy.
2. Attached the IG's with the cluster auto scaler
3. aws-node-termination handler daemon set has been installed on the newly created spot nodes. I see the logs it has connected with the IMDVS2
4. Sample stateless web application deployed on the nodes and it's running
   What is needed?

Highly helpful if you could give me the list of commands to connect with the spot instance with this AEMM
1. On same name space I should install this AEMM or any name space is fine ? Should I install this on the non spot instance which I'm not using for this testing right ?
2. Command to connect a specific spot instance with AEMM?. So that my application will be migrated to the other spot instance which is available
3. Command to interrupt the spot request / instance?
3. How to check the spot interruption notice / any termination notice as such ?
4. End goal is that I should see the logs related to spot interruption and node draining of the spot and stateless application migration to other available nodes in the AWS node termination handler before it get's terminated if my understanding is correct.

https://github.com/aws/amazon-ec2-metadata-mock/blob/master/docs/usage.md

OS + Kernel: 5.6.8-1-MANJARO

What I Did

curl -Lo amazon-ec2-metadata-mock https://github.com/aws/amazon-ec2-metadata-mock/releases/download/latest/amazon-ec2-metadata-mock

sudo chmod +x amazon-ec2-metadata-mock

 ./amazon-ec2-metadata-mock
./amazon-ec2-metadata-mock: line 1: Not: command not found

Build directly from source worked

Describe the feature

I'm working on IMDS support for a project of mine, and I need a relatively faithful IMDS API to test it again. This project seems like it'll fit the bill, but running a CLI for the purpose seems overkill. I'd much rather have a simple test HTTP server I can fire up at the beginning of my unit tests.

I looked briefly at the code and it seems like there's a lot of setup involved. I naïvely tried this, but it's obviously not enough:

	cfg := config.Config{
		Server: config.Server{
			HostName: "localhost",
			Port:     "1338",
		},
	}
	go func() {
		root.Mock(cfg)
	}()

There seems to be a lot of global variables, which make it difficult for this kind of usage. It's probably not a huge amount of effort to refactor to be more modular, though.

Mostly I'm filing this issue to see if there's interest in making the necessary changes - otherwise I'll adapt!

Is the feature request related to a problem?

Describe alternatives you've considered

Installing the binary and using os.Exec to run it in the background - but there are downsides to this.

Describe the feature
It would be great to be able to install amazon-ec2-metatdata-mock from a chart repository to ease the install process.

Is the feature request related to a problem?
It is the standard to install hosted charts and not need to either download the release and unpack it or clone the repo to install it.

Describe alternatives you've considered
It can be cumbersome to install via the current approaches, and would make it much cleaner to have the chart hosted.

Describe the feature
When a config file is set on the command line, provide the ability watch the config file for changes and automatically reload the values without restarting the mock endpoint. In EC2 today several values changes over time when you retrieve data from the endpoints. This will allow testing when values changes similar to in AWS.

Is the feature request related to a problem?
The metadata endpoints can not be reloaded without a restart of the application when the config file is changed. Allowing values to change will align closer to AWS where certain values can change over time from the host.

Describe alternatives you've considered

Changing the config file and then exiting and restarting the mock service.

Describe the bug
The marketplaceProductCodes field in the instance identity document structure is typed as a string. This doesn't match the structure of the real document, in which it is a list of strings (as documented).

Steps to reproduce

1. Create a file overrides.json with the following contents:

{
	"dynamic": {
		"values": {
			"instance-identity-document": {
				"accountId": "123456789012",
				"architecture": "x86_64",
				"availabilityZone": "us-east-1a",
				"billingProducts": null,
				"devpayProductCodes": null,
				"marketplaceProductCodes": [
					"4i20ezfza3p7xx2kt2g8weu2u"
				],
				"imageId": "ami-02f471c4f805553d3",
				"instanceId": "i-048bcb15d2686eec7",
				"instanceType": "t2.nano",
				"kernelId": null,
				"pendingTime": "2022-06-23T06:21:55Z",
				"privateIp": "172.31.85.190",
				"ramdiskId": null,
				"region": "us-east-1",
				"version": "2017-09-30"
			}
		}
	}
}

2. Run ec2-metadata-mock -c overrides.json.

The program exits with an error message about the type of the marketplaceProductCodes field.

Expected outcome
The application starts up and serves the supplied instance identity document.

Application Logs

$ ec2-metadata-mock -c overrides.json 
Using configuration from file:  overrides.json
Error: Fatal error while attempting to load viper config: 1 error(s) decoding:

* 'dynamic.values.instance-identity-document.MarketplaceProductCodes' expected type 'string', got unconvertible type '[]interface {}', value: '[4i20ezfza3p7xx2kt2g8weu2u]'
Usage:
  ec2-metadata-mock <command> [arguments] [flags]
  ec2-metadata-mock [command]

Examples:
  ec2-metadata-mock --mock-delay-sec 10 mocks all metadata paths
  ec2-metadata-mock spot --action terminate     mocks spot ITN only

Available Commands:
  completion  generate the autocompletion script for the specified shell
  events      Mock EC2 maintenance events
  help        Help about any command
  spot        Mock EC2 Spot interruption notice

Flags:
  -c, --config-file string              config file for cli input parameters in json format (default: $HOME/aemm-config.json)
  -h, --help                            help for ec2-metadata-mock
  -n, --hostname string                 the HTTP hostname for the mock url (default: 0.0.0.0)
  -I, --imdsv2                          whether to enable IMDSv2 only, requiring a session token when submitting requests (default: false, meaning both IMDS v1 and v2 are enabled)
  -d, --mock-delay-sec int              spot itn delay in seconds, relative to the application start time (default: 0 seconds)
  -x, --mock-ip-count int               number of IPs in a cluster that can receive a Spot Interrupt Notice and/or Scheduled Event (default 2)
      --mock-trigger-time string        spot itn trigger time in RFC3339 format. This takes priority over mock-delay-sec (default: none)
  -p, --port string                     the HTTP port where the mock runs (default: 1338)
      --rebalance-delay-sec int         rebalance rec delay in seconds, relative to the application start time (default: 0 seconds)
      --rebalance-trigger-time string   rebalance rec trigger time in RFC3339 format. This takes priority over rebalance-delay-sec (default: none)
  -s, --save-config-to-file             whether to save processed config from all input sources in .ec2-metadata-mock/.aemm-config-used.json in $HOME or working dir, if homedir is not found (default: false)
  -v, --version                         version for ec2-metadata-mock

Use "ec2-metadata-mock [command] --help" for more information about a command.

panic: Fatal error while executing the root command: Fatal error while attempting to load viper config: 1 error(s) decoding:

* 'dynamic.values.instance-identity-document.MarketplaceProductCodes' expected type 'string', got unconvertible type '[]interface {}', value: '[4i20ezfza3p7xx2kt2g8weu2u]'

goroutine 1 [running]:
main.main()
        /amazon-ec2-metadata-mock/cmd/amazon-ec2-metadata-mock.go:25 +0x73

Environment

• AEMM Version: v1.10.1
• OS/Arch: macOS 11.6.2
• Installation method: Homebrew

Hello!

Resources block should be added to deployment and values file.

Describe the feature
A concise description of the feature and desired behavior.

Today, AEMM lists the dirs when curling paths:

curl 127.0.0.1:1338/latest/meta-data/network/interfaces/macs
0e:49:61:0f:c3:11/device-number
0e:49:61:0f:c3:11/interface-id
0e:49:61:0f:c3:11/ipv4-associations/192.0.2.54
0e:49:61:0f:c3:11/ipv6s
0e:49:61:0f:c3:11/local-hostname
0e:49:61:0f:c3:11/local-ipv4s
0e:49:61:0f:c3:11/mac
0e:49:61:0f:c3:11/network-card-index
0e:49:61:0f:c3:11/owner-id
0e:49:61:0f:c3:11/public-hostname
0e:49:61:0f:c3:11/public-ipv4s
0e:49:61:0f:c3:11/security-group-ids
0e:49:61:0f:c3:11/security-groups
0e:49:61:0f:c3:11/subnet-id
0e:49:61:0f:c3:11/subnet-ipv4-cidr-block
0e:49:61:0f:c3:11/subnet-ipv6-cidr-blocks
0e:49:61:0f:c3:11/vpc-id
0e:49:61:0f:c3:11/vpc-ipv4-cidr-block/
0e:49:61:0f:c3:11/vpc-ipv6-cidr-blocks%

The real IMDS does not list dirs:

curl 169.254.169.254/latest/meta-data/network/interfaces/macs
0e:49:61:0f:c3:11

Since AEMM is a mock of IMDS, it should closely resemble the actual service responses.

Is the feature request related to a problem?
A description of what the problem is. For example: I'm frustrated when [...]

When using IMDS in the amazon-eks-ami repo as a testing tool, we ran into this discrepancy:
https://github.com/awslabs/amazon-eks-ami/pull/931/files#diff-049390d14bc3ea2d7882ff0f108e2802ad9b043336c5fa637e93581d9a7fdfc2R399

Describe alternatives you've considered
A description of any alternative solutions or features you've considered.

We've added more text processing to work with both AEMM and the real IMDS, but that extra code is not desirable.

Describe the feature
A concise description of the feature and desired behavior.

AL2 dumps all the metadata to a file on the instance which is useful for looking at what's available globally or for quick access without having to use HTTP (or for when the metadata endpoint is restricted).

It would be useful to be able to generate this file with ec2-metadata-mock.

$ cat  /run/cloud-init/instance-data.json
{
 "base64_encoded_keys": [],
 "ds": {
  "_doc": "EXPERIMENTAL: The structure and format of content scoped under the 'ds' key may change in subsequent releases of cloud-init.",
  "_metadata_api_version": "2016-09-02",
  "dynamic": {
   "instance-identity": {
    "document": {
     "accountId": "xxxxxxxxxxxxxxxxx",
     "architecture": "x86_64",
     "availabilityZone": "us-west-2c",
     "billingProducts": null,
     "devpayProductCodes": null,
     "imageId": "ami-03af6523db112033e",
     "instanceId": "i-019f3238ddb9db5c1",
     "instanceType": "m5.4xlarge",
     "kernelId": null,
     "marketplaceProductCodes": null,
     "pendingTime": "2022-04-27T17:56:39Z",
     "privateIp": "192.168.8.35",
     "ramdiskId": null,
     "region": "us-west-2",
     "version": "2017-09-30"
    },
    "pkcs7": [
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    ],
    "rsa2048": [
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    ],
    "signature": [
     "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    ]
   }
  },
  "meta-data": {
   "ami-id": "ami-03af6523db112033e",
   "ami-launch-index": "0",
   "ami-manifest-path": "(unknown)",
   "block-device-mapping": {
    "ami": "xvda",
    "root": "/dev/xvda"
   },
   "hostname": "ip-192-168-8-35.us-west-2.compute.internal",
   "iam": {
    "info": {
     "Code": "Success",
     "InstanceProfileArn": "arn:aws:iam::xxxxxxxxxxxx:instance-profile/xxxxxxxxxxxxxxxxx",
     "InstanceProfileId": "xxxxxxxxxxxxxxxxxxxxxxxx",
     "LastUpdated": "2022-04-27T17:56:40Z"
    }
   },
   "instance-action": "none",
   "instance-id": "i-019f3238ddb9db5c1",
   "instance-type": "m5.4xlarge",
   "local-hostname": "ip-192-168-8-35.us-west-2.compute.internal",
   "local-ipv4": "192.168.8.35",
   "mac": "xxxxxxxxxxxxxxxx",
   "metrics": {
    "vhostmd": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
   },
   "network": {
    "interfaces": {
     "macs": {
      "xxxxxxxxxxxxx": {
       "device-number": "0",
       "interface-id": "eni-xxxxxxxxxxxxxx",
       "ipv4-associations": {
        "xxxxxxxxxxxxxxx": "192.168.8.35"
       },
       "local-hostname": "ip-192-168-8-35.us-west-2.compute.internal",
       "local-ipv4s": "192.168.8.35",
       "mac": "xxxxxxxxxxxxx",
       "owner-id": "xxxxxxxxxxxxxx",
       "public-hostname": "ec2-xxxxxxxxx.us-west-2.compute.amazonaws.com",
       "public-ipv4s": "xxxxxxxxxxxxxxxxx",
       "security-group-ids": "xxxxxxxxxxxxxxxxxx",
       "security-groups": "xxxxxxxxxxxxxxxxxxxxxxxxx",
       "subnet-id": "subnet-0e1c2770e9430751e",
       "subnet-ipv4-cidr-block": "192.168.0.0/19",
       "vpc-id": "vpc-02e676af1f39c5f08",
       "vpc-ipv4-cidr-block": "192.168.0.0/16",
       "vpc-ipv4-cidr-blocks": "192.168.0.0/16"
      }
     }
    }
   },
   "placement": {
    "availability-zone": "us-west-2c"
   },
   "profile": "default-hvm",
   "public-hostname": "ec2-xxxxxxxxxxxxxxx.us-west-2.compute.amazonaws.com",
   "public-ipv4": "xxxxxxxxxxxx,
   "reservation-id": "r-067e0510e77dcf3d6",
   "security-groups": "xxxxxxxxxxxxxxxx",
   "services": {
    "domain": "amazonaws.com",
    "partition": "aws"
   }
  }
 },
 "sensitive_keys": [],
 "v1": {
  "_beta_keys": [
   "subplatform"
  ],
  "availability-zone": "us-west-2c",
  "availability_zone": "us-west-2c",
  "cloud-name": "aws",
  "cloud_name": "aws",
  "instance-id": "i-019f3238ddb9db5c1",
  "instance_id": "i-019f3238ddb9db5c1",
  "local-hostname": "ip-192-168-8-35",
  "local_hostname": "ip-192-168-8-35",
  "platform": "ec2",
  "public_ssh_keys": [],
  "region": "us-west-2",
  "subplatform": "metadata (http://169.254.169.254)"
 }
}

Is the feature request related to a problem?
A description of what the problem is. For example: I'm frustrated when [...]

It may be desirable to rely on this file instead of using an HTTP client to receive metadata for various reasons. So making it easier to test with this file is useful.

Describe alternatives you've considered
A description of any alternative solutions or features you've considered.

Could construct this manually, but it's a pain.

Describe the bug
A concise description of what the bug is.

I am trying to add a new tag by using the config override option as follows:

ec2-overrides.json

{
  "paths": {
    "tags-instance-supercooltest": "/latest/meta-data/tags/instance/supercooltest"
  },
  "metadata": {
    "values": {
      "tags-instance-supercooltest": "supercoolvalue"
    }
  }
}

However when i hit http://localhost:1338/latest/meta-data/tags/instance i still only see:

Name
Test

which is the default behavior

Steps to reproduce
create a .json file as specified above and use that file with the -c flag:

ec2-metadata-mock -c /path/to/file/ec2-overrides.json

then hit the endpoint that returns all tags: http://localhost:1338/latest/meta-data/tags/instance

Expected outcome
A concise description of what you expected to happen.

I would expect a new tag to be added to the mock data when hitting /latest/meta-data/tags/instance so the response would look like:

Name
Test
Supercooltest

and then hitting /latest/meta-data/tags/instance/Supercooltest I would receive supercoolvalue as the response

I know that my override file is being used as i am able to change the ami-id using my .json file

Environment

• AEMM Version: 1.11.2
• OS/Arch: macOS Ventura 13.2.1 (M1 Chip)
• Installation method: Brew

Describe the feature
It would be great if the mock could simulate the optional inclusion of instances tags within the returned metadata. To ensure backwards compatibility, the proposal would be to include a flag for omitting the inclusion of instance tags, --exclude-instance-tags. In doing so, the mock would need to respond in the same way as the real IMDS service by returning a 404 upon any request to the /tags instance category.

Bizarrely if you curl IMDS using the /tags/instance path, you get a 200 and a blank response. So I guess this behaviour will need to be also mimicked.

Is the feature request related to a problem?
It is an enhancement to better align the mock with the real IMDS service. It also expands the possible testing use cases

Describe alternatives you've considered
Alternative solutions for me would be to use a hybrid approach in my testing, which is cumbersome.

Describe the feature
This mock could be provided in a form of a Java library so that integration tests for Java applications could easily use it.

Is the feature request related to a problem?
The problem is that if there is no way to install this software on the test workers that makes it difficult to use

is there a plan to support for /meta-data/instance-life-cycle?

Describe the feature
When configuring IMDS, users are able to specify a PUT response hop limit for instance metadata requests. AEMM should be able to do the same.

Is the feature request related to a problem?
N/A

Describe alternatives you've considered
N/A, want to align AEMM as close to IMDS as possible

Describe the bug
The real http://169.254.169.254/latest/meta-data/iam/security-credentials/instant-launch endpoint returns an HTTP response with header Content-Type: text/plain but this mock docker container returns with header Content-Type: application/json. This makes the docker container non-representative of actual AWS EC2 metadata endpoint behavior, and causes problems with some libraries that expect JSON objects to be returned with Content-Type: application/json.

Steps to reproduce
On an EC2 instance:

$ export TOKEN=`curl -XPUT -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" http://169.254.169.254/latest/api/token`
$ export ROLE_NAME=`curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/iam/security-credentials/`
$ curl -s -vvv -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/iam/security-credentials/$ROLE_NAME 2>&1 | grep 'Content-Type'
< Content-Type: text/plain
$

Against this docker container running at localhost:1339:

$ export TOKEN=`curl -XPUT -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" http://localhost:1339/latest/api/token`
$ export ROLE_NAME=`curl -H "X-aws-ec2-metadata-token: $TOKEN" http://localhost:1339/latest/meta-data/iam/security-credentials/`
$  curl -s -vvv -H "X-aws-ec2-metadata-token: $TOKEN" http://localhost:1339/latest/meta-data/iam/security-credentials/$ROLE_NAME 2>&1 | grep 'Content-Type'
< Content-Type: application/json
$

Expected outcome
The second sequence of curl requests above should result in Content-Type: text/plain instead of Content-Type: application/json

Environment

• AEMM Version: docker container aws-ec2/amazon-ec2-metadata-mock:v1.11.2
• OS/Arch: Mac OS X
• Installation method: docker run

flags: -p 1339 -I -c /aemm-config-overrides.json

And that file's contents:

{
  "metadata": {
    "paths": {
      "placement-availability-zone": "/latest/meta-data/placement/availability-zone"
    },
    "values": {
      "placement-availability-zone": "us-west-1c"
    }
  }
}

Environment

Kubernetes:
cli: Major:"1", Minor:"18", GitVersion:"v1.18.3"
server: Major:"1", Minor:"16+"

Tool:
amazon-ec2-metadata-mock:v0.9.4

Steps to reproduce it

1. Download yaml file: https://github.com/aws/amazon-ec2-metadata-mock/releases/download/v0.9.4/all-resources.yaml
2. Change configuration for DaemonSet as follows:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: amazon-ec2-metadata-mock
  # namespace: kube-system
  labels:
    app.kubernetes.io/name: amazon-ec2-metadata-mock
    app.kubernetes.io/instance: amazon-ec2-metadata-mock
    app.kubernetes.io/version: "v0.9.4"
spec:
  updateStrategy:
    type: RollingUpdate
  selector:
    matchLabels:
      app.kubernetes.io/name: amazon-ec2-metadata-mock
      app.kubernetes.io/instance: amazon-ec2-metadata-mock
  template:
    metadata:
      labels:
        app.kubernetes.io/name: amazon-ec2-metadata-mock
        app.kubernetes.io/instance: amazon-ec2-metadata-mock
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: "beta.kubernetes.io/os"
                operator: In
                values:
                - linux
              - key: "beta.kubernetes.io/arch"
                operator: In
                values:
                - amd64
                - arm
                - arm64
      serviceAccountName: amazon-ec2-metadata-mock-service-account
      hostNetwork: false # turn off host network to prevent undesired exposure of AEMM web server
      containers:
      - name: amazon-ec2-metadata-mock
        image: amazon/amazon-ec2-metadata-mock:v0.9.4
        imagePullPolicy: IfNotPresent
        securityContext:
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 1000
          runAsGroup: 1000
          allowPrivilegeEscalation: false
        args:
          - -c /var/mocks/aemm-config.json
        volumeMounts:
          - name: mocks
            mountPath: /var/mocks
      volumes:
      - name: mocks
        configMap:
          name: aemm-config

3. Apply all resources using kubectl apply -f ...

Observed result

2020/06/18 20:50:04 Error while attempting to apply overrides from  /var/mocks/aemm-config.json: open  /var/mocks/aemm-config.json: no such file or directory

For the purposes of testing an application relying on the IMDS metadata service, I'd like to be able to serve valid AWS credentials via the mocked IMDS.

I'd love to have documentation for how to translate ~/.aws/credentials into the relevant pieces of the mock configuration, or better yet, an option to serve up a particular profile from those credentials as the mocked data.

Any reason why userdata isn't supported? Or are pull-requests welcome for this type of thing?

Hi i would like to ask whether is there any way how to pass null value in some of property by env variable such as AEMM_METADATA_VALUES_IAM_SECURITY_CREDENTIALS_TOKEN: null or maybe like AEMM_METADATA_VALUES_IAM_SECURITY_CREDENTIALS: '{"Code":"Success"","LastUpdated":"2020-04-02T18:50:40Z","Type":"AWS-HMAC","AccessKeyId":"MY_ACCESS_KEY","SecretAccessKey":"MY_SECRET_KEY","Token":null,"Expiration":"2040-04-02T00:49:51Z"}"'.
In my case it's still overriden by default values from the code, or in case of passing the whole json content i cannot obtain the specified values, they're empty.
Thank you a lot for any hint/workaround.

Issue

• Users should be able to simulate a 404 on Rebalance Rec until it becomes available
  • this functionality already exists for Spot ITN using mock-delay-sec or mock-trigger-time
• The only way to get 404 response on Rebalance path today is by starting with events subcmd

Desired State

• Users can start AEMM so that RebalanceRec path returns 404, then it eventually returns valid response to simulate an instance "receiving" the Rebalance notice

Working on a PR for adding userdata. We were talking about the formatting of userdata as it can be multi-line. Base64 was suggested.

Describe the bug
Running the image from public.ecr.aws is failing whereas the image from docker.hub is not

Steps to reproduce
docker run -it --rm -p 1338:1338 public.ecr.aws/aws-ec2/amazon-ec2-metadata-mock:v1.9.2

Expected outcome

v1.9.2: Pulling from public.ecr.aws/aws-ec2/amazon-ec2-metadata-mock
9b21e7244c2b: Pull complete 
7b397a0afc4e: Pull complete 
Digest: sha256:55cc3b9fb46d7e30aec202fc8ccab5391f7f9fc7169ae7dc726aae82562d61c4
Status: Downloaded newer image for amazon/amazon-ec2-metadata-mock:v1.9.2
2021/11/18 14:08:58 Warning:  Config File "aemm-config" Not Found in "[/]"
2021/11/18 14:08:58 Initiating ec2-metadata-mock for all mocks on port 1338

Application Logs

docker run -it --rm -p 1338:1338 public.ecr.aws/aws-ec2/amazon-ec2-metadata-mock:v1.9.2
standard_init_linux.go:228: exec user process caused: exec format error

Environment

• OS/Arch: Amazon Linux release 2 (Karoo) / 4.14.252-195.483.amzn2.x86_64

Does userdata need to be registered, in this function?

It seems like things work without it, what does this function do exactly? Is it actually needed?

Describe the feature
Get the instance tags for an instance via IMDS is live and AEMM should be updated to support this new path

Is the feature request related to a problem?
N/A

Describe alternatives you've considered
N/A