purpleclay / imds-mock Goto Github PK

Describe your feature

Provide documentation for imds-mock using Mkdocs Material.

Your potential solution

Generated documentation should adopt the same theme used across over PurpleClay projects.

Any additional information?

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Describe your feature

Typically a spot instance will be interrupted at an unknown interval. To help simulate this behaviour, introduce a new flag that allows the spot behaviour to be configured by an event that will be raised at a specified duration after the mock launch.

Your potential solution

Introduce a new flag --spot-action terminate=2m that will allow the type of spot action to be configured with a duration to raise the relevant event and change the data returned.

Any additional information?

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Describe your feature

The gin framework uses its own logging style, which can produce inconsistent log output from the container. Consolidate a single structured logging approach.

Your potential solution

Switch to using Zap. Zap can be incorporated within middleware directly for logging requests and can also be used ad-hoc at key points within the mock

Any additional information?

https://github.com/gin-contrib/zap

Code of Conduct

• I agree to follow this project's Code of Conduct

Describe your feature

The IMDS mock has a built-in cache for caching responses by instance category path. The cache is only invalidated if the mock is terminated and restarted. This functionality doesn't support more advanced functionality such as spot simulation when events are raised.

Your potential solution

Add support for invalidating the cache at a given path.

Any additional information?

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

What happened?

When strict IMDSv2 is enabled, all of the endpoints are protected through the Gin middleware. The token endpoint should not be protected.

Steps to reproduce it

1. Launch the mock in strict IMDSv2 mode: imds-mock --imdsv2
2. Attempt to generate a new session token by: PUT http://localhost:1338/latest/api/token -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"
3. A 401 is returned instead of the expected token

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
    <title>401 - Unauthorized</title>
  </head>
  <body>
    <h1>401 - Unauthorized</h1>
  </body>
</html>

Which version?

v0.3.0

Which operating system(s) are you using?

All

Code of Conduct

• I agree to follow this project's Code of Conduct

Describe your feature

IMDS supports the inclusion of EC2 instance tags. Once enabled, all tags are exposed through the tags/instance category path. Expose a default Name tag for the mock EC2.

Your potential solution

Add an --include-instance-tags flag to toggle the inclusion of EC2 tags within the IMDS mock. Patch the existing JSON with a default Name tag

Any additional information?

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Describe your feature

By default, the imds-mock will start on port 1338. This should be configurable.

Your potential solution

Provide a flag for overriding the default port. Include the provided port in the serving options and pass to Gin on startup of the service.

Any additional information?

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Describe your feature

Improve the efficiency of the mock by caching responses for each given metadata category path.

Your potential solution

The data returned by the mock is static and won't change once started. So remove the need to reprocess the JSON response every time by caching the output of each request. This can just be stored in memory with a simple map lookup.

Any additional information?

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Describe your feature

Allow a configurable set of tags to be included within the IMDS mock response.

Your potential solution

Add a new flag called --instance-tags that can be used to provide a key/value list of tags to include in the mocked response. Basic validation is required to ensure the tags conform to the expected specification.

Any additional information?

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

What happened?

The imds-mock is incorrectly treating the iam/security-credentials/ssm-access instance category as a parent category and returning all JSON fields as queryable paths:

Code
LastUpdated
Type
AccessKeyId
SecretAccessKey
Token
Expiration

It should be returning it as compact JSON.

Steps to reproduce it

1. Launch the mock
2. Curl the following instance category: iam/security-credentials/ssm-access

Which version?

v0.3.0

Which operating system(s) are you using?

All

Code of Conduct

• I agree to follow this project's Code of Conduct

Describe your feature

Create a new mock server that responds with a predefined JSON response that mirrors that of a the IMDS service on an EC2

Your potential solution

Respond to all available instance categories by path. If an invalid path is provided, the mock should respond with the exact same error code and response message as the IMDS service

Any additional information?

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Describe your feature

Enable Gin release mode by default within the published container.

Your potential solution

The environment variable GIN_MODE=release can be used to enable release mode. Include this within the Dockerfile. When the container is started, debug mode can be re-enabled on an ad-hoc basis if needed.

Any additional information?

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Describe your feature

Use Gin middleware to control the pretty printing of JSON output for supported categories. By default any JSON string will be returned in a compact format

Your potential solution

Include an additional flag to control the use of Gin middleware. A flag such as --pretty could be used and exposed through Cobra as a global flag. This should be passed into IMDS mock through the existing startup options.

Any additional information?

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Describe your feature

The IMDS service comes in two flavours, V1 and V2. By default, an EC2 can access IMDS using either. This behaviour needs to be replicated.

It is also possible to explicitly enable V2-only support.

Your potential solution

Support the generation and verification of an IMDS session token across all endpoints. Once a token is generated, it should last for 6 hours. Subsequent requests should check the token's validity and reject the request as required.

Once explicit IMDS v2 mode is enabled, only token-based requests will work.

Any additional information?

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

Code of Conduct

• I agree to follow this project's Code of Conduct

Describe your feature

The IMDS service exposes additional metadata categories for a spot EC2 instance. These are exposed through the following categories:

• spot/instance-action
• spot/termination-time
• events/recommendations/rebalance

Support a feature flag to dynamically change the mock to simulate an EC2 spot instance upon startup.

Your potential solution

Introduce a new flag --spot that will trigger the IMDS mock to patch the base JSON file upon startup, exposing the relevant categories required to simulate a spot instance.

The above instance categories are event-driven, and the events are not necessarily delivered in a uniform fashion. Expose an additional flag --spot-action terminate=2m that can trigger a spot action using a configurable delay.

Any additional information?

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-instance-termination-notices.html#instance-action-metadata
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/rebalance-recommendations.html

Code of Conduct

• I agree to follow this project's Code of Conduct