Skip to content

fix metadata (IMDSv2) in EBS driver #1372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

fix metadata (IMDSv2) in EBS driver #1372

wants to merge 5 commits into from
+102,971 −4,343,481

Conversation

nbryant42
Copy link

@nbryant42 nbryant42 commented Nov 25, 2022
edited
Loading

Fixes #1371 which is important because IMDSv2 is the new security best practice and is starting to become required for compliance with SOC2 etc.

Also migrates from the deprecated and broken dep vendoring tool to go mod.

I have gone to great lengths to ensure that all package versions remain the same as they were under dep. All versions are as they used to be, except for aws-sdk-go, which I obviously had to upgrade slightly. go mod ignores transitive test dependencies, so there are a lot of deletions under vendor/, but these are only deletions of packages that are unnecessary for the build, with the obvious exception of awk-sdk-go and its dependencies.

Note that go.mod contains a replace statement to force the x/sys version to downgrade to the same version that was used under dep, to prevent go mod tidy from upgrading it. I don't know why go mod tidy wants to upgrade it, presumably some quirk of the minimum version selection algorithm when importing repos that lack a go.mod. This is the only package where I had to resort to any such shenanigans (the other replace statements were migrated from the previous setup.) It's probably pretty low risk to allow this package to upgrade, but I wanted to keep the versions completely consistent unless the maintainers of this repo would prefer otherwise.

@CLAassistant
Copy link

CLAassistant commented Nov 25, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@nbryant42 nbryant42 mentioned this pull request Nov 25, 2022
Open
@rmccarthy-ellevation
Copy link

Any chance we can get this merged?

@romed
Copy link

romed commented May 7, 2024

This probably also fixes #1255

This was referenced Jan 10, 2025
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rixwan-sharif rixwan-sharif rixwan-sharif approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

rexray/ebs plugin is not working with EC2 metadata version 2
5 participants
@nbryant42 @CLAassistant @rmccarthy-ellevation @romed @rixwan-sharif
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy