diff --git a/src/auth/awsclient.ts b/src/auth/awsclient.ts index 80911bb5..78575e07 100644 --- a/src/auth/awsclient.ts +++ b/src/auth/awsclient.ts @@ -103,7 +103,6 @@ export class AwsClient extends BaseExternalAccountClient { // Data validators. this.validateEnvironmentId(); - this.validateMetadataServerURLs(); } private validateEnvironmentId() { @@ -117,29 +116,6 @@ export class AwsClient extends BaseExternalAccountClient { } } - private validateMetadataServerURLs() { - this.validateMetadataURL(this.regionUrl, 'region_url'); - this.validateMetadataURL(this.securityCredentialsUrl, 'url'); - this.validateMetadataURL( - this.imdsV2SessionTokenUrl, - 'imdsv2_session_token_url' - ); - } - - private validateMetadataURL(value?: string, prop?: string) { - if (!value) return; - const url = new URL(value); - - if ( - url.hostname !== AwsClient.AWS_EC2_METADATA_IPV4_ADDRESS && - url.hostname !== `[${AwsClient.AWS_EC2_METADATA_IPV6_ADDRESS}]` - ) { - throw new RangeError( - `Invalid host "${url.hostname}" for "${prop}". Expecting ${AwsClient.AWS_EC2_METADATA_IPV4_ADDRESS} or ${AwsClient.AWS_EC2_METADATA_IPV6_ADDRESS}.` - ); - } - } - /** * Triggered when an external subject token is needed to be exchanged for a * GCP access token via GCP STS endpoint. diff --git a/test/test.awsclient.ts b/test/test.awsclient.ts index 04e59866..58e9c8a1 100644 --- a/test/test.awsclient.ts +++ b/test/test.awsclient.ts @@ -229,59 +229,6 @@ describe('AwsClient', () => { assert.doesNotThrow(() => new AwsClient(validOptions)); }); - it('should throw when an unsupported credential_source is provided', () => { - const expectedError = new RangeError( - 'Invalid host "baddomain.com" for "url". Expecting 169.254.169.254 or fd00:ec2::254.' - ); - const invalidCredentialSource = Object.assign({}, awsCredentialSource); - invalidCredentialSource.url = 'http://baddomain.com/fake'; - const invalidOptions = { - type: 'external_account', - audience, - subject_token_type: 'urn:ietf:params:aws:token-type:aws4_request', - token_url: getTokenUrl(), - credential_source: invalidCredentialSource, - }; - - assert.throws(() => new AwsClient(invalidOptions), expectedError); - }); - - it('should throw when an unsupported imdsv2_session_token_url is provided', () => { - const expectedError = new RangeError( - 'Invalid host "baddomain.com" for "imdsv2_session_token_url". Expecting 169.254.169.254 or fd00:ec2::254.' - ); - const invalidCredentialSource = Object.assign( - {imdsv2_session_token_url: 'http://baddomain.com/fake'}, - awsCredentialSource - ); - const invalidOptions = { - type: 'external_account', - audience, - subject_token_type: 'urn:ietf:params:aws:token-type:aws4_request', - token_url: getTokenUrl(), - credential_source: invalidCredentialSource, - }; - - assert.throws(() => new AwsClient(invalidOptions), expectedError); - }); - - it('should throw when an unsupported region_url is provided', () => { - const expectedError = new RangeError( - 'Invalid host "baddomain.com" for "region_url". Expecting 169.254.169.254 or fd00:ec2::254.' - ); - const invalidCredentialSource = Object.assign({}, awsCredentialSource); - invalidCredentialSource.region_url = 'http://baddomain.com/fake'; - const invalidOptions = { - type: 'external_account', - audience, - subject_token_type: 'urn:ietf:params:aws:token-type:aws4_request', - token_url: getTokenUrl(), - credential_source: invalidCredentialSource, - }; - - assert.throws(() => new AwsClient(invalidOptions), expectedError); - }); - it('should throw when an unsupported environment ID is provided', () => { const expectedError = new Error( 'No valid AWS "credential_source" provided'