e2e

kuhe · kuhe · commit fca96ddf6aa4 · 2025-06-26T16:55:06.000Z
diff --git a/packages/credential-provider-imds/src/fromInstanceMetadata.e2e.spec.ts b/packages/credential-provider-imds/src/fromInstanceMetadata.e2e.spec.ts
@@ -1,17 +1,18 @@
 import { afterEach, beforeEach, describe, expect, test as it } from "vitest";
 
 import { fromInstanceMetadata, getMetadataToken } from "./fromInstanceMetadata";
+import { getInstanceMetadataEndpoint } from "./utils/getInstanceMetadataEndpoint";
 
 describe("fromInstanceMetadata (Live EC2 E2E Tests)", () => {
   const originalEnv = { ...process.env };
   let imdsAvailable = false;
 
   beforeEach(async () => {
-    process.env = { ...originalEnv, AWS_EC2_INSTANCE_PROFILE_NAME: "foo-profile" };
+    process.env = { ...originalEnv };
 
     // Check IMDS availability
     try {
-      const testProvider = fromInstanceMetadata({ timeout: 1000, maxRetries: 0 });
+      const testProvider = fromInstanceMetadata({ timeout: 9000 });
       await testProvider();
       imdsAvailable = true;
     } catch (err) {
@@ -28,15 +29,8 @@ describe("fromInstanceMetadata (Live EC2 E2E Tests)", () => {
       return context.skip();
     }
 
-    const options = {
-      path: "/latest/api/token",
-      method: "PUT",
-      timeout: 1000,
-      headers: {
-        "x-aws-ec2-metadata-token-ttl-seconds": "21600",
-      },
-    };
-    const token = await getMetadataToken(options);
+    const endpoint = await getInstanceMetadataEndpoint();
+    const token = await getMetadataToken(endpoint);
     expect(token).toBeDefined();
     expect(typeof token).toBe("string");
     expect(token.length).toBeGreaterThan(0);
@@ -47,7 +41,7 @@ describe("fromInstanceMetadata (Live EC2 E2E Tests)", () => {
       return context.skip();
     }
 
-    const provider = fromInstanceMetadata({ timeout: 1000, maxRetries: 2 });
+    const provider = fromInstanceMetadata();
     const credentials = await provider();
 
     expect(credentials).toHaveProperty("accessKeyId");
@@ -61,7 +55,7 @@ describe("fromInstanceMetadata (Live EC2 E2E Tests)", () => {
       return context.skip();
     }
 
-    const provider = fromInstanceMetadata({ timeout: 1000, maxRetries: 2 });
+    const provider = fromInstanceMetadata();
     const credentials = await provider();
 
     if (!credentials.accountId) {
@@ -75,15 +69,15 @@ describe("fromInstanceMetadata (Live EC2 E2E Tests)", () => {
   it("IMDS access disabled via AWS_EC2_METADATA_DISABLED", async () => {
     process.env.AWS_EC2_METADATA_DISABLED = "true";
 
-    const provider = fromInstanceMetadata({ timeout: 1000 });
+    const provider = fromInstanceMetadata();
 
     await expect(provider()).rejects.toThrow("IMDS credential fetching is disabled");
   });
 
   it("Empty configured profile name should throw error", async () => {
     process.env.AWS_EC2_INSTANCE_PROFILE_NAME = "   ";
 
-    const provider = fromInstanceMetadata({ timeout: 1000 });
+    const provider = fromInstanceMetadata();
 
     await expect(provider()).rejects.toThrow();
   });
@@ -93,7 +87,7 @@ describe("fromInstanceMetadata (Live EC2 E2E Tests)", () => {
       return context.skip();
     }
 
-    const provider = fromInstanceMetadata({ timeout: 1000 });
+    const provider = fromInstanceMetadata();
 
     try {
       const credentials = await provider();
@@ -108,7 +102,7 @@ describe("fromInstanceMetadata (Live EC2 E2E Tests)", () => {
       return context.skip();
     }
 
-    const provider = fromInstanceMetadata({ timeout: 1000 });
+    const provider = fromInstanceMetadata();
     const creds1 = await provider();
     const creds2 = await provider();
 
@@ -117,7 +111,11 @@ describe("fromInstanceMetadata (Live EC2 E2E Tests)", () => {
     expect(creds1.accessKeyId).toBe(creds2.accessKeyId);
   });
 
-  it("should timeout as expected when a request exceeds the specified duration", async (context) => {
+  /**
+   * The IMDS may respond too quickly to test this,
+   * even with 1ms timeout.
+   */
+  it.skip("should timeout as expected when a request exceeds the specified duration", async (context) => {
     if (!imdsAvailable) {
       return context.skip();
     }
diff --git a/packages/credential-provider-imds/src/fromInstanceMetadata.ts b/packages/credential-provider-imds/src/fromInstanceMetadata.ts
@@ -53,32 +53,31 @@ const getInstanceMetadataProvider = (init: RemoteProviderInit = {}) => {
       let fallbackBlockedFromProcessEnv = false;
 
       const _ec2MetadataV1Disabled =
-        ec2MetadataV1Disabled !== undefined
-          ? ec2MetadataV1Disabled
-          : await loadConfig(
-              {
-                environmentVariableSelector: (env) => {
-                  const envValue = env[AWS_EC2_METADATA_V1_DISABLED];
-                  if (envValue === undefined) {
-                    return undefined;
-                  }
-                  fallbackBlockedFromProcessEnv = !!envValue && envValue !== "false";
-                  return fallbackBlockedFromProcessEnv;
-                },
-                configFileSelector: (profile) => {
-                  const profileValue = profile[PROFILE_AWS_EC2_METADATA_V1_DISABLED];
-                  if (profileValue === undefined) {
-                    return undefined;
-                  }
-                  fallbackBlockedFromProfile = !!profileValue && profileValue !== "false";
-                  return fallbackBlockedFromProfile;
-                },
-                default: false,
-              },
-              {
-                profile,
+        ec2MetadataV1Disabled ??
+        (await loadConfig(
+          {
+            environmentVariableSelector: (env) => {
+              const envValue = env[AWS_EC2_METADATA_V1_DISABLED];
+              if (envValue === undefined) {
+                return undefined;
               }
-            )();
+              fallbackBlockedFromProcessEnv = !!envValue && envValue !== "false";
+              return fallbackBlockedFromProcessEnv;
+            },
+            configFileSelector: (profile) => {
+              const profileValue = profile[PROFILE_AWS_EC2_METADATA_V1_DISABLED];
+              if (profileValue === undefined) {
+                return undefined;
+              }
+              fallbackBlockedFromProfile = !!profileValue && profileValue !== "false";
+              return fallbackBlockedFromProfile;
+            },
+            default: false,
+          },
+          {
+            profile,
+          }
+        )());
 
       if (_ec2MetadataV1Disabled) {
         const causes: string[] = [];
@@ -123,7 +122,7 @@ const getInstanceMetadataProvider = (init: RemoteProviderInit = {}) => {
     } else {
       let token: string;
       try {
-        token = (await getMetadataToken({ ...endpoint, timeout })).toString();
+        token = await getMetadataToken({ ...endpoint, timeout });
       } catch (error) {
         if (error?.statusCode === 400) {
           throw Object.assign(error, {
@@ -181,15 +180,20 @@ export const getImdsProfile = async (options: RequestOptions, init: RemoteProvid
   }, init.maxRetries ?? DEFAULT_MAX_RETRIES);
 };
 
-export const getMetadataToken = async (options: RequestOptions) =>
-  httpRequest({
-    ...options,
-    path: IMDS_TOKEN_PATH,
-    method: "PUT",
-    headers: {
-      "x-aws-ec2-metadata-token-ttl-seconds": "21600",
-    },
-  });
+/**
+ * @internal
+ */
+export const getMetadataToken = async (options: RequestOptions): Promise<string> =>
+  (
+    await httpRequest({
+      ...options,
+      path: IMDS_TOKEN_PATH,
+      method: "PUT",
+      headers: {
+        "x-aws-ec2-metadata-token-ttl-seconds": "21600",
+      },
+    })
+  ).toString();
 
 /**
  * Checks if IMDS credential fetching is disabled through configuration
@@ -261,10 +265,6 @@ export const getEc2InstanceProfileName = async (init: RemoteProviderInit): Promi
 /**
  * Gets credentials from profile.
  *
- * @param imdsProfile - todo: how is this different from init.profile?
- * @param options
- * @param init
- *
  * @internal
  */
 const getCredentialsFromImdsProfile = async (
