/// <summary> /// Fetches the api token to use with metadata requests. /// </summary> /// <param name="tries">The number of tries to fetch the api token before giving up and throwing the web exception</param> /// <returns>The API token or null if an API token couldn't be obtained and doesn't need to be used</returns> private static string FetchApiToken(int tries) { for (int retry = 1; retry <= tries; retry++) { if (!IsIMDSEnabled || useNullToken) { return(null); } try { var uriForToken = new Uri(EC2_APITOKEN_URL); var headers = new Dictionary <string, string>(); headers.Add(HeaderKeys.XAwsEc2MetadataTokenTtlSeconds, DEFAULT_APITOKEN_TTL.ToString(CultureInfo.InvariantCulture)); var content = AWSSDKUtils.ExecuteHttpRequest(uriForToken, "PUT", null, TimeSpan.FromSeconds(5), Proxy, headers); return(content.Trim()); } catch (Exception e) { HttpStatusCode?httpStatusCode = ExceptionUtils.DetermineHttpStatusCode(e); if (httpStatusCode == HttpStatusCode.NotFound || httpStatusCode == HttpStatusCode.MethodNotAllowed || httpStatusCode == HttpStatusCode.Forbidden) { useNullToken = true; return(null); } if (retry >= tries) { if (httpStatusCode == HttpStatusCode.BadRequest) { Logger.GetLogger(typeof(EC2InstanceMetadata)).Error(e, "Unable to contact EC2 Metadata service to obtain a metadata token."); throw; } Logger.GetLogger(typeof(EC2InstanceMetadata)).Error(e, "Unable to contact EC2 Metadata service to obtain a metadata token. Attempting to access IMDS without a token."); //If there isn't a status code, it was a failure to contact the server which would be //a request failure, a network issue, or a timeout. Cache this response and fallback //to IMDS flow without a token. If the non token IMDS flow returns unauthorized, the //useNullToken flag will be cleared and the IMDS flow will attempt to obtain another //token. if (httpStatusCode == null) { useNullToken = true; } //Return null to fallback to the IMDS flow without using a token. return(null); } PauseExponentially(retry - 1); } } return(null); }
private static List <string> GetItems(string relativeOrAbsolutePath, int tries, bool slurp, string token) { var items = new List <string>(); //For all meta-data queries we need to fetch an api token to use. In the event a //token cannot be obtained we will fallback to not using a token. Dictionary <string, string> headers = null; if (token == null) { token = FetchApiToken(DEFAULT_RETRIES); } if (!string.IsNullOrEmpty(token)) { headers = new Dictionary <string, string>(); headers.Add(HeaderKeys.XAwsEc2MetadataToken, token); } try { if (!IsIMDSEnabled) { throw new IMDSDisabledException(); } // if we are given a relative path, we assume the data we need exists under the // main metadata root var uri = relativeOrAbsolutePath.StartsWith(EC2_METADATA_SVC, StringComparison.Ordinal) ? new Uri(relativeOrAbsolutePath) : new Uri(EC2_METADATA_ROOT + relativeOrAbsolutePath); var content = AWSSDKUtils.ExecuteHttpRequest(uri, "GET", null, TimeSpan.FromSeconds(5), Proxy, headers); using (var stream = new StringReader(content)) { if (slurp) { items.Add(stream.ReadToEnd()); } else { string line; do { line = stream.ReadLine(); if (line != null) { items.Add(line.Trim()); } }while (line != null); } } } catch (IMDSDisabledException) { // Keep this behavior identical to when HttpStatusCode.NotFound is returned. return(null); } catch (Exception e) { HttpStatusCode?httpStatusCode = ExceptionUtils.DetermineHttpStatusCode(e); if (httpStatusCode == HttpStatusCode.NotFound) { return(null); } else if (httpStatusCode == HttpStatusCode.Unauthorized) { ClearTokenFlag(); Logger.GetLogger(typeof(EC2InstanceMetadata)).Error(e, "EC2 Metadata service returned unauthorized for token based secure data flow."); throw; } if (tries <= 1) { Logger.GetLogger(typeof(EC2InstanceMetadata)).Error(e, "Unable to contact EC2 Metadata service."); return(null); } PauseExponentially(DEFAULT_RETRIES - tries); return(GetItems(relativeOrAbsolutePath, tries - 1, slurp, token)); } return(items); }