fix: Python: Remove awl url validation

googleapis · Mar 20, 2023 · 8461c7f · 8461c7f
1 parent 3fcd319
commit 8461c7f
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 51 deletions.
diff --git a/google/auth/aws.py b/google/auth/aws.py
@@ -398,8 +398,6 @@ def __init__(
         self._request_signer = None
         self._target_resource = audience
 
-        self.validate_metadata_server_urls()
-
         # Get the environment ID. Currently, only one version supported (v1).
         matches = re.match(r"^(aws)([\d]+)$", self._environment_id)
         if matches:
@@ -418,22 +416,6 @@ def __init__(
                 )
             )
 
-    def validate_metadata_server_urls(self):
-        self.validate_metadata_server_url_if_any(self._region_url, "region_url")
-        self.validate_metadata_server_url_if_any(self._security_credentials_url, "url")
-        self.validate_metadata_server_url_if_any(
-            self._imdsv2_session_token_url, "imdsv2_session_token_url"
-        )
-
-    @staticmethod
-    def validate_metadata_server_url_if_any(url_string, name_of_data):
-        if url_string:
-            url = urlparse(url_string)
-            if url.hostname != "169.254.169.254" and url.hostname != "fd00:ec2::254":
-                raise exceptions.InvalidResource(
-                    "Invalid hostname '{}' for '{}'".format(url.hostname, name_of_data)
-                )
-
     def retrieve_subject_token(self, request):
         """Retrieves the subject token using the credential_source object.
         The subject token is a serialized `AWS GetCallerIdentity signed request`_.

diff --git a/tests/test_aws.py b/tests/test_aws.py
@@ -1495,39 +1495,6 @@ def test_retrieve_subject_token_success_temp_creds_idmsv2(self, utcnow):
         credentials.retrieve_subject_token(request)
         assert not request.called
 
-    def test_validate_metadata_server_url_if_any(self):
-        aws.Credentials.validate_metadata_server_url_if_any(
-            "http://[fd00:ec2::254]/latest/meta-data/placement/availability-zone", "url"
-        )
-        aws.Credentials.validate_metadata_server_url_if_any(
-            "http://169.254.169.254/latest/meta-data/placement/availability-zone", "url"
-        )
-
-        with pytest.raises(ValueError) as excinfo:
-            aws.Credentials.validate_metadata_server_url_if_any(
-                "http://fd00:ec2::254/latest/meta-data/placement/availability-zone",
-                "url",
-            )
-        assert excinfo.match("Invalid hostname 'fd00' for 'url'")
-
-        with pytest.raises(ValueError) as excinfo:
-            aws.Credentials.validate_metadata_server_url_if_any(
-                "http://abc.com/latest/meta-data/placement/availability-zone", "url"
-            )
-        assert excinfo.match("Invalid hostname 'abc.com' for 'url'")
-
-    def test_retrieve_subject_token_invalid_hosts(self):
-        keys = ["url", "region_url", "imdsv2_session_token_url"]
-        for key in keys:
-            credential_source = self.CREDENTIAL_SOURCE.copy()
-            credential_source[
-                key
-            ] = "http://abc.com/latest/meta-data/iam/security-credentials"
-
-            with pytest.raises(ValueError) as excinfo:
-                self.make_credentials(credential_source=credential_source)
-            assert excinfo.match("Invalid hostname 'abc.com' for '{}'".format(key))
-
     @mock.patch("google.auth._helpers.utcnow")
     def test_retrieve_subject_token_success_ipv6(self, utcnow):
         utcnow.return_value = datetime.datetime.strptime(