Fix issue for checking if app is running in an OCI instance which causes Instance Principal auth to fail #8197
Conversation
…ses Instance Principal auth to fail
oracle-contributor-agreement
bot
added
the
OCA Verified
| @@ -46,7 +46,7 @@ static boolean runningOnOci(OciConfig ociConfig) { | |||
| return false; | |||
| } | |||
|
|
|||
| return (Region.getRegionFromImds() != null); | |||
| return (Region.getRegionFromImds("http://" + ociConfig.imdsHostName() + "/opc/v2/") != null); | |||
There was a problem hiding this comment.
What is the issue with calling the no arg method? It seems like we should not need to pass the path.
If we really must take ownership of the path, then "/opc/v2/" should be configurable. We should therefore follow-up to make that configurable - perhaps using oci.yaml.
There was a problem hiding this comment.
without the arg, it is returning null. It can be fixed by using Region.registerFromInstanceMetadataService() but this uses http://169.254.169.254/opc/v2/. Our code however allows IMDS host to be configurable via ociConfig.imdsHostName(), hence why we cannot use Region.registerFromInstanceMetadataService(). The IMDS URL is in the format, http:///opc/v2/ hence why I derived it and hence why "/opc/v2/" does not need to be configurable?
|
This PR is potential fix for #8191 |
...dk/runtime/src/main/java/io/helidon/integrations/oci/sdk/runtime/OciAvailabilityDefault.java
Show resolved
Hide resolved
Description
The call to
Region.getRegionFromImds()inOciAvailabilityDefault.runningOnOci(OciConfig ociConfig)is returning null causing Instance Principal authentication to not work because the code thinks it is not running in an OCI instance. To resolve this issue, passing in the Metadata Service Url inRegion.getRegionFromImds()helps return a valid value.Tested and validated this change to be working in a helidon app that is running in an OCI instance.
Documentation
If no doc impact: None