From 6b6e8562c36b6f4c771449e2c6cd0da6227483aa Mon Sep 17 00:00:00 2001
From: Achintha Gunasekara <achintha@me.com>
Date: Sun, 27 Oct 2024 14:14:50 +1100
Subject: [PATCH] Enable the use of the FIPS endpoint for the `S3_file`
 resource and update the `create_aws_interface` method to support this
 functionality (#490)

* allow using FIPS endpoint for S3_file resource and update
`create_aws_interface` to support it

* update the readme

* update

* Update libraries/ec2.rb

Co-authored-by: Corey Hemminger <hemminger@hotmail.com>

* fix the use_fips_endpoint`use_fips_endpoint` oassed into
`create_aws_interface`

* Fixes to get CI to run

Signed-off-by: Lance Albertson <lance@osuosl.org>

---------

Signed-off-by: Lance Albertson <lance@osuosl.org>
Co-authored-by: Archie Gunasekara <agunasekara@agunase-ltmgr83.internal.salesforce.com>
Co-authored-by: Corey Hemminger <hemminger@hotmail.com>
Co-authored-by: Lance Albertson <lance@osuosl.org>
---
 CHANGELOG.md         | 3 ++-
 libraries/ec2.rb     | 4 +++-
 resources/s3_file.rb | 3 ++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a7f68a73..9eb90041 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,8 @@ This file is used to list changes made in each version of the aws cookbook.
 
 ## Unreleased
 
+- Enable the use of the FIPS endpoint for the `S3_file` resource and update the `create_aws_interface` method to support this functionality
+
 ## 9.1.7 - *2024-07-10*
 
 Standardise files with files in sous-chefs/repo-management
@@ -647,7 +649,6 @@ Update checkout to v3 in ci.yml
 [@bazbremner]: https://github.com/bazbremner
 [@dhui]: https://github.com/dhui
 [@drmerlin]: https://github.com/DrMerlin
-[@drywheat]: https://github.com/drywheat
 [@knorby]: https://github.com/knorby
 [@miketheman]: https://github.com/miketheman
 [@mkantor]: https://github.com/mkantor
diff --git a/libraries/ec2.rb b/libraries/ec2.rb
index 8e3b290e..1e06032d 100644
--- a/libraries/ec2.rb
+++ b/libraries/ec2.rb
@@ -69,8 +69,10 @@ def fallback_region
 
     # setup AWS instance using passed creds, iam profile, or assumed role
     def create_aws_interface(aws_interface, **opts)
+      use_fips_endpoint = opts.key?(:use_fips_endpoint) ? opts[:use_fips_endpoint] : false
       aws_interface_opts = { region: opts[:region],
-                             http_proxy: ENV['http_proxy'] }
+                             http_proxy: ENV['http_proxy'],
+                             use_fips_endpoint: use_fips_endpoint }
 
       if opts[:mock] # return a mocked interface
         aws_interface_opts[:stub_responses] = true
diff --git a/resources/s3_file.rb b/resources/s3_file.rb
index 235ea2f7..b2963f92 100644
--- a/resources/s3_file.rb
+++ b/resources/s3_file.rb
@@ -17,6 +17,7 @@
 property :manage_symlink_source, [true, false]
 property :virtual_host, [true, false], default: false
 property :s3_url, String
+property :use_fips_endpoint, [true, false], default: false
 # Intentionally not using platform_family?('windows') due to a bug/issue
 # where this method is not abvailable in the context of gating properties
 # TODO: update when this is fixed
@@ -60,7 +61,7 @@ def s3
     require 'aws-sdk-s3'
 
     Chef::Log.debug('Initializing the S3 Client')
-    @s3 ||= create_aws_interface(::Aws::S3::Client, region: new_resource.region)
+    @s3 ||= create_aws_interface(::Aws::S3::Client, region: new_resource.region, use_fips_endpoint: new_resource.use_fips_endpoint)
   end
 
   def s3_obj