Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fix https container-credentials endpoints to match other AWS SDKs #3584

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

Fix https container-credentials endpoints to match other AWS SDKs #3584

wants to merge 2 commits into from

Conversation

@blairdrummond
Copy link

@blairdrummond blairdrummond commented Oct 28, 2025
edited
Loading

Relates to #2515

Description of changes:

I discovered that the Container Credential Provider options behave differently in boto compared to all other AWS SDKs that I've checked. When supplying an AWS_CONTAINER_CREDENTIALS_FULL_URI endpoint, the other SDKs allow any https endpoint, whereas boto does not allow any URL unless it's one of the special addresses (even if it's HTTPS).

The tests in this repo were aware of this behaviour, but I think this code pre-dates most other SDK implementations, which seem to have provided a new convention. I have updated the tests to address this. You can see below the implementations of this behaviour in the other major SDKs

Note on #2515

If using HTTPS on host.docker.internal, then #2515 would be resolved. This wouldn't be out-of-the-box though without using some CA certs on the client-side. (That might be fine though)

@blairdrummond blairdrummond changed the title allow https container-credentials endpoints Allow https container-credentials endpoints Oct 29, 2025
@blairdrummond blairdrummond changed the title Allow https container-credentials endpoints Fix https container-credentials endpoints Oct 30, 2025
@blairdrummond blairdrummond changed the title Fix https container-credentials endpoints Fix https container-credentials endpoints to match other AWS SDKs Nov 8, 2025
@nateprewitt
Copy link
Contributor

nateprewitt commented Nov 10, 2025

Hi @blairdrummond,

Thanks for bringing this to our attention! It does appear we have some drift from the Container credential provider specification we use across SDKs. The initial implementation was one of AWS' earliest ones and predates support for arbitrary HTTPS endpoints.

I think we'd be happy to add this but will likely need to make a few minor changes to your implementation to be fully compliant. Would you be alright if I add a couple commits onto this PR so we can get it merged?

@blairdrummond
Copy link
Author

blairdrummond commented Nov 10, 2025

Absolutely! Please feel free to add commits @nateprewitt and let me know if there's anything I can assist with 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@blairdrummond @nateprewitt