From 8becf0d43b7afb11727e7594611f5a086ae26556 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?FOUCAULT=20J=C3=A9remie?= Date: Wed, 22 Mar 2023 14:53:36 +0100 Subject: [PATCH 1/2] feat: add a listen-address flag to specify which host the server should use --- cli/exec.go | 35 ++++++++++++++++++++--------------- server/ecsserver.go | 4 ++-- 2 files changed, 22 insertions(+), 17 deletions(-) diff --git a/cli/exec.go b/cli/exec.go index 47f7f4c54..2ab035c19 100644 --- a/cli/exec.go +++ b/cli/exec.go @@ -22,18 +22,19 @@ import ( ) type ExecCommandInput struct { - ProfileName string - Command string - Args []string - StartEc2Server bool - StartEcsServer bool - Lazy bool - JSONDeprecated bool - Config vault.ProfileConfig - SessionDuration time.Duration - NoSession bool - UseStdout bool - ShowHelpMessages bool + ProfileName string + Command string + Args []string + StartEc2Server bool + StartEcsServer bool + ServerListenAddress string + Lazy bool + JSONDeprecated bool + Config vault.ProfileConfig + SessionDuration time.Duration + NoSession bool + UseStdout bool + ShowHelpMessages bool } func (input ExecCommandInput) validate() error { @@ -100,6 +101,10 @@ func ConfigureExecCommand(app *kingpin.Application, a *AwsVault) { cmd.Flag("ecs-server", "Run a ECS credential server in the background for credentials (the SDK or app must support AWS_CONTAINER_CREDENTIALS_FULL_URI)"). BoolVar(&input.StartEcsServer) + + cmd.Flag("listen-address", "Define which host the server should run listen. Defaults to 127.0.0.1"). + Default("127.0.0.1"). + StringVar(&input.ServerListenAddress) cmd.Flag("lazy", "When using --ecs-server, lazily fetch credentials"). BoolVar(&input.Lazy) @@ -202,7 +207,7 @@ func ExecCommand(input ExecCommandInput, f *vault.ConfigFile, keyring keyring.Ke printHelpMessage(subshellHelp, input.ShowHelpMessages) } else if input.StartEcsServer { printHelpMessage("Starting a local ECS credential server; your app's AWS sdk must support AWS_CONTAINER_CREDENTIALS_FULL_URI.", input.ShowHelpMessages) - if err = startEcsServerAndSetEnv(credsProvider, config, input.Lazy, &cmdEnv); err != nil { + if err = startEcsServerAndSetEnv(credsProvider, config, input.Lazy, input.ServerListenAddress, &cmdEnv); err != nil { return 0, err } printHelpMessage(subshellHelp, input.ShowHelpMessages) @@ -260,8 +265,8 @@ func createEnv(profileName string, region string) environ { return env } -func startEcsServerAndSetEnv(credsProvider aws.CredentialsProvider, config *vault.ProfileConfig, lazy bool, cmdEnv *environ) error { - ecsServer, err := server.NewEcsServer(context.TODO(), credsProvider, config, "", 0, lazy) +func startEcsServerAndSetEnv(credsProvider aws.CredentialsProvider, config *vault.ProfileConfig, lazy bool, listenAddress string, cmdEnv *environ) error { + ecsServer, err := server.NewEcsServer(context.TODO(), credsProvider, config, "", 0, lazy, listenAddress) if err != nil { return err } diff --git a/server/ecsserver.go b/server/ecsserver.go index 488d3f767..455d56799 100644 --- a/server/ecsserver.go +++ b/server/ecsserver.go @@ -66,8 +66,8 @@ type EcsServer struct { config *vault.ProfileConfig } -func NewEcsServer(ctx context.Context, baseCredsProvider aws.CredentialsProvider, config *vault.ProfileConfig, authToken string, port int, lazyLoadBaseCreds bool) (*EcsServer, error) { - listener, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", port)) +func NewEcsServer(ctx context.Context, baseCredsProvider aws.CredentialsProvider, config *vault.ProfileConfig, authToken string, port int, lazyLoadBaseCreds bool, serverListenAddress string) (*EcsServer, error) { + listener, err := net.Listen("tcp", fmt.Sprintf("%s:%d", serverListenAddress, port)) if err != nil { return nil, err } From b5db984985b803986bba923a63b4e229bdc0bfaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?FOUCAULT=20J=C3=A9remie?= Date: Mon, 27 Mar 2023 09:42:20 +0200 Subject: [PATCH 2/2] fix: force server to use ipv4 for binding --- server/ecsserver.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/ecsserver.go b/server/ecsserver.go index 455d56799..fd77f4e90 100644 --- a/server/ecsserver.go +++ b/server/ecsserver.go @@ -67,7 +67,7 @@ type EcsServer struct { } func NewEcsServer(ctx context.Context, baseCredsProvider aws.CredentialsProvider, config *vault.ProfileConfig, authToken string, port int, lazyLoadBaseCreds bool, serverListenAddress string) (*EcsServer, error) { - listener, err := net.Listen("tcp", fmt.Sprintf("%s:%d", serverListenAddress, port)) + listener, err := net.Listen("tcp4", fmt.Sprintf("%s:%d", serverListenAddress, port)) if err != nil { return nil, err }