From cd50db2974ca578765e85ff82ab68d7875818c86 Mon Sep 17 00:00:00 2001
From: Keerthan Reddy Mala <kremala@amazon.com>
Date: Wed, 10 Jul 2024 15:12:23 -0700
Subject: [PATCH 1/3] skip service validation to get the default regions
 endpoint

---
 pkg/token/token.go | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/pkg/token/token.go b/pkg/token/token.go
index fbb7c96cf..cd39f461b 100644
--- a/pkg/token/token.go
+++ b/pkg/token/token.go
@@ -392,6 +392,18 @@ type tokenVerifier struct {
 	validSTShostnames map[string]bool
 }
 
+func getDefaultHostNameForRegion(partition *endpoints.Partition, region string) (string, error) {
+	rep, err := partition.EndpointFor(stsServiceID, region, endpoints.STSRegionalEndpointOption, endpoints.ResolveUnknownServiceOption)
+	if err != nil {
+		return "", fmt.Errorf("Error resolving endpoint for %s in partition %s. err: %v", region, partition.ID(), err)
+	}
+	parsedURL, err := url.Parse(rep.URL)
+	if err != nil {
+		return "", fmt.Errorf("Error parsing STS URL %s. err: %v", rep.URL, err)
+	}
+	return parsedURL.Hostname(), nil
+}
+
 func stsHostsForPartition(partitionID, region string) map[string]bool {
 	validSTShostnames := map[string]bool{}
 
@@ -410,6 +422,14 @@ func stsHostsForPartition(partitionID, region string) map[string]bool {
 	stsSvc, ok := partition.Services()[stsServiceID]
 	if !ok {
 		logrus.Errorf("STS service not found in partition %s", partitionID)
+		// Add the host of the current instances region if the service doesn't already exists in the partition
+		// so we don't fail if the service is not present in the go sdk but matches the instances region.
+		stsHostName, err := getDefaultHostNameForRegion(partition, region)
+		if err != nil {
+			logrus.WithError(err).Error("Error getting default hostname")
+		} else {
+			validSTShostnames[stsHostName] = true
+		}
 		return validSTShostnames
 	}
 	stsSvcEndPoints := stsSvc.Endpoints()
@@ -430,17 +450,12 @@ func stsHostsForPartition(partitionID, region string) map[string]bool {
 	// Add the host of the current instances region if not already exists so we don't fail if the region is not
 	// present in the go sdk but matches the instances region.
 	if _, ok := stsSvcEndPoints[region]; !ok {
-		rep, err := partition.EndpointFor(stsServiceID, region, endpoints.STSRegionalEndpointOption)
+		stsHostName, err := getDefaultHostNameForRegion(partition, region)
 		if err != nil {
-			logrus.WithError(err).Errorf("Error resolving endpoint for %s in partition %s", region, partitionID)
+			logrus.WithError(err).Error("Error getting default hostname")
 			return validSTShostnames
 		}
-		parsedURL, err := url.Parse(rep.URL)
-		if err != nil {
-			logrus.WithError(err).Errorf("Error parsing STS URL %s", rep.URL)
-			return validSTShostnames
-		}
-		validSTShostnames[parsedURL.Hostname()] = true
+		validSTShostnames[stsHostName] = true
 	}
 
 	return validSTShostnames

From b1b2f45c3e1c65bbbb8641be0d2f768456ec17e4 Mon Sep 17 00:00:00 2001
From: Keerthan Reddy Mala <kremala@amazon.com>
Date: Thu, 11 Jul 2024 12:05:26 -0700
Subject: [PATCH 2/3] Add unit test

---
 pkg/token/token.go      |  8 ++---
 pkg/token/token_test.go | 68 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 72 insertions(+), 4 deletions(-)

diff --git a/pkg/token/token.go b/pkg/token/token.go
index cd39f461b..88ab70299 100644
--- a/pkg/token/token.go
+++ b/pkg/token/token.go
@@ -392,8 +392,8 @@ type tokenVerifier struct {
 	validSTShostnames map[string]bool
 }
 
-func getDefaultHostNameForRegion(partition *endpoints.Partition, region string) (string, error) {
-	rep, err := partition.EndpointFor(stsServiceID, region, endpoints.STSRegionalEndpointOption, endpoints.ResolveUnknownServiceOption)
+func getDefaultHostNameForRegion(partition *endpoints.Partition, region, service string) (string, error) {
+	rep, err := partition.EndpointFor(service, region, endpoints.STSRegionalEndpointOption, endpoints.ResolveUnknownServiceOption)
 	if err != nil {
 		return "", fmt.Errorf("Error resolving endpoint for %s in partition %s. err: %v", region, partition.ID(), err)
 	}
@@ -424,7 +424,7 @@ func stsHostsForPartition(partitionID, region string) map[string]bool {
 		logrus.Errorf("STS service not found in partition %s", partitionID)
 		// Add the host of the current instances region if the service doesn't already exists in the partition
 		// so we don't fail if the service is not present in the go sdk but matches the instances region.
-		stsHostName, err := getDefaultHostNameForRegion(partition, region)
+		stsHostName, err := getDefaultHostNameForRegion(partition, region, stsServiceID)
 		if err != nil {
 			logrus.WithError(err).Error("Error getting default hostname")
 		} else {
@@ -450,7 +450,7 @@ func stsHostsForPartition(partitionID, region string) map[string]bool {
 	// Add the host of the current instances region if not already exists so we don't fail if the region is not
 	// present in the go sdk but matches the instances region.
 	if _, ok := stsSvcEndPoints[region]; !ok {
-		stsHostName, err := getDefaultHostNameForRegion(partition, region)
+		stsHostName, err := getDefaultHostNameForRegion(partition, region, stsServiceID)
 		if err != nil {
 			logrus.WithError(err).Error("Error getting default hostname")
 			return validSTShostnames
diff --git a/pkg/token/token_test.go b/pkg/token/token_test.go
index 0c472645b..021718815 100644
--- a/pkg/token/token_test.go
+++ b/pkg/token/token_test.go
@@ -14,6 +14,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/google/go-cmp/cmp"
 	"github.com/prometheus/client_golang/prometheus"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -514,3 +515,70 @@ func response(account, userID, arn string) getCallerIdentityWrapper {
 	wrapper.GetCallerIdentityResponse.ResponseMetadata.RequestID = "id1234"
 	return wrapper
 }
+
+func Test_getDefaultHostNameForRegion(t *testing.T) {
+	type args struct {
+		partition endpoints.Partition
+		region    string
+		service   string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    string
+		wantErr bool
+	}{
+		{
+			name: "service doesn't exist should return default host name",
+			args: args{
+				partition: endpoints.AwsIsoEPartition(),
+				region:    "eu-isoe-west-1",
+				service:   "test",
+			},
+			want:    "test.eu-isoe-west-1.cloud.adc-e.uk",
+			wantErr: false,
+		},
+		{
+			name: "service and region doesn't exist should return default host name",
+			args: args{
+				partition: endpoints.AwsIsoEPartition(),
+				region:    "eu-isoe-test-1",
+				service:   "test",
+			},
+			want:    "test.eu-isoe-test-1.cloud.adc-e.uk",
+			wantErr: false,
+		},
+		{
+			name: "region doesn't exist should return default host name",
+			args: args{
+				partition: endpoints.AwsIsoPartition(),
+				region:    "us-iso-test-1",
+				service:   "sts",
+			},
+			want:    "sts.us-iso-test-1.c2s.ic.gov",
+			wantErr: false,
+		},
+		{
+			name: "invalid region should return error",
+			args: args{
+				partition: endpoints.AwsIsoPartition(),
+				region:    "test_123",
+				service:   "sts",
+			},
+			want:    "",
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := getDefaultHostNameForRegion(&tt.args.partition, tt.args.region, tt.args.service)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("getDefaultHostNameForRegion() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("getDefaultHostNameForRegion() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

From be0360001d0ab3d06f4653add4e7809cc2616066 Mon Sep 17 00:00:00 2001
From: Keerthan Reddy Mala <kremala@amazon.com>
Date: Thu, 11 Jul 2024 13:50:34 -0700
Subject: [PATCH 3/3] update the go version to 1.22.5

---
 .go-version              | 2 +-
 Dockerfile               | 2 +-
 go.mod                   | 2 +-
 tests/integration/go.mod | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.go-version b/.go-version
index 2a0ba77cc..da9594fd6 100644
--- a/.go-version
+++ b/.go-version
@@ -1 +1 @@
-1.22.4
+1.22.5
diff --git a/Dockerfile b/Dockerfile
index a9fbab2c6..2a2afb676 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ARG image=public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nonroot:2023-09-06-1694026927.2
-ARG golang_image=public.ecr.aws/docker/library/golang:1.22.4
+ARG golang_image=public.ecr.aws/docker/library/golang:1.22.5
 
 FROM --platform=$BUILDPLATFORM $golang_image AS builder
 WORKDIR /go/src/github.com/kubernetes-sigs/aws-iam-authenticator
diff --git a/go.mod b/go.mod
index 366aee9d3..980435989 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module sigs.k8s.io/aws-iam-authenticator
 
-go 1.22.4
+go 1.22.5
 
 require (
 	github.com/aws/aws-sdk-go v1.54.6
diff --git a/tests/integration/go.mod b/tests/integration/go.mod
index 1ab9d86af..29e479e6e 100644
--- a/tests/integration/go.mod
+++ b/tests/integration/go.mod
@@ -1,6 +1,6 @@
 module sigs.k8s.io/aws-iam-authenticator/tests/integration
 
-go 1.22.4
+go 1.22.5
 
 require (
 	github.com/aws/aws-sdk-go v1.54.6