added context chaining, cleanup

Author: gargipanatula

pkg/ec2provider/ec2provider.go

@@ -51,7 +51,7 @@ type EC2API interface {
 // Get a node name from instance ID
 type EC2Provider interface {
 	GetPrivateDNSName(ctx context.Context, id string) (string, error)
-	StartEc2DescribeBatchProcessing()
+	StartEc2DescribeBatchProcessing(ctx context.Context)
 }
 
 type ec2PrivateDNSCache struct {
@@ -114,10 +114,6 @@ func newEC2Client(ctx context.Context, roleARN, sourceARN, region string, qps in
 		stsCfg := cfg
 		stsCfg.HTTPClient = rateLimitedClient
 
-		if err != nil {
-			logrus.Fatalf("Failed to load AWS config: %v", err)
-		}
-
 		stsClient := sts.NewFromConfig(*applySTSRequestHeaders(&stsCfg, sourceARN))
 		ap := stscreds.NewAssumeRoleProvider(stsClient, roleARN, func(o *stscreds.AssumeRoleOptions) {
 			o.Duration = time.Duration(60) * time.Minute
@@ -228,7 +224,7 @@ func (p *ec2ProviderImpl) GetPrivateDNSName(ctx context.Context, id string) (str
 	return privateDNSName, nil
 }
 
-func (p *ec2ProviderImpl) StartEc2DescribeBatchProcessing() {
+func (p *ec2ProviderImpl) StartEc2DescribeBatchProcessing(ctx context.Context) {
 	startTime := time.Now()
 	var instanceIdList []string
 	for {
@@ -256,17 +252,17 @@ func (p *ec2ProviderImpl) StartEc2DescribeBatchProcessing() {
 			startTime = time.Now()
 			dupInstanceList := make([]string, len(instanceIdList))
 			copy(dupInstanceList, instanceIdList)
-			go p.getPrivateDnsAndPublishToCache(dupInstanceList)
+			go p.getPrivateDnsAndPublishToCache(ctx, dupInstanceList)
 			instanceIdList = nil
 		}
 	}
 }
 
-func (p *ec2ProviderImpl) getPrivateDnsAndPublishToCache(instanceIdList []string) {
+func (p *ec2ProviderImpl) getPrivateDnsAndPublishToCache(ctx context.Context, instanceIdList []string) {
 	// Look up instance from EC2 API
 	logrus.Infof("Making Batch Query to DescribeInstances for %v instances ", len(instanceIdList))
 	metrics.Get().EC2DescribeInstanceCallCount.Inc()
-	output, err := p.ec2.DescribeInstances(context.Background(), &ec2.DescribeInstancesInput{
+	output, err := p.ec2.DescribeInstances(ctx, &ec2.DescribeInstancesInput{
 		InstanceIds: instanceIdList,
 	})
 	if err != nil {

pkg/ec2provider/ec2provider_test.go

@@ -70,7 +70,7 @@ func TestGetPrivateDNSName(t *testing.T) {
 	metrics.InitMetrics(prometheus.NewRegistry())
 	ec2Provider := newMockedEC2ProviderImpl()
 	ec2Provider.ec2 = &mockEc2Client{Reservations: prepareSingleInstanceOutput()}
-	go ec2Provider.StartEc2DescribeBatchProcessing()
+	go ec2Provider.StartEc2DescribeBatchProcessing(context.TODO())
 	dns_name, err := ec2Provider.GetPrivateDNSName(context.TODO(), "ec2-1")
 	if err != nil {
 		t.Error("There is an error which is not expected when calling ec2 API with setting up mocks")
@@ -103,7 +103,7 @@ func TestGetPrivateDNSNameWithBatching(t *testing.T) {
 	ec2Provider := newMockedEC2ProviderImpl()
 	reservations := prepare100InstanceOutput()
 	ec2Provider.ec2 = &mockEc2Client{Reservations: reservations}
-	go ec2Provider.StartEc2DescribeBatchProcessing()
+	go ec2Provider.StartEc2DescribeBatchProcessing(context.TODO())
 	var wg sync.WaitGroup
 	for i := 1; i < 101; i++ {
 		instanceString := "ec2-" + strconv.Itoa(i)
@@ -206,20 +206,24 @@ func TestApplySTSRequestHeaders(t *testing.T) {
 		{
 			name: "header with source arn",
 			args: map[string]string{
-				headerSourceArn: "arn:aws:eks:us-east-1:123456789012:MyCluster/res1",
+				headerSourceAccount: "123456789012",
+				headerSourceArn:     "arn:aws:eks:us-east-1:123456789012:MyCluster/res1",
 			},
 			want: map[string]string{
-				headerSourceArn: "arn:aws:eks:us-east-1:123456789012:MyCluster/res1",
+				headerSourceAccount: "123456789012",
+				headerSourceArn:     "arn:aws:eks:us-east-1:123456789012:MyCluster/res1",
 			},
 			wantErr: false,
 		},
 		{
 			name: "header without source arn",
 			args: map[string]string{
-				headerSourceArn: "",
+				headerSourceAccount: "123456789012",
+				headerSourceArn:     "",
 			},
 			want: map[string]string{
-				headerSourceArn: "",
+				headerSourceAccount: "",
+				headerSourceArn:     "",
 			},
 			wantErr: false,
 		},

pkg/server/server.go

@@ -223,13 +223,15 @@ func (c *Server) getHandler(ctx context.Context, backendMapper BackendMapper, ec
 		backendModeConfigInitDone: false,
 	}
 
-	h.HandleFunc("/authenticate", h.authenticateEndpoint)
+	h.HandleFunc("/authenticate", func(w http.ResponseWriter, r *http.Request) {
+		h.authenticateEndpoint(ctx, w, r)
+	})
 	h.Handle("/metrics", promhttp.Handler())
 	h.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
 		fmt.Fprintf(w, "ok")
 	})
 	logrus.Infof("Starting the h.ec2Provider.startEc2DescribeBatchProcessing ")
-	go h.ec2Provider.StartEc2DescribeBatchProcessing()
+	go h.ec2Provider.StartEc2DescribeBatchProcessing(ctx)
 	if strings.TrimSpace(c.DynamicBackendModePath) != "" {
 		fileutil.StartLoadDynamicFile(c.DynamicBackendModePath, h, stopCh)
 	}
@@ -303,7 +305,7 @@ func (h *handler) isLoggableIdentity(identity *token.Identity) bool {
 	return true
 }
 
-func (h *handler) authenticateEndpoint(w http.ResponseWriter, req *http.Request) {
+func (h *handler) authenticateEndpoint(ctx context.Context, w http.ResponseWriter, req *http.Request) {
 	start := time.Now()
 	log := logrus.WithFields(logrus.Fields{
 		"path":   req.URL.Path,
@@ -372,7 +374,7 @@ func (h *handler) authenticateEndpoint(w http.ResponseWriter, req *http.Request)
 		log = log.WithField("arn", identity.CanonicalARN)
 	}
 
-	username, groups, err := h.doMapping(identity)
+	username, groups, err := h.doMapping(ctx, identity)
 	if err != nil {
 		metrics.Get().Latency.WithLabelValues(metrics.Unknown).Observe(duration(start))
 		log.WithError(err).Warn("access denied")
@@ -429,14 +431,14 @@ func ReservedPrefixExists(username string, reservedList []string) bool {
 	return false
 }
 
-func (h *handler) doMapping(identity *token.Identity) (string, []string, error) {
+func (h *handler) doMapping(ctx context.Context, identity *token.Identity) (string, []string, error) {
 	var errs []error
 
 	for _, m := range h.backendMapper.mappers {
 		mapping, err := m.Map(identity)
 		if err == nil {
 			// Mapping found, try to render any templates like {{EC2PrivateDNSName}}
-			username, groups, err := h.renderTemplates(*mapping, identity)
+			username, groups, err := h.renderTemplates(ctx, *mapping, identity)
 			if err != nil {
 				return "", nil, fmt.Errorf("mapper %s renderTemplates error: %v", m.Name(), err)
 			}
@@ -461,19 +463,19 @@ func (h *handler) doMapping(identity *token.Identity) (string, []string, error)
 	return "", nil, errutil.ErrNotMapped
 }
 
-func (h *handler) renderTemplates(mapping config.IdentityMapping, identity *token.Identity) (string, []string, error) {
+func (h *handler) renderTemplates(ctx context.Context, mapping config.IdentityMapping, identity *token.Identity) (string, []string, error) {
 	var username string
 	groups := []string{}
 	var err error
 
 	userPattern := mapping.Username
-	username, err = h.renderTemplate(userPattern, identity)
+	username, err = h.renderTemplate(ctx, userPattern, identity)
 	if err != nil {
 		return "", nil, fmt.Errorf("error rendering username template %q: %s", userPattern, err.Error())
 	}
 
 	for _, groupPattern := range mapping.Groups {
-		group, err := h.renderTemplate(groupPattern, identity)
+		group, err := h.renderTemplate(ctx, groupPattern, identity)
 		if err != nil {
 			return "", nil, fmt.Errorf("error rendering group template %q: %s", groupPattern, err.Error())
 		}
@@ -483,13 +485,13 @@ func (h *handler) renderTemplates(mapping config.IdentityMapping, identity *toke
 	return username, groups, nil
 }
 
-func (h *handler) renderTemplate(template string, identity *token.Identity) (string, error) {
+func (h *handler) renderTemplate(ctx context.Context, template string, identity *token.Identity) (string, error) {
 	// Private DNS requires EC2 API call
 	if strings.Contains(template, "{{EC2PrivateDNSName}}") {
 		if !instanceIDPattern.MatchString(identity.SessionName) {
 			return "", fmt.Errorf("SessionName did not contain an instance id")
 		}
-		privateDNSName, err := h.ec2Provider.GetPrivateDNSName(context.Background(), identity.SessionName)
+		privateDNSName, err := h.ec2Provider.GetPrivateDNSName(ctx, identity.SessionName)
 		if err != nil {
 			return "", err
 		}