From 686a097a34d9b2faef9177722209c2b015d1e00a Mon Sep 17 00:00:00 2001
From: Masato Niwa <masato-niwa@kufu.co.jp>
Date: Wed, 24 Jul 2024 15:58:02 +0900
Subject: [PATCH] use IMDSv2 to retrieve ec2 metadata

---
 lib/specinfra/ec2_metadata.rb | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/lib/specinfra/ec2_metadata.rb b/lib/specinfra/ec2_metadata.rb
index 0bf170048..95cfcc9b2 100644
--- a/lib/specinfra/ec2_metadata.rb
+++ b/lib/specinfra/ec2_metadata.rb
@@ -5,10 +5,13 @@ def initialize(host_inventory)
       @host_inventory = host_inventory
 
       @base_uri = 'http://169.254.169.254/latest/meta-data/'
+      @token_uri = 'http://169.254.169.254/latest/api/token'
+      @token = ''
       @metadata = {}
     end
 
     def get
+      @token = get_token
       @metadata = get_metadata
       self
     end
@@ -64,7 +67,7 @@ def inspect
     def get_metadata(path='')
       metadata = {}
 
-      keys = @host_inventory.backend.run_command("curl -s #{@base_uri}#{path}").stdout.split("\n")
+      keys = @host_inventory.backend.run_command("curl -H \"X-aws-ec2-metadata-token: #{@token}\" -s #{@base_uri}#{path}").stdout.split("\n")
 
       keys.each do |key|
         if key =~ %r{/$}
@@ -84,7 +87,16 @@ def get_metadata(path='')
     end
 
     def get_endpoint(path)
-      ret = @host_inventory.backend.run_command("curl -s #{@base_uri}#{path}")
+      ret = @host_inventory.backend.run_command("curl -H \"X-aws-ec2-metadata-token: #{@token}\" -s #{@base_uri}#{path}")
+      if ret.success?
+        ret.stdout
+      else
+        nil
+      end
+    end
+
+    def get_token
+      ret = @host_inventory.backend.run_command("curl -X PUT -H \"X-aws-ec2-metadata-token-ttl-seconds: 21600\" -s #{@token_uri}")
       if ret.success?
         ret.stdout
       else