test: Check AWS CLI's credential provider work with MMDS

The test ensures workloads that work with EC2 IMDS also work with
Firecracker MMDS out of the box.

Signed-off-by: Takahiro Itazuri <[email protected]>

Author: zulinx86

resources/rebuild.sh

@@ -65,6 +65,14 @@ for d in $dirs; do tar c "/$d" | tar x -C $rootfs; done
 mkdir -pv $rootfs/{dev,proc,sys,run,tmp,var/lib/systemd}
 # So apt works
 mkdir -pv $rootfs/var/lib/dpkg/
+
+# Install AWS CLI v2
+apt update
+apt install -y unzip
+curl "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m).zip" -o "awscliv2.zip"
+unzip awscliv2.zip
+./aws/install
+rm -rf awscliv2.zip aws/
 EOF
 
     # TBD what abt /etc/hosts?

tests/integration_tests/functional/test_mmds.py

@@ -6,6 +6,8 @@
 import random
 import string
 import time
+import json
+from datetime import datetime, timedelta, timezone
 
 import pytest
 
@@ -748,3 +750,53 @@ def test_deprecated_mmds_config(uvm_plain):
         )
         == 2
     )
+
+
+def test_aws_credential_provider(uvm_plain):
+    """
+    Test AWS CLI credential provider
+    """
+    test_microvm = uvm_plain
+    test_microvm.spawn()
+    test_microvm.basic_config()
+    test_microvm.add_net_iface()
+    # V2 requires session tokens for GET requests
+    configure_mmds(test_microvm, iface_ids=["eth0"], version="V2")
+    now = datetime.now(timezone.utc)
+    credentials = {
+        "Code": "Success",
+        "LastUpdated": now.strftime("%Y-%m-%dT%H:%M:%SZ"),
+        "Type": "AWS-HMAC",
+        "AccessKeyId": "ACCESS_KEY_ID",
+        "SecretAccessKey": "SECRET_ACCESS_KEY",
+        "Token": "TOKEN",
+        "Expiration": (now + timedelta(seconds=60)).strftime("%Y-%m-%dT%H:%M:%SZ")
+    }
+    data_store = {
+        "latest": {
+            "meta-data": {
+                "iam": {
+                    "security-credentials": {
+                        "role": json.dumps(credentials, indent=2)
+                    }
+                },
+                "placement": {
+                    "availability-zone": "us-east-1a"
+                }
+            }
+        }
+    }
+    populate_data_store(test_microvm, data_store)
+    test_microvm.start()
+
+    _, stdout, stderr = test_microvm.ssh.check_output("aws configure list --debug")
+    assert stdout == (
+"""
+      Name                    Value             Type    Location
+      ----                    -----             ----    --------
+   profile                <not set>             None    None
+access_key     ****************Y_ID         iam-role
+secret_key     ****************_KEY         iam-role
+    region                us-east-1             imds
+""".strip()
+    ), stderr