Skip to content

Support dualstack (.on.aws) repository endpoint hostnames#36

Open
zeevox wants to merge 1 commit into
jmkeyes:mainfrom
truvo:dualstack-endpoints
Open

Support dualstack (.on.aws) repository endpoint hostnames#36
zeevox wants to merge 1 commit into
jmkeyes:mainfrom
truvo:dualstack-endpoints

Conversation

@zeevox

@zeevox zeevox commented Jun 12, 2026

Copy link
Copy Markdown

AWS CodeArtifact dualstack endpoints use the form <domain>-<account>.codeartifact.<region>.on.aws — no .d. segment, and they carry AAAA records (resolvable today, verified against a live domain). The backend currently returns early for any hostname not ending in .amazonaws.com, so consumers using dualstack index URLs (IPv6-forward setups, NAT-cost-sensitive VPCs) silently get no credentials and fall through to 401s.

This PR:

  • replaces HOST_REGEX with HOST_REGEXES, tried in order — classic form unchanged, dualstack form added with identical capture groups (domain, account, region);
  • widens the fast-path suffix check to (".amazonaws.com", ".on.aws");
  • parametrizes test_get_credential_supported_host over both hostname forms and adds dualstack negative cases (maven path, unknown .on.aws host).

pytest: 32 passed.

AWS CodeArtifact dualstack endpoints use the form
<domain>-<account>.codeartifact.<region>.on.aws (note: no '.d.'
segment, and AAAA records). The backend currently bails on any
hostname outside *.amazonaws.com, so IPv6-forward consumers using
dualstack index URLs silently get no credentials.

Accept both hostname forms: try each pattern in HOST_REGEXES and
widen the fast-path suffix check. Positive-path test parametrized
over both forms; negative cases added for dualstack maven paths
and unknown .on.aws hosts.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant