From f199b080680509594b2a7b0a39f92656f62b1129 Mon Sep 17 00:00:00 2001
From: Leonard Cohnen <lc@edgeless.systems>
Date: Wed, 2 Nov 2022 15:19:13 +0100
Subject: [PATCH] attestation: make AWS TPM check use the correct region

---
 internal/attestation/aws/validator.go      | 10 +++++-----
 internal/attestation/aws/validator_test.go |  6 +++---
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/internal/attestation/aws/validator.go b/internal/attestation/aws/validator.go
index 4e02e4fbd..d94aa28af 100644
--- a/internal/attestation/aws/validator.go
+++ b/internal/attestation/aws/validator.go
@@ -24,7 +24,7 @@ import (
 type Validator struct {
 	oid.AWS
 	*vtpm.Validator
-	getDescribeClient func(context.Context) (awsMetadataAPI, error)
+	getDescribeClient func(context.Context, string) (awsMetadataAPI, error)
 }
 
 // NewValidator create a new Validator structure and returns it.
@@ -62,14 +62,14 @@ func (v *Validator) tpmEnabled(attestation vtpm.AttestationDocument) error {
 	ctx := context.Background()
 
 	idDocument := imds.InstanceIdentityDocument{}
-	err := json.Unmarshal(attestation.UserData, &idDocument)
+	err := json.Unmarshal(attestation.InstanceInfo, &idDocument)
 	if err != nil {
 		return err
 	}
 
 	imageID := idDocument.ImageID
 
-	client, err := v.getDescribeClient(ctx)
+	client, err := v.getDescribeClient(ctx, idDocument.Region)
 	if err != nil {
 		return err
 	}
@@ -87,8 +87,8 @@ func (v *Validator) tpmEnabled(attestation vtpm.AttestationDocument) error {
 	return fmt.Errorf("iam image %s does not support TPM v2.0", imageID)
 }
 
-func getEC2Client(ctx context.Context) (awsMetadataAPI, error) {
-	client, err := config.LoadDefaultConfig(ctx, config.WithEC2IMDSRegion())
+func getEC2Client(ctx context.Context, region string) (awsMetadataAPI, error) {
+	client, err := config.LoadDefaultConfig(ctx, config.WithRegion(region))
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/attestation/aws/validator_test.go b/internal/attestation/aws/validator_test.go
index 8cfc0e6e9..e8f32c003 100644
--- a/internal/attestation/aws/validator_test.go
+++ b/internal/attestation/aws/validator_test.go
@@ -59,7 +59,7 @@ func TestTpmEnabled(t *testing.T) {
 	}
 	userDataNoTPM, _ := json.Marshal(idDocNoTPM)
 	attDocNoTPM := vtpm.AttestationDocument{
-		UserData: userDataNoTPM,
+		InstanceInfo: userDataNoTPM,
 	}
 
 	idDocTPM := imds.InstanceIdentityDocument{
@@ -67,7 +67,7 @@ func TestTpmEnabled(t *testing.T) {
 	}
 	userDataTPM, _ := json.Marshal(idDocTPM)
 	attDocTPM := vtpm.AttestationDocument{
-		UserData: userDataTPM,
+		InstanceInfo: userDataTPM,
 	}
 
 	testCases := map[string]struct {
@@ -103,7 +103,7 @@ func TestTpmEnabled(t *testing.T) {
 			assert := assert.New(t)
 
 			v := Validator{
-				getDescribeClient: func(context.Context) (awsMetadataAPI, error) {
+				getDescribeClient: func(context.Context, string) (awsMetadataAPI, error) {
 					return tc.awsAPI, nil
 				},
 			}