Description
Describe the bug
When trying to determine partition, taskcat times out when trying the sts endpoint in the China partition : sts.cn-north-1.amazonaws.com.cn. I am running taskcat in a highly restricted environment, and calls to endpoints outside the US are blocked.
My aws profile and the .taskcat.yml specify only the us-gov-west-1 region. I would expect that Taskcat would not make calls to partitions whose regions are not specified in my aws profile or the .taskcat.yml file
taskcat is executed using this command: taskcat --profile pipeline test run
My aws config looks like this:
[profile pipeline]
region = us-gov-west-1
See additional context below for more information.
To Reproduce
Steps to reproduce the behavior:
- Are you testing a QuickStart or Custom template? Custom template
- Attach or link a copy of the template if possible (remove any sensitive info)
project:
name: demo
package_lambda: false
template: ./some-template.yml
regions:
- us-gov-west-1
auth:
default: pipeline
tests:
default:
s3_regional_buckets: true
parameters:
pDesiredCount: 1
pEcrName: "TEST-redacted"
pEcsClusterName: "TEST-redacted"
pSecurityGroupIds: $[taskcat_secretsmanager_redacted/redacted/securitygroupid]
pVpcId: $[taskcat_secretsmanager_redacted/redacted/vpcid]
pSubnetId: $[taskcat_secretsmanager_redacted/redacted/subnetid]
3. Provide the parameters that you passed. (remove any sensitive info)
4. How did you install taskcat? (docker or pip3). pip3
5. Are you using a profile, an instance role or access keys to run taskcat? profile
6. Is your AWS environment configured via aws configure? yes
Expected behavior
Taskcat determines the partition to be aws-us-gov without making calls to the Canada partition.
Screenshots
If applicable, add screenshots to help explain your problem.
**Version (Please make sure you are running the latest version of taskcat)
0.9.54
Python: 3.12.3
Additional context
When inspecting the code that determines the partition (specifically _get_partition in _client_factory.py), it looks like the code tries the commercial partition (aws) first, then it tries China (aws-cn), finally it tries GovCloud (aws-us-gov). What is happening in my environment is when the code tries to make calls to the China partition, taskcat times out trying to communicate with the "cn-north-1" sts endpoint because any call outside the US is blocked in my environment (i.e., https://sts.cn-north-1.amazonaws.com.cn/ is blocked and taskcat times out waiting for a response).
I fully own that this is due to the environment I'm running taskcat in, however, I imagine this could be an issue for other folks running taskcat in the govcloud partition that are subject to similar network restrictions.