e2e: Correctly handle IMDSv2 when discovering UI proxy address. (#26674)

The call to IMDSv1 has been failing since we switched to v2 which
meant the UI e2e script attempted to use the service IP address
for its tests. The service IP address is the Nomad client's
private address which is not routable from the e2e test runner
which means the test fails.

This change updates the IP discovery to use IMDSv2 which means the
address is correctly populated and routable. The change also makes
this discovery method by a job action within the proxy job. This
exercises that feature and utilizes it in a way for which it was
designed.

e2e/ui/input/proxy.nomad

@@ -74,6 +74,24 @@ job "nomad-proxy" {
         memory = 128
       }
 
+      action "get_proxy_public_address" {
+        command = "/bin/bash"
+        args    = ["-c", "local/get_proxy_public_ip.sh"]
+      }
+
+      template {
+        destination = "local/get_proxy_public_ip.sh"
+        perms       = "0755"
+        data        = <<EOT
+#!/usr/bin/env bash
+
+TOKEN=$(curl -s -X PUT "http://169.254.169.254/latest/api/token" \
+  -H "X-aws-ec2-metadata-token-ttl-seconds: 60")
+
+curl -s -H "X-aws-ec2-metadata-token: $TOKEN" "http://169.254.169.254/latest/meta-data/public-ipv4"
+EOT
+      }
+
       # this template is mostly lifted from the Learn Guide:
       # https://learn.hashicorp.com/tutorials/nomad/reverse-proxy-ui
       template {

e2e/ui/run.sh

@@ -78,9 +78,7 @@ run_proxy() {
 }
 
 _get_aws_ip(){
-  aws_metadata_url="http://169.254.169.254/latest/meta-data"
-  nomad exec -namespace=proxy -job nomad-proxy \
-    curl -s "$aws_metadata_url/public-ipv4"
+  nomad action -namespace=proxy -job=nomad-proxy -group=proxy -task=nginx get_proxy_public_address
 }
 
 _get_svc_ip() {