Skip to content

Commit

Permalink
fix(aws-sdk-v1): web identity with injected identity
Browse files Browse the repository at this point in the history
Signed-off-by: christophrj <[email protected]>
  • Loading branch information
christophrj committed Dec 3, 2024
1 parent bb398cd commit 36d0046
Showing 1 changed file with 16 additions and 2 deletions.
18 changes: 16 additions & 2 deletions pkg/utils/connect/aws/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ import (
stscredstypesv2 "github.com/aws/aws-sdk-go-v2/service/sts/types"
awsv1 "github.com/aws/aws-sdk-go/aws"
credentialsv1 "github.com/aws/aws-sdk-go/aws/credentials"
stscredsv1 "github.com/aws/aws-sdk-go/aws/credentials/stscreds"
defaultsv1 "github.com/aws/aws-sdk-go/aws/defaults"
endpointsv1 "github.com/aws/aws-sdk-go/aws/endpoints"
requestv1 "github.com/aws/aws-sdk-go/aws/request"
Expand Down Expand Up @@ -672,8 +673,21 @@ func GetDefaultConfigV1() (*awsv1.Config, error) {
muV1.Lock()
defer muV1.Unlock()
if defaultConfigV1 == nil {
// use the sdk's default config
defaultConfigV1 = defaultsv1.Get().Config
envCfg, err := config.NewEnvConfig()
if err != nil {
return nil, errors.Wrap(err, "failed to load default AWS env config")
}
if len(envCfg.WebIdentityTokenFilePath) > 0 {
cfg := awsv1.NewConfig()
sess, err := GetSessionV1(cfg)
if err != nil {
return nil, errors.Wrap(err, "failed to load default AWS config")
}
creds := stscredsv1.NewWebIdentityCredentials(sess, envCfg.RoleARN, envCfg.RoleSessionName, envCfg.WebIdentityTokenFilePath) //nolint:staticcheck
defaultConfigV1 = cfg.WithCredentials(creds)
} else {
defaultConfigV1 = defaultsv1.Get().Config
}
}
return defaultConfigV1.Copy(), nil
}
Expand Down

0 comments on commit 36d0046

Please sign in to comment.