You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ran into some difficulty using the aws_iam auth method here in the vault-ruby library. While my specific issue has a technical resolution, I also often wonder why things went wrong.
Perhaps it's a matter of semantics, but in this particular case I think the auth.aws_iam method signature is unnecessarily confusing and goes to usability. After all, the signatures are meant to be read by humans.
credentials_provider - obviously AWS since there's no corresponding concept in vault
iam_auth_header_value - again, clearly an argument passed to AWS
sts_endpoint - also AWS
route - a vault parameter
There are a couple of things here about the route argument:
First is that it appears last and after 3 AWS arguments. Basically, the two vault arguments are bookending the AWS argument list. It might be more clear if the vault arguments were together, followed by the AWS arguments.
Second, route is a very REST-specific term? I might have missed it, but I can't ever recall coming across the term in the vault documentation. Typically the vault docs use path to refer to that component of the URL.
FWIW, my brain - perhaps lazy as it is - sees the first two arguments and knows they need to be filled in, then sees iam_auth_header_value and basically stops reading. If it sees route at the end at all, it doesn't recognize it as vault terminology and so ignores it as well.
The text was updated successfully, but these errors were encountered:
Ran into some difficulty using the aws_iam auth method here in the vault-ruby library. While my specific issue has a technical resolution, I also often wonder why things went wrong.
Perhaps it's a matter of semantics, but in this particular case I think the
auth.aws_iammethod signature is unnecessarily confusing and goes to usability. After all, the signatures are meant to be read by humans.def aws_iam(role, credentials_provider, iam_auth_header_value = nil, sts_endpoint = 'https://sts.amazonaws.com', route = nil)There are a couple of things here about the
routeargument:First is that it appears last and after 3 AWS arguments. Basically, the two vault arguments are bookending the AWS argument list. It might be more clear if the vault arguments were together, followed by the AWS arguments.
Second,
routeis a very REST-specific term? I might have missed it, but I can't ever recall coming across the term in the vault documentation. Typically the vault docs usepathto refer to that component of the URL.FWIW, my brain - perhaps lazy as it is - sees the first two arguments and knows they need to be filled in, then sees
iam_auth_header_valueand basically stops reading. If it seesrouteat the end at all, it doesn't recognize it as vault terminology and so ignores it as well.The text was updated successfully, but these errors were encountered: