Skip to content

Commit

Permalink
Merge pull request #1057 from upbound/backport-1056-to-release-0.46
Browse files Browse the repository at this point in the history
[Backport release-0.46] Make `assume_role_with_web_identity` provider configuration value a list
  • Loading branch information
ulucinar authored Jan 3, 2024
2 parents e96b276 + 96dd7a8 commit 26a55e3
Showing 1 changed file with 10 additions and 4 deletions.
14 changes: 10 additions & 4 deletions internal/clients/aws.go
Original file line number Diff line number Diff line change
Expand Up @@ -130,23 +130,29 @@ func pushDownTerraformSetupBuilder(ctx context.Context, c client.Client, pc *v1b
if pc.Spec.Credentials.WebIdentity == nil {
return errors.New(`spec.credentials.webIdentity of ProviderConfig cannot be nil when the credential source is "WebIdentity"`)
}
ps.Configuration[keyAssumeRoleWithWebIdentity] = map[string]any{
webIdentityConfig := map[string]any{
keyRoleArn: aws.ToString(pc.Spec.Credentials.WebIdentity.RoleARN),
keyWebIdentityTokenFile: os.Getenv(envWebIdentityTokenFile),
}
if pc.Spec.Credentials.WebIdentity.RoleSessionName != "" {
ps.Configuration[keySessionName] = pc.Spec.Credentials.WebIdentity.RoleSessionName
webIdentityConfig[keySessionName] = pc.Spec.Credentials.WebIdentity.RoleSessionName
}
ps.Configuration[keyAssumeRoleWithWebIdentity] = []any{
webIdentityConfig,
}
case authKeyUpbound:
if pc.Spec.Credentials.Upbound == nil || pc.Spec.Credentials.Upbound.WebIdentity == nil {
return errors.New(`spec.credentials.upbound.webIdentity of ProviderConfig cannot be nil when the credential source is "Upbound"`)
}
ps.Configuration[keyAssumeRoleWithWebIdentity] = map[string]any{
webIdentityConfig := map[string]any{
keyRoleArn: aws.ToString(pc.Spec.Credentials.Upbound.WebIdentity.RoleARN),
keyWebIdentityTokenFile: upboundProviderIdentityTokenFile,
}
if pc.Spec.Credentials.Upbound.WebIdentity.RoleSessionName != "" {
ps.Configuration[keySessionName] = pc.Spec.Credentials.Upbound.WebIdentity.RoleSessionName
webIdentityConfig[keySessionName] = pc.Spec.Credentials.Upbound.WebIdentity.RoleSessionName
}
ps.Configuration[keyAssumeRoleWithWebIdentity] = []any{
webIdentityConfig,
}
case authKeySecret:
data, err := resource.CommonCredentialExtractor(ctx, s, c, pc.Spec.Credentials.CommonCredentialSelectors)
Expand Down

0 comments on commit 26a55e3

Please sign in to comment.