-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provider with AssumeRoleArn uses default profile when profile is not specified #86
Labels
bug
Something isn't working
Comments
massimob76
pushed a commit
to massimob76/terraform-provider-opensearch
that referenced
this issue
Sep 25, 2023
… if the profile is not given, but allow aws-sdk-go to find the credentials using the default credential provider chain (opensearch-project#86)
massimob76
pushed a commit
to massimob76/terraform-provider-opensearch
that referenced
this issue
Sep 25, 2023
… if the profile is not given, but allow aws-sdk-go to find the credentials using the default credential provider chain (opensearch-project#86) Signed-off-by: Massimo Battestini <[email protected]>
massimob76
added a commit
to massimob76/terraform-provider-opensearch
that referenced
this issue
Sep 25, 2023
… if the profile is not given, but allow aws-sdk-go to find the credentials using the default credential provider chain (opensearch-project#86) Signed-off-by: Massimo Battestini <[email protected]>
guess this is the same as in #61 |
[Untriage] |
massimob76
added a commit
to massimob76/terraform-provider-opensearch
that referenced
this issue
Oct 26, 2023
Signed-off-by: Massimo Battestini <[email protected]>
massimob76
added a commit
to massimob76/terraform-provider-opensearch
that referenced
this issue
Oct 26, 2023
Signed-off-by: Massimo Battestini <[email protected]>
massimob76
added a commit
to massimob76/terraform-provider-opensearch
that referenced
this issue
Oct 26, 2023
Signed-off-by: Massimo Battestini <[email protected]>
prudhvigodithi
pushed a commit
that referenced
this issue
Nov 1, 2023
#87) * When the provider assumes a given role, don't use the default profile if the profile is not given, but allow aws-sdk-go to find the credentials using the default credential provider chain (#86) Signed-off-by: Massimo Battestini <[email protected]> * Adds unit tests for AWS profile change (#86) Signed-off-by: Massimo Battestini <[email protected]> --------- Signed-off-by: Massimo Battestini <[email protected]>
afrodidact
pushed a commit
to afrodidact/terraform-provider-opensearch
that referenced
this issue
Nov 7, 2023
opensearch-project#87) * When the provider assumes a given role, don't use the default profile if the profile is not given, but allow aws-sdk-go to find the credentials using the default credential provider chain (opensearch-project#86) Signed-off-by: Massimo Battestini <[email protected]> * Adds unit tests for AWS profile change (opensearch-project#86) Signed-off-by: Massimo Battestini <[email protected]> --------- Signed-off-by: Massimo Battestini <[email protected]> Signed-off-by: Aaron Miller <[email protected]>
afrodidact
pushed a commit
to afrodidact/terraform-provider-opensearch
that referenced
this issue
Nov 7, 2023
opensearch-project#87) * When the provider assumes a given role, don't use the default profile if the profile is not given, but allow aws-sdk-go to find the credentials using the default credential provider chain (opensearch-project#86) Signed-off-by: Massimo Battestini <[email protected]> * Adds unit tests for AWS profile change (opensearch-project#86) Signed-off-by: Massimo Battestini <[email protected]> --------- Signed-off-by: Massimo Battestini <[email protected]>
afrodidact
pushed a commit
to afrodidact/terraform-provider-opensearch
that referenced
this issue
Dec 11, 2023
Signed-off-by: Aaron Miller <[email protected]> Add anomaly detection (opensearch-project#105) * Add anomaly detection Signed-off-by: Rupa Lahiri <[email protected]> * Add test for update Signed-off-by: Rupa Lahiri <[email protected]> * Add audit config in anomaly detector test Signed-off-by: Rupa Lahiri <[email protected]> * Format terraform in test Signed-off-by: Rupa Lahiri <[email protected]> --------- Signed-off-by: Rupa Lahiri <[email protected]> Signed-off-by: Aaron Miller <[email protected]> When the provider assumes a given role, don't use the default profile… (opensearch-project#87) * When the provider assumes a given role, don't use the default profile if the profile is not given, but allow aws-sdk-go to find the credentials using the default credential provider chain (opensearch-project#86) Signed-off-by: Massimo Battestini <[email protected]> * Adds unit tests for AWS profile change (opensearch-project#86) Signed-off-by: Massimo Battestini <[email protected]> --------- Signed-off-by: Massimo Battestini <[email protected]> Signed-off-by: Aaron Miller <[email protected]> Add step to generate terraform provider documentation by running tfplugindocs (opensearch-project#120) Signed-off-by: Rupa Lahiri <[email protected]> Signed-off-by: Aaron Miller <[email protected]> Improve documentation for HTTP basic authentication (opensearch-project#114) * Update template Signed-off-by: Jason Parraga <[email protected]> * Generate docs using tfplugindocs Signed-off-by: Jason Parraga <[email protected]> --------- Signed-off-by: Jason Parraga <[email protected]> Signed-off-by: Aaron Miller <[email protected]> fix complaints in errcheck linter Signed-off-by: Aaron Miller <[email protected]> Add proxy support (opensearch-project#95) * Add proxy support Add a new optional parameter to the provider configuration to allow for setting a proxy. Using a proxy can be an easier method for connecting to clusters within a VPC. Signed-off-by: Tim Wisbauer <[email protected]> * Add proxy support docs Signed-off-by: Tim Wisbauer <[email protected]> --------- Signed-off-by: Tim Wisbauer <[email protected]> Add anomaly detection (opensearch-project#105) * Add anomaly detection Signed-off-by: Rupa Lahiri <[email protected]> * Add test for update Signed-off-by: Rupa Lahiri <[email protected]> * Add audit config in anomaly detector test Signed-off-by: Rupa Lahiri <[email protected]> * Format terraform in test Signed-off-by: Rupa Lahiri <[email protected]> --------- Signed-off-by: Rupa Lahiri <[email protected]> When the provider assumes a given role, don't use the default profile… (opensearch-project#87) * When the provider assumes a given role, don't use the default profile if the profile is not given, but allow aws-sdk-go to find the credentials using the default credential provider chain (opensearch-project#86) Signed-off-by: Massimo Battestini <[email protected]> * Adds unit tests for AWS profile change (opensearch-project#86) Signed-off-by: Massimo Battestini <[email protected]> --------- Signed-off-by: Massimo Battestini <[email protected]> Add step to generate terraform provider documentation by running tfplugindocs (opensearch-project#120) Signed-off-by: Rupa Lahiri <[email protected]> Improve documentation for HTTP basic authentication (opensearch-project#114) * Update template Signed-off-by: Jason Parraga <[email protected]> * Generate docs using tfplugindocs Signed-off-by: Jason Parraga <[email protected]> --------- Signed-off-by: Jason Parraga <[email protected]> Add proxy support (opensearch-project#95) * Add proxy support Add a new optional parameter to the provider configuration to allow for setting a proxy. Using a proxy can be an easier method for connecting to clusters within a VPC. Signed-off-by: Tim Wisbauer <[email protected]> * Add proxy support docs Signed-off-by: Tim Wisbauer <[email protected]> --------- Signed-off-by: Tim Wisbauer <[email protected]> Add anomaly detection (opensearch-project#105) * Add anomaly detection Signed-off-by: Rupa Lahiri <[email protected]> * Add test for update Signed-off-by: Rupa Lahiri <[email protected]> * Add audit config in anomaly detector test Signed-off-by: Rupa Lahiri <[email protected]> * Format terraform in test Signed-off-by: Rupa Lahiri <[email protected]> --------- Signed-off-by: Rupa Lahiri <[email protected]> Improve documentation for HTTP basic authentication (opensearch-project#114) * Update template Signed-off-by: Jason Parraga <[email protected]> * Generate docs using tfplugindocs Signed-off-by: Jason Parraga <[email protected]> --------- Signed-off-by: Jason Parraga <[email protected]> Add proxy support (opensearch-project#95) * Add proxy support Add a new optional parameter to the provider configuration to allow for setting a proxy. Using a proxy can be an easier method for connecting to clusters within a VPC. Signed-off-by: Tim Wisbauer <[email protected]> * Add proxy support docs Signed-off-by: Tim Wisbauer <[email protected]> --------- Signed-off-by: Tim Wisbauer <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the bug?
If aws_assume_role_arn is specified, but no profile is given,
the provider will assume that the 'default' profile will assume the given role arn.
This is not necessarily true, for instance if AWS credentials are specified via environment variables they should take the precedence and not force to use the 'default' profile.
How can one reproduce the bug?
So it should look like:
local user => opensearch-build => opensearch-role
but the local user should not be able to assume 'opensearch-role' directly
and make sure that the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN are set
6. TF_LOG=debug terraform apply:
you should get an error similar to this:
What is the expected behavior?
No errors, since opensearch-build is allowed to assume opensearch-role
What is your host/environment?
Macbook Pro - MacOS Ventura 13.2
Do you have any screenshots?
Do you have any additional context?
Add any other context about the problem.
The text was updated successfully, but these errors were encountered: