Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(credential-provider-ini): fix recursive assume role and optional role_arn in credential_source #6472

Merged
merged 3 commits into from
Sep 13, 2024
Merged

fix(credential-provider-ini): fix recursive assume role and optional role_arn in credential_source #6472

merged 3 commits into from
Sep 13, 2024

Conversation

kuhe
Copy link
Contributor

@kuhe kuhe commented Sep 13, 2024
edited
Loading

Issue

#6225

Description

This fixes chained assume role with ini role_arns and correctly enables optionality of the role_arn in the credential_source terminal profile section.

scenario 1: no role_arn in credential_source

[profile default]
source_profile=A
role_arn=1

[profile A]
source_profile=B
role_arn=2

[profile B]
credential_source=EcsContainer

The SDK will:

  • enter default profile
  • navigate to source profile A
  • navigate to source profile B
  • obtain source credentials from EcsContainer
  • complete profile B
  • complete profile A assume role with role_arn=2
  • complete profile default assume role with role_arn=1

scenario 2: role_arn in credential_source

[profile default]
source_profile=A
role_arn=1

[profile A]
source_profile=B
role_arn=2

[profile B]
credential_source=EcsContainer
role_arn=3

The SDK will:

  • enter default profile
  • navigate to source profile A
  • navigate to source profile B
  • obtain source credentials from EcsContainer
  • complete profile B assume role with role_arn=3
  • complete profile A assume role with role_arn=2
  • complete profile default assume role with role_arn=1

Testing

Added integration tests

@kuhe kuhe requested a review from a team as a code owner September 13, 2024 16:18
@kuhe kuhe merged commit c095306 into aws:main Sep 13, 2024
4 checks passed
@kuhe kuhe deleted the fix/assume_role branch September 13, 2024 17:06
RanVaknin pushed a commit to RanVaknin/aws-sdk-js-v3 that referenced this pull request Sep 21, 2024
@kuhe
fix(credential-provider-ini): fix recursive assume role and optional …
82f429d 
…role_arn in credential_source (aws#6472)

* fix(credential-provider-ini): fix recursive assume role and optional role_arn in credential_source

* test(credential-provider-ini): fix mock call verification

* test(credential-provider-node): add test case with chained web id token file
@github-actions GitHub Actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@trivikr trivikr trivikr approved these changes

@siddsriv siddsriv siddsriv approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kuhe @trivikr @siddsriv