Skip to content

[v17] Apply the _DISABLE_AWS_FIPS setting to iam and stscreds#52127

Merged
codingllama merged 10 commits intobranch/v17from
codingllama/backport/52065-v17
Feb 14, 2025
Merged

[v17] Apply the _DISABLE_AWS_FIPS setting to iam and stscreds#52127
codingllama merged 10 commits intobranch/v17from
codingllama/backport/52065-v17

Conversation

@codingllama
Copy link
Copy Markdown
Contributor

@codingllama codingllama commented Feb 13, 2025
edited
Loading

Backports #52065 and #52123 to branch/v17.

#52123 is needed so we can address all stscreds.NewCredentials calls without an import cycle.

This PR includes commits unique to branch/v17, as AWS SDK use differs from master.

Changelog: Applied TELEPORT_UNSTABLE_DISABLE_AWS_FIPS to iam and stscreds

@codingllama codingllama added the no-changelog Indicates that a PR does not require a changelog entry label Feb 13, 2025
@codingllama codingllama force-pushed the codingllama/backport/52065-v17 branch from 5b5eacd to efe4fa1 Compare February 13, 2025 17:06
@codingllama
Copy link
Copy Markdown
Contributor Author

codingllama commented Feb 13, 2025

Commit breakdown:

  • New files are cherry-picked without changes (90be958, 5352168)
  • "Use iamutils" deviates due to SDK use (f30c443)
  • "Use stsutils" is a clean cherry-pick (506c14a), but it misses an occurence fixed by a later commit
  • .golangci.yml had conflicts, but nothing complicated (4ce9f9a)
  • daf8868 is a cherry-pick from Move IsFIPSDisabledByEnv to lib/utils/aws/awsfips #52123
  • All commits after daf8868 / "Move IsFIPSDisabledByEnv" are new to this branch. They address missing stscreds.NewCredentials, iam.New calls (SDKv1, not present on master) and add more forbidigo rules.

@codingllama
Copy link
Copy Markdown
Contributor Author

codingllama commented Feb 13, 2025

I'll do branch/v16 and branch/v15 backports based on this one. I expect further conflicts, but hopefully nothing too different from what we've seen here. If there is anything noteworthy on other branches I'll call it out specifically.

@codingllama codingllama force-pushed the codingllama/backport/52065-v17 branch from efe4fa1 to 506b07d Compare February 13, 2025 17:20
@codingllama codingllama mentioned this pull request Feb 13, 2025
Merged
@codingllama codingllama removed the no-changelog Indicates that a PR does not require a changelog entry label Feb 13, 2025
@codingllama
Copy link
Copy Markdown
Contributor Author

codingllama commented Feb 14, 2025

Friendly ping @nklaassen ?

@codingllama codingllama added this pull request to the merge queue Feb 14, 2025
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Feb 14, 2025
@codingllama codingllama added this pull request to the merge queue Feb 14, 2025
Merged via the queue into branch/v17 with commit 1315482 Feb 14, 2025
@codingllama codingllama deleted the codingllama/backport/52065-v17 branch February 14, 2025 20:12
@doggydogworld doggydogworld mentioned this pull request Feb 19, 2025
Merged
@BrewTestBot BrewTestBot mentioned this pull request Feb 20, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nklaassen nklaassen nklaassen approved these changes

@GavinFrazar GavinFrazar GavinFrazar approved these changes

Assignees

No one assigned

Labels

application-access backport size/md

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@codingllama @nklaassen @GavinFrazar