diff --git a/go.mod b/go.mod index 9714d7482ed..fa5f7dcf1ef 100644 --- a/go.mod +++ b/go.mod @@ -65,7 +65,7 @@ require ( github.com/openshift-metal3/terraform-provider-ironic v0.1.9 github.com/openshift/api v3.9.1-0.20191111211345-a27ff30ebf09+incompatible github.com/openshift/client-go v0.0.0-20200116152001-92a2713fa240 - github.com/openshift/cloud-credential-operator v0.0.0-20200206164830-e1ee12c64bec + github.com/openshift/cloud-credential-operator v0.0.0-20200316201045-d10080b52c9e github.com/openshift/cluster-api v0.0.0-20191129101638-b09907ac6668 github.com/openshift/cluster-api-provider-gcp v0.0.1-0.20200120152131-1b09fd9e7156 github.com/openshift/cluster-api-provider-libvirt v0.2.1-0.20191219173431-2336783d4603 diff --git a/go.sum b/go.sum index b72961e679a..55bee6a4883 100644 --- a/go.sum +++ b/go.sum @@ -1758,8 +1758,8 @@ github.com/openshift/client-go v0.0.0-20191001081553-3b0e988f8cb0 h1:U0rtkdPj1lT github.com/openshift/client-go v0.0.0-20191001081553-3b0e988f8cb0/go.mod h1:6rzn+JTr7+WYS2E1TExP4gByoABxMznR6y2SnUIkmxk= github.com/openshift/client-go v0.0.0-20200116152001-92a2713fa240 h1:XYfJWv2Ch+qInGLDEedHRtDsJwnxyU1L8U7SY56NcA8= github.com/openshift/client-go v0.0.0-20200116152001-92a2713fa240/go.mod h1:4riOwdj99Hd/q+iAcJZfNCsQQQMwURnZV6RL4WHYS5w= -github.com/openshift/cloud-credential-operator v0.0.0-20200206164830-e1ee12c64bec h1:vG6PH8t/ZTNZmcBo+/M9ug1Ztt34pUHuaZn2wUsIQIs= -github.com/openshift/cloud-credential-operator v0.0.0-20200206164830-e1ee12c64bec/go.mod h1:iPn+uhIe7nkP5BMHe2QnbLtg5m/AIQ1xvz9s3cig5ss= +github.com/openshift/cloud-credential-operator v0.0.0-20200316201045-d10080b52c9e h1:2gyl9UVyjHSWzdS56KUXxQwIhENbq2x2olqoMQSA/C8= +github.com/openshift/cloud-credential-operator v0.0.0-20200316201045-d10080b52c9e/go.mod h1:iPn+uhIe7nkP5BMHe2QnbLtg5m/AIQ1xvz9s3cig5ss= github.com/openshift/cluster-api v0.0.0-20190805113604-f8de78af80fc/go.mod h1:mNsD1dsD4T57kV4/C6zTHke/Ro166xgnyyRZqkamiEU= github.com/openshift/cluster-api v0.0.0-20190923092624-4024de4fa64d/go.mod h1:mNsD1dsD4T57kV4/C6zTHke/Ro166xgnyyRZqkamiEU= github.com/openshift/cluster-api v0.0.0-20191030113141-9a3a7bbe9258/go.mod h1:T18COkr6nLh9RyZKPMP7YjnwBME7RX8P2ar1SQbBltM= diff --git a/pkg/asset/installconfig/aws/permissions.go b/pkg/asset/installconfig/aws/permissions.go index 2de2e1ca5ea..851d7455b12 100644 --- a/pkg/asset/installconfig/aws/permissions.go +++ b/pkg/asset/installconfig/aws/permissions.go @@ -2,14 +2,12 @@ package aws import ( - "fmt" - "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/iam" "github.com/pkg/errors" "github.com/sirupsen/logrus" ccaws "github.com/openshift/cloud-credential-operator/pkg/aws" - "github.com/openshift/installer/pkg/version" ) // PermissionGroup is the group of permissions needed by cluster creation, operation, or teardown. @@ -231,14 +229,9 @@ func ValidateCreds(ssn *session.Session, groups []PermissionGroup, region string requiredPermissions = append(requiredPermissions, groupPerms...) } - creds, err := ssn.Config.Credentials.Get() - if err != nil { - return errors.Wrap(err, "getting creds from session") - } - - client, err := ccaws.NewClient([]byte(creds.AccessKeyID), []byte(creds.SecretAccessKey), fmt.Sprintf("OpenShift/4.x Installer/%s", version.Raw)) + client, err := ccaws.NewClientFromIAMClient(iam.New(ssn)) if err != nil { - return errors.Wrap(err, "initialize cloud-credentials client") + return errors.Wrap(err, "failed to create client for permission check") } sParams := &ccaws.SimulateParams{ diff --git a/vendor/github.com/openshift/cloud-credential-operator/pkg/aws/client.go b/vendor/github.com/openshift/cloud-credential-operator/pkg/aws/client.go index 39a74105ba2..0f70c1006c8 100644 --- a/vendor/github.com/openshift/cloud-credential-operator/pkg/aws/client.go +++ b/vendor/github.com/openshift/cloud-credential-operator/pkg/aws/client.go @@ -102,9 +102,13 @@ func (c *awsClient) TagUser(input *iam.TagUserInput) (*iam.TagUserOutput, error) } // NewClient creates our client wrapper object for the actual AWS clients we use. -func NewClient(accessKeyID, secretAccessKey []byte, infraName string) (Client, error) { +func NewClient(accessKeyID, secretAccessKey []byte, region, infraName string) (Client, error) { awsConfig := &awssdk.Config{} + if region != "" { + awsConfig.Region = ®ion + } + awsConfig.Credentials = credentials.NewStaticCredentials( string(accessKeyID), string(secretAccessKey), "") @@ -117,7 +121,12 @@ func NewClient(accessKeyID, secretAccessKey []byte, infraName string) (Client, e Fn: request.MakeAddToUserAgentHandler("openshift.io cloud-credential-operator", version.Version, infraName), }) + return NewClientFromIAMClient(iam.New(s)) +} + +// NewClientFromIAMClient create a client from AWS IAM client. +func NewClientFromIAMClient(client iamiface.IAMAPI) (Client, error) { return &awsClient{ - iamClient: iam.New(s), + iamClient: client, }, nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index ef04e32f7bd..3c0bdad45ab 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1002,7 +1002,7 @@ github.com/openshift/client-go/config/clientset/versioned/typed/config/v1 github.com/openshift/client-go/route/clientset/versioned github.com/openshift/client-go/route/clientset/versioned/scheme github.com/openshift/client-go/route/clientset/versioned/typed/route/v1 -# github.com/openshift/cloud-credential-operator v0.0.0-20200206164830-e1ee12c64bec +# github.com/openshift/cloud-credential-operator v0.0.0-20200316201045-d10080b52c9e github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1 github.com/openshift/cloud-credential-operator/pkg/aws github.com/openshift/cloud-credential-operator/version