Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

fix: enable sharedConfigState in AWS auth provider (#2777)

The value `session.SharedConfigDisable` prevented the AWS SDK to use the
default provider chain. By removing this value from the getAWSSession
function the default SDK provider chain is used. This enables the SDK to
use the shared config file:
https://github.com/aws/aws-sdk-go/blob/main/aws/session/env_config.go#L84
as well as the shared credentials file:
https://github.com/aws/aws-sdk-go/blob/main/aws/session/env_config.go#L76

This fixes the code to be correct with the documentation of
NewGeneratorSession which notes that it uses the authentication order:

1. service-account token.
2. static credentials.
3. sdk default provider.

See also the AWS documentation:
https://github.com/aws/aws-sdk-go/blob/main/aws/session/session.go#L158

Signed-off-by: Kevin van den Broek <info@kevinvandenbroek.nl>
Kevin van den Broek 2 years ago
parent
f5a4107b3f
commit
f0ae0e81ee
1 changed files with 2 additions and 3 deletions
Split View Show Diff Stats
  1. 2 3
      pkg/provider/aws/auth/auth.go

+ 2 - 3
pkg/provider/aws/auth/auth.go
View File 

@@ -373,9 +373,8 @@ func getAWSSession(config *aws.Config, enableCache bool, name, kind, namespace,
 
 	handlers := defaults.Handlers()
 
 	handlers.Build.PushBack(request.WithAppendUserAgent("external-secrets"))
 
 	sess, err := session.NewSessionWithOptions(session.Options{
 
-		Config:            *config,
 
-		Handlers:          handlers,
 
-		SharedConfigState: session.SharedConfigDisable,
 
+		Config:   *config,
 
+		Handlers: handlers,
 
 	})
 
 	if err != nil {
 
 		return nil, err