Add support for credential_source = Ec2InstanceMetadata in config #2005
Conversation
aws/session/shared_config.go
Outdated
| @@ -131,6 +135,14 @@ func (cfg *sharedConfig) setAssumeRoleSource(origProfile string, files []sharedC | |||
| if cfg.AssumeRole.SourceProfile == origProfile { | |||
| assumeRoleSrc = *cfg | |||
| assumeRoleSrc.AssumeRole = assumeRoleConfig{} | |||
| } else if cfg.AssumeRole.CredentialSource == "Ec2InstanceMetadata" { | |||
There was a problem hiding this comment.
I think this would work equally well for EcsContainer, but I don't have a readily-available environment where I could test that.
There was a problem hiding this comment.
Thanks for taking the time to create this PR.
The usage of CredentialsSource probably should happen within the Session's initialization. This is currently where the other credential providers are setup. https://github.com/aws/aws-sdk-go/blob/master/aws/session/session.go#L438
This is also where the sharedConfig type is used to configure the session.
|
Thanks, I'll revisit this when I have a chance. |
jbergknoff-rival
force-pushed
the
jbergknoff/credential-source
branch
from
49d4c77 to
4d99a9b
Compare
|
@jasdel thanks again for the suggestions! I've refactored the PR to do the credential lookup in the session initialization (not sure how I missed this spot the first time!). This also exposes a cleaner interface for testing the interaction with the EC2 metadata service, so I've added what seem like the appropriate tests. Please take another look when you have a chance. |
|
@jasdel please have another look when you have time. |
|
@jasdel any updates on this? |
|
By the way, @jbergknoff-rival does this support |
|
@hoshsadiq no, it doesn't add support for |
jbergknoff-rival
changed the title
|
Hello @jbergknoff-rival, thank you for creating this. I've went ahead and used your PR to build upon the other missing values for |
|
@xibz great news, thanks for running with this! |
diehlaws
added
needs-review
Addresses #1901, at least partially.
This PR makes it possible to use a profile configured with
credential_source = Ec2InstanceMetadata.I'm not experienced with Go, so I'd appreciate feedback on how to write a test for this change. As
defaults.RemoteCredProvideralready has tests of its own, I think it would be ideal to have a test in session/shared_config_test.go which stubs outRemoteCredProvider. How does one do that? Thanks.