Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(credential-provider-node): pass client region to inner credential client region #5758

Merged
merged 1 commit into from
Feb 9, 2024
Merged

fix(credential-provider-node): pass client region to inner credential client region #5758

merged 1 commit into from
Feb 9, 2024

Conversation

kuhe
Copy link
Contributor

@kuhe kuhe commented Feb 2, 2024
edited
Loading

Issue

related to #5749
related to #5755

Description

Currently, some credential providers have an "inner" or additional client not instantiated by the user. One example is the instantiation of an STS client for assumeRole, which is available to any SDK client without user input.

This inner client does not inherit configuration from the user instantiated, or "outer" client. That is because the credentialProvider functions (factories) are standalone and may be called outside of the context of an SDK client.

This PR passes in a reference to the outer client config (and its region) in one special case.

  • if the default credential provider is used without specification, i.e.
new Client({});
// only if no credentials are provided and STS::AssumeRole is called by the default credential provider

In this case, the outer client's region will be used as the fallback if the partition is not aws, such as govcloud. If the partition is aws, then us-east-1 will be used as the fallback.

See https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html for partitions.

Testing

We will need to wait for the development of a suite of integration tests for credential providers.

@kuhe kuhe requested review from a team as code owners February 2, 2024 22:27
@kuhe kuhe mentioned this pull request Feb 5, 2024
Merged
2 tasks
@kuhe kuhe force-pushed the fix/inner-client branch 5 times, most recently from 3fb6f1a to 110330a Compare February 9, 2024 16:00
@kuhe
fix(credential-provider-node): pass client region to inner credential…
b376e87 
… client region

test: sts does not resolve aws auth config
@kuhe kuhe force-pushed the fix/inner-client branch from 110330a to b376e87 Compare February 9, 2024 16:40
@kuhe kuhe merged commit 8c0b29e into aws:main Feb 9, 2024
2 checks passed
@kuhe kuhe deleted the fix/inner-client branch February 9, 2024 16:41
@github-actions GitHub Actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 24, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@siddsriv siddsriv siddsriv approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kuhe @siddsriv