chore: update AWS auth config (#134)

* chore: update AWS auth config

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

* chore: bump AWS chart version

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

---------

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

chart/validator/templates/plugin-secret-aws.yaml

@@ -4,11 +4,7 @@ kind: Secret
 metadata:
   name: {{ required ".Values.pluginSecrets.aws.secretName is required!" .Values.pluginSecrets.aws.secretName }}
 stringData:
-  credentials: |
-    [default]
-    aws_access_key_id={{ required ".Values.pluginSecrets.aws.accessKeyId is required!" .Values.pluginSecrets.aws.accessKeyId }}
-    aws_secret_access_key={{ required ".Values.pluginSecrets.aws.secretAccessKey is required!" .Values.pluginSecrets.aws.secretAccessKey }}
-    {{- if .Values.pluginSecrets.aws.sessionToken }}
-    aws_session_token={{ $.Values.pluginSecrets.aws.sessionToken }}
-    {{- end }}
+  {{- range $key, $val := .Values.pluginSecrets.aws.env }}
+  {{ $key }}: {{ $val | quote }}
+  {{- end }}
 {{- end }}

chart/validator/values.yaml

@@ -77,7 +77,7 @@ plugins:
 - chart:
     name: validator-plugin-aws
     repository: "https://spectrocloud-labs.github.io/validator-plugin-aws"
-    version: "v0.0.16"
+    version: v0.0.17
   values: |-
     controllerManager:
       kubeRbacProxy:
@@ -112,7 +112,7 @@ plugins:
             - ALL
         image:
           repository: quay.io/spectrocloud-labs/validator-plugin-aws
-          tag: v0.0.16
+          tag: v0.0.17
         resources:
           limits:
             cpu: 500m
@@ -132,20 +132,21 @@ plugins:
         targetPort: https
       type: ClusterIP
     auth:
-      # Option 1: Leave secret undefined for implicit auth (node instance role, IMDSv2, etc.)
+      # Option 1: Leave secret undefined for implicit auth (node instance IAM role, IMDSv2, etc.)
       # Option 2: Create a secret via pluginSecrets (see below). Note: secretName and pluginSecrets.aws.secretName must match.
       # Option 3: Specify the name of a preexisting secret in your target cluster and leave pluginSecrets.aws undefined.
       #
       secret: {}  # Delete these curly braces if you're specifying secretName!
         # secretName: aws-creds
+
       # Override the service account used by AWS validator (optional, could be used for IMDSv2 on EKS)
       # WARNING: the chosen service account must include all RBAC privileges found in the AWS plugin template:
       #          https://github.com/spectrocloud-labs/validator-plugin-aws/blob/main/chart/validator-plugin-aws/templates/manager-rbac.yaml
       serviceAccountName: ""
 - chart:
     name: validator-plugin-azure
     repository: "https://spectrocloud-labs.github.io/validator-plugin-azure"
-    version: "v0.0.2"
+    version: v0.0.2
   values: |-
     controllerManager:
       kubeRbacProxy:
@@ -220,7 +221,7 @@ plugins:
 - chart:
     name: validator-plugin-vsphere
     repository: "https://spectrocloud-labs.github.io/validator-plugin-vsphere"
-    version: "v0.0.13"
+    version: v0.0.13
   values: |-
     controllerManager:
       kubeRbacProxy:
@@ -281,7 +282,7 @@ plugins:
 - chart:
     name: validator-plugin-network
     repository: "https://spectrocloud-labs.github.io/validator-plugin-network"
-    version: "v0.0.7"
+    version: v0.0.7
   values: |-
     controllerManager:
       kubeRbacProxy:
@@ -347,9 +348,13 @@ pluginSecrets:
   #
   aws: {}  # Don't forget to delete these curly braces if you're specifying credentials here!
     # secretName: aws-creds  # ensure this matches the AWS plugin values above
-    # accessKeyId: ""
-    # secretAccessKey: ""
-    # sessionToken: ""
+    #
+    # Any valid combination of AWS credential environment variables, per the options defined in:
+    # https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#environment-variables.
+    # env:
+    #   AWS_ACCESS_KEY_ID: ""
+    #   AWS_SECRET_ACCESS_KEY: ""
+    #   AWS_SESSION_TOKEN: ""
 
   # If installing the Azure plugin, the below config is required unless one of the following applies:
   # - The target cluster already contains a secret with the correct format and you've specified its name above.