scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

pass nil function for auth/aws when no externalID supplied (#27858)

Browse Source
This commit is contained in:
kpcraig
2024-07-26 14:55:04 -04:00
committed by GitHub
parent 5787fa20f6
commit 32fdae08d6
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
builtin/credential/aws/client.go
View File

@@ -9,6 +9,8 @@ import (
"strconv" "strconv"
"time" "time"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds" "github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/aws/session"
@@ -130,7 +132,12 @@ func (b *backend) getClientConfig(ctx context.Context, s logical.Storage, region
if err != nil { if err != nil {
return nil, err return nil, err
} }
assumedCredentials := stscreds.NewCredentials(sess, stsRole, func(p *stscreds.AssumeRoleProvider) { p.ExternalID = aws.String(externalID) }) var assumedCredentials *credentials.Credentials
if externalID != "" {
assumedCredentials = stscreds.NewCredentials(sess, stsRole, func(p *stscreds.AssumeRoleProvider) { p.ExternalID = aws.String(externalID) })
} else {
assumedCredentials = stscreds.NewCredentials(sess, stsRole)
}
// Test that we actually have permissions to assume the role // Test that we actually have permissions to assume the role
if _, err = assumedCredentials.Get(); err != nil { if _, err = assumedCredentials.Get(); err != nil {
return nil, err return nil, err

3
changelog/27858.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:bug
auth/aws: fixes an issue where not supplying an external id was interpreted as an empty external id
```