mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-29 22:46:12 +00:00
legacy-cloud-providers: aws: Add support for consuming web identity credentials
This commit is contained in:
Seth Jennings
parent
9d09c9d246
commit
79c9ac1f01
@ -35,7 +35,6 @@ import (
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/aws/credentials"
|
||||
"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
|
||||
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
|
||||
"github.com/aws/aws-sdk-go/aws/ec2metadata"
|
||||
"github.com/aws/aws-sdk-go/aws/endpoints"
|
||||
@ -821,8 +820,11 @@ func (p *awsSDKProvider) Compute(regionName string) (EC2, error) {
|
||||
}
|
||||
awsConfig = awsConfig.WithCredentialsChainVerboseErrors(true).
|
||||
WithEndpointResolver(p.cfg.getResolver())
|
||||
sess, err := session.NewSessionWithOptions(session.Options{
|
||||
Config: *awsConfig,
|
||||
SharedConfigState: session.SharedConfigEnable,
|
||||
})
|
||||
|
||||
sess, err := session.NewSession(awsConfig)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to initialize AWS session: %v", err)
|
||||
}
|
||||
@ -843,8 +845,10 @@ func (p *awsSDKProvider) LoadBalancing(regionName string) (ELB, error) {
|
||||
}
|
||||
awsConfig = awsConfig.WithCredentialsChainVerboseErrors(true).
|
||||
WithEndpointResolver(p.cfg.getResolver())
|
||||
|
||||
sess, err := session.NewSession(awsConfig)
|
||||
sess, err := session.NewSessionWithOptions(session.Options{
|
||||
Config: *awsConfig,
|
||||
SharedConfigState: session.SharedConfigEnable,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to initialize AWS session: %v", err)
|
||||
}
|
||||
@ -861,8 +865,10 @@ func (p *awsSDKProvider) LoadBalancingV2(regionName string) (ELBV2, error) {
|
||||
}
|
||||
awsConfig = awsConfig.WithCredentialsChainVerboseErrors(true).
|
||||
WithEndpointResolver(p.cfg.getResolver())
|
||||
|
||||
sess, err := session.NewSession(awsConfig)
|
||||
sess, err := session.NewSessionWithOptions(session.Options{
|
||||
Config: *awsConfig,
|
||||
SharedConfigState: session.SharedConfigEnable,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to initialize AWS session: %v", err)
|
||||
}
|
||||
@ -880,8 +886,10 @@ func (p *awsSDKProvider) Autoscaling(regionName string) (ASG, error) {
|
||||
}
|
||||
awsConfig = awsConfig.WithCredentialsChainVerboseErrors(true).
|
||||
WithEndpointResolver(p.cfg.getResolver())
|
||||
|
||||
sess, err := session.NewSession(awsConfig)
|
||||
sess, err := session.NewSessionWithOptions(session.Options{
|
||||
Config: *awsConfig,
|
||||
SharedConfigState: session.SharedConfigEnable,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to initialize AWS session: %v", err)
|
||||
}
|
||||
@ -911,8 +919,10 @@ func (p *awsSDKProvider) KeyManagement(regionName string) (KMS, error) {
|
||||
}
|
||||
awsConfig = awsConfig.WithCredentialsChainVerboseErrors(true).
|
||||
WithEndpointResolver(p.cfg.getResolver())
|
||||
|
||||
sess, err := session.NewSession(awsConfig)
|
||||
sess, err := session.NewSessionWithOptions(session.Options{
|
||||
Config: *awsConfig,
|
||||
SharedConfigState: session.SharedConfigEnable,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to initialize AWS session: %v", err)
|
||||
}
|
||||
@ -1170,30 +1180,28 @@ func init() {
|
||||
return nil, fmt.Errorf("unable to validate custom endpoint overrides: %v", err)
|
||||
}
|
||||
|
||||
sess, err := session.NewSession(&aws.Config{})
|
||||
sess, err := session.NewSessionWithOptions(session.Options{
|
||||
Config: aws.Config{},
|
||||
SharedConfigState: session.SharedConfigEnable,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to initialize AWS session: %v", err)
|
||||
}
|
||||
|
||||
var provider credentials.Provider
|
||||
if cfg.Global.RoleARN == "" {
|
||||
provider = &ec2rolecreds.EC2RoleProvider{
|
||||
Client: ec2metadata.New(sess),
|
||||
}
|
||||
} else {
|
||||
var creds *credentials.Credentials
|
||||
if cfg.Global.RoleARN != "" {
|
||||
klog.Infof("Using AWS assumed role %v", cfg.Global.RoleARN)
|
||||
provider = &stscreds.AssumeRoleProvider{
|
||||
provider := &stscreds.AssumeRoleProvider{
|
||||
Client: sts.New(sess),
|
||||
RoleARN: cfg.Global.RoleARN,
|
||||
}
|
||||
}
|
||||
|
||||
creds := credentials.NewChainCredentials(
|
||||
[]credentials.Provider{
|
||||
&credentials.EnvProvider{},
|
||||
provider,
|
||||
&credentials.SharedCredentialsProvider{},
|
||||
})
|
||||
creds = credentials.NewChainCredentials(
|
||||
[]credentials.Provider{
|
||||
&credentials.EnvProvider{},
|
||||
provider,
|
||||
})
|
||||
}
|
||||
|
||||
aws := newAWSSDKProvider(creds, cfg)
|
||||
return newAWSCloud(*cfg, aws)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user