-
Notifications
You must be signed in to change notification settings - Fork 23.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
maven_artifact: adding AWS STS session token support #20959
Conversation
Without the session token being passed in, AWS STS credentials, will not be usable. This prevents some users from using assumed roles, and the credentials supplied, for downloading from S3 based Maven repositories.
LGTM, however, I have no experience with AWS, so I can't tell if it's gonna work. Would be great if @ryansb could have a look. |
shipit |
;@mrcrilly I can now join @tumbl3w33d to merge it. Just have to rebase and solve conflicts |
@mrcrilly Given that:
Therefore I'm going to close this. If you or anyone else wants to continue with this work then please do feel free to create a fresh PR and |
ISSUE TYPE
COMPONENT NAME
maven_artifect
ANSIBLE VERSION
SUMMARY
Without being able to supply and use the AWS STS session token, AWS STS temporary credentials cannot be used with this module. Without providing the session token, STS users will not be able to download protected artifacts.
This PR fixes the issue by introducing the STS session token, should it be supplied to the module, to the boto3 client at the time of instantiation. It does so without introducing a blank session token to the boto3 client, using an expanded
dict
, to avoid unknown edge cases with regards to a blank session token.