> v0.45.0 - credentials.source upbound - cannot initialize the no-fork async external client

[haarchri]

What happened?

When using providers with versions higher than v0.45.0, an error occurs for all managed resources when utilizing credentials.source upbound - wonder if the issue is related to this PR: #1002

v0.45.0 - is working
v0.46.0 - not tested
v0.46.1 - is not working
v0.47.0 - is not working

apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: default
spec:
  credentials:
    source: Upbound
    upbound:
      webIdentity:
        roleARN: arn:aws:iam::123456789101:role/test

message: |-
      connect failed: cannot initialize the no-fork async external client: cannot get terraform setup: could not configure no-fork AWS client: failed to configure the provider: [{0 configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.

      Please see https://registry.terraform.io/providers/hashicorp/aws
      for more information about providing credentials.

      AWS Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, http response error StatusCode: 404, request to EC2 IMDS failed
        []}]

NAME                                                                                     HEALTHY   REVISION   IMAGE                                                                       STATE      DEP-FOUND   DEP-INSTALLED   AGE
providerrevision.pkg.crossplane.io/upbound-provider-aws-ec2-cfeb0cd0f1d2                 True      2          xpkg.upbound.io/upbound/provider-aws-ec2:v0.47.0                            Active     1           1               39m
providerrevision.pkg.crossplane.io/upbound-provider-aws-eks-641a096d79d8                 True      2          xpkg.upbound.io/upbound/provider-aws-eks:v0.47.0                            Active     1           1               39m
providerrevision.pkg.crossplane.io/upbound-provider-aws-iam-438eac423037                 True      2          xpkg.upbound.io/upbound/provider-aws-iam:v0.47.0                            Active     1           1               39m
providerrevision.pkg.crossplane.io/upbound-provider-aws-rds-58f96aa9fc4b                 True      2          xpkg.upbound.io/upbound/provider-aws-rds:v0.47.0                            Active     1           1               39m
providerrevision.pkg.crossplane.io/upbound-provider-aws-s3-1e7325b432db                  True      2          xpkg.upbound.io/upbound/provider-aws-s3:v0.47.0                             Active     1           1               39m
providerrevision.pkg.crossplane.io/upbound-provider-aws-ssm-1eba1515ce00                 True      2          xpkg.upbound.io/upbound/provider-aws-ssm:v0.47.0                            Active     1           1               39m
providerrevision.pkg.crossplane.io/upbound-provider-family-aws-ddac5a22918f              True      2          xpkg.upbound.io/upbound/provider-family-aws:v0.47.0                         Active                                 39m

How can we reproduce it?

What environment did it happen in?

• Crossplane Version:
• Provider Version:
• Kubernetes Version:
• Kubernetes Distribution:

[ulucinar]

Looks like the root cause of the issue is that we are using a map[string]any for the value of the assume_role_with_web_identity configuration key whereas the schema declares it as a list.