Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing support for credential_process #1485

Closed
albertomurillo opened this issue May 4, 2021 · 3 comments · Fixed by #1716
Closed

Missing support for credential_process #1485

albertomurillo opened this issue May 4, 2021 · 3 comments · Fixed by #1716
Assignees
@harshavardhana
Labels
fixed

Comments

@albertomurillo
Copy link

minio-go can obtain credentials from a configured aws config file.

This process, however, only looks for static credentials and does not support the credential_process mechanism to execute an external program that obtains the required credentials.

This is useful in environments where federated authentication is in place and long-living credentials are forbidden.
@harshavardhana harshavardhana self-assigned this May 4, 2021
@harshavardhana
Copy link
Member

Will take a look @albertomurillo

@albertomurillo
Copy link
Author

Will take a look @albertomurillo

I have a patch for this... I am preparing the PR

albertomurillo pushed a commit to albertomurillo/minio-go that referenced this issue May 4, 2021
Add support for credential_process
871910d 
Fixes minio#1485

Signed-off-by: Alberto Murillo <albertomurillosilva@gmail.com>
@albertomurillo albertomurillo mentioned this issue May 4, 2021
Closed
albertomurillo pushed a commit to albertomurillo/minio-go that referenced this issue May 4, 2021
Add support for credential_process
bb99684 
Fixes minio#1485

Signed-off-by: Alberto Murillo <albertomurillosilva@gmail.com>
albertomurillo pushed a commit to albertomurillo/minio-go that referenced this issue May 11, 2021
Add support for credential_process
e3f4607 
Fixes minio#1485

Signed-off-by: Alberto Murillo <albertomurillosilva@gmail.com>
@V3ckt0r
Copy link

V3ckt0r commented Jul 21, 2022
edited

hey @harshavardhana and @albertomurillo,

Does this minio library support source_profile in aws config files. Such an example being:

aws config

[pod_role]
web_identity_token_file = /var/run/secrets/eks.amazonaws.com/serviceaccount/token
role_arn = <arn_a>

[assume_role]
source_profile = pod_role
role_arn = <arn_b>
role_session_name = <something>

Env vars

AWS_CONFIG_FILE=<path-to-config-file>
AWS_ROLE_ARN=<arn_a>
AWS_WEB_IDENTITY_TOKEN_FILE=/var/run/secrets/eks.amazonaws.com/serviceaccount/token
AWS_DEFAULT_REGION=us-west-2
AWS_PROFILE=assume_role
AWS_REGION=us-west-2

I saw PR #1486, but I don't think this fixes it. Please confirm?

I was trying to replicate what is described here with the library

harshavardhana added a commit to harshavardhana/minio-go that referenced this issue Oct 24, 2022
@harshavardhana
Add support for credential_process
d790524 
Fixes minio#1485

Signed-off-by: Harshavardhana <harsha@minio.io>
@harshavardhana harshavardhana mentioned this issue Oct 24, 2022
Merged
harshavardhana added a commit to harshavardhana/minio-go that referenced this issue Oct 24, 2022
@harshavardhana
Add support for credential_process
a3d402a 
Fixes minio#1485

Signed-off-by: Harshavardhana <harsha@minio.io>
harshavardhana added a commit that referenced this issue Oct 25, 2022
@harshavardhana
Add support for credential_process (#1716)
fbe9d3e 
Fixes #1485

Signed-off-by: Harshavardhana <harsha@minio.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@harshavardhana harshavardhana

Labels
fixed
Projects
None yet
Milestone
No milestone
3 participants
@harshavardhana @albertomurillo @V3ckt0r