Merge pull request #131 from swghosh/ocpbugs-14414

OCPBUGS-14414: Add AWS_SDK_LOAD_CONFIG env var for aws sdk auth
openshift · Jun 30, 2023 · ca0b1ed · ca0b1ed
2 parents 3a572d3 + dd922df
commit ca0b1ed
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/pkg/controller/deployment/credentials_request.go b/pkg/controller/deployment/credentials_request.go
@@ -57,6 +57,7 @@ func withCloudCredentials(secretsInformer coreinformersv1.SecretInformer, infraI
 
 		var volume *corev1.Volume
 		var volumeMount *corev1.VolumeMount
+		var envVar *corev1.EnvVar
 
 		switch infra.Status.PlatformStatus.Type {
 		// supported cloud platform for mounting secrets
@@ -74,6 +75,13 @@ func withCloudCredentials(secretsInformer coreinformersv1.SecretInformer, infraI
 				MountPath: awsCredentialsDir,
 			}
 
+			// this is required as without this env var, aws sdk
+			// doesn't properly bind role_arn from credentials file
+			envVar = &corev1.EnvVar{
+				Name:  "AWS_SDK_LOAD_CONFIG",
+				Value: "1",
+			}
+
 		case configv1.GCPPlatformType:
 			volume = &corev1.Volume{
 				Name: cloudCredentialsVolumeName,
@@ -105,6 +113,13 @@ func withCloudCredentials(secretsInformer coreinformersv1.SecretInformer, infraI
 			*volumeMount,
 		)
 
+		if envVar != nil {
+			deployment.Spec.Template.Spec.Containers[0].Env = append(
+				deployment.Spec.Template.Spec.Containers[0].Env,
+				*envVar,
+			)
+		}
+
 		return nil
 	}
 }