Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed web credentials fetching #1

Merged
merged 1 commit into from
Jun 6, 2024
Merged

Fixed web credentials fetching #1

merged 1 commit into from
Jun 6, 2024

Conversation

denis256
Copy link

@denis256 denis256 commented Jun 5, 2024

Description

Found that in internal tests, only with WebIdentityToken, Terragrunt fails with:

time=2024-06-05T18:11:01Z level=error msg=Error finding AWS credentials (did you set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables?): NoCredentialProviders: no valid providers in chain. Deprecated.
	For verbose messaging see aws.Config.CredentialsChainVerboseErrors
time=2024-06-05T[18](https://github.com/gruntwork-test/testing-terragrunt-with-web-identity/actions/runs/9389092410/job/25855946545#step:6:19):11:01Z level=error msg=Unable to determine underlying exit code, so Terragrunt will exit with error code 1

Fixed by updating AssumeIamRole

TODOs

Read the Gruntwork contribution guidelines.

  • Update the docs.
  • Run the relevant tests successfully, including pre-commit checks.
  • Ensure any 3rd party code adheres with our license policy or delete this line if its not applicable.
  • Include release notes. If this PR is backward incompatible, include a migration guide.

Release Notes (draft)

Added / Removed / Updated [X].

Migration Guide

@denis256 denis256 mentioned this pull request Jun 5, 2024
Merged
4 tasks
@partcyborg partcyborg merged commit c522e88 into partcyborg:assume-role-web-identity Jun 6, 2024
partcyborg added a commit that referenced this pull request Jul 3, 2024
@partcyborg @mattwilder @denis256
Add support for AssumeRoleWithWebIdentity (gruntwork-io#2997)
8e216f8 
* Add support for AssumeRoleWithWebIdentity

Add support for STS [AssumeRoleWithWebIdentity](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html).

Includes new config option `iam_web_identity_token` which takes either a WebIdentity token (designed to be passed in with `get_env()`), or a
path to a file containing a WebIdentity token.

* replace ioutil.ReadFile with os.ReadFile

* fix flag name per new naming convention

* remove unnecessary else clause

* Add integration tests

* Support passing through IAM role options through deleteS3Bucket

* fix bug in TestTerragruntAssumeRoleWebIdentityEnv

* Update and improve documentation

* Fixed web credentials fetching (#1)

Found that in internal tests, only with WebIdentityToken, Terragrunt
fails with:
```
time=2024-06-05T18:11:01Z level=error msg=Error finding AWS credentials (did you set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables?): NoCredentialProviders: no valid providers in chain. Deprecated.
	For verbose messaging see aws.Config.CredentialsChainVerboseErrors
time=2024-06-05T[18](https://github.com/gruntwork-test/testing-terragrunt-with-web-identity/actions/runs/9389092410/job/25855946545#step:6:19):11:01Z level=error msg=Unable to determine underlying exit code, so Terragrunt will exit with error code 1
```

Fixed by updating AssumeIamRole

* Do not log the WebIdentity token

* fix docs syntax issue

* Updates from review feedback

* fix comment

---------

Co-authored-by: Matt Wilder <mwilder@singlestore.com>
Co-authored-by: Denis O <denis@universal-development.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@denis256 @partcyborg