fix(codebuild): set region when creating sts client (#839)

There's a race condition where default region could not be found, causing STS client failed to be created. To fix it, we set STS client region to what specified in the codebuild halyard config. Fixed spinnaker/spinnaker#5974 Co-authored-by: Clare Liguori <liguori@amazon.com>
spinnaker · Aug 20, 2020 · babd23f · babd23f
1 parent 41ef2a3
commit babd23f
Showing 1 changed file with 6 additions and 13 deletions.
diff --git a/igor-web/src/main/java/com/netflix/spinnaker/igor/config/AwsCodeBuildConfig.java b/igor-web/src/main/java/com/netflix/spinnaker/igor/config/AwsCodeBuildConfig.java
@@ -30,17 +30,14 @@
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.DependsOn;
 
 @Configuration
 @ConditionalOnProperty("codebuild.enabled")
 @EnableConfigurationProperties({AwsCodeBuildProperties.class})
 public class AwsCodeBuildConfig {
   @Bean("awsCodeBuildAccountRepository")
-  @DependsOn({"awsSecurityTokenServiceClient"})
   AwsCodeBuildAccountRepository awsCodeBuildAccountRepository(
       AwsCodeBuildProperties awsCodeBuildProperties,
-      AWSSecurityTokenServiceClient awsSecurityTokenServiceClient,
       AWSCredentialsProvider awsCredentialsProvider) {
     AwsCodeBuildAccountRepository accounts = new AwsCodeBuildAccountRepository();
     awsCodeBuildProperties
@@ -50,6 +47,12 @@ AwsCodeBuildAccountRepository awsCodeBuildAccountRepository(
               AwsCodeBuildAccount account =
                   new AwsCodeBuildAccount(awsCredentialsProvider, a.getRegion());
               if (a.getAccountId() != null && a.getAssumeRole() != null) {
+                AWSSecurityTokenServiceClient awsSecurityTokenServiceClient =
+                    (AWSSecurityTokenServiceClient)
+                        AWSSecurityTokenServiceClientBuilder.standard()
+                            .withCredentials(awsCredentialsProvider)
+                            .withRegion(a.getRegion())
+                            .build();
                 STSAssumeRoleSessionCredentialsProvider stsAssumeRoleSessionCredentialsProvider =
                     new STSAssumeRoleSessionCredentialsProvider.Builder(
                             getRoleArn(a.getAccountId(), a.getAssumeRole()), "spinnaker-session")
@@ -63,16 +66,6 @@ AwsCodeBuildAccountRepository awsCodeBuildAccountRepository(
     return accounts;
   }
 
-  @Bean("awsSecurityTokenServiceClient")
-  @DependsOn({"awsCredentialsProvider"})
-  AWSSecurityTokenServiceClient awsSecurityTokenServiceClient(
-      AWSCredentialsProvider awsCredentialsProvider) {
-    return (AWSSecurityTokenServiceClient)
-        AWSSecurityTokenServiceClientBuilder.standard()
-            .withCredentials(awsCredentialsProvider)
-            .build();
-  }
-
   @Bean("awsCredentialsProvider")
   AWSCredentialsProvider awsCredentialsProvider(AwsCodeBuildProperties awsCodeBuildProperties) {
     AWSCredentialsProvider credentialsProvider = DefaultAWSCredentialsProviderChain.getInstance();