Use a list instead of a map for the value of the "assume_role_with_we…

…b_identity" config key Signed-off-by: Alper Rifat Ulucinar <ulucinar@users.noreply.github.com>
crossplane-contrib · Jan 3, 2024 · 396bcc2 · 396bcc2
1 parent 8f8e547
commit 396bcc2
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/internal/clients/aws.go b/internal/clients/aws.go
@@ -130,23 +130,29 @@ func pushDownTerraformSetupBuilder(ctx context.Context, c client.Client, pc *v1b
 		if pc.Spec.Credentials.WebIdentity == nil {
 			return errors.New(`spec.credentials.webIdentity of ProviderConfig cannot be nil when the credential source is "WebIdentity"`)
 		}
-		ps.Configuration[keyAssumeRoleWithWebIdentity] = map[string]any{
+		webIdentityConfig := map[string]any{
 			keyRoleArn:              aws.ToString(pc.Spec.Credentials.WebIdentity.RoleARN),
 			keyWebIdentityTokenFile: os.Getenv(envWebIdentityTokenFile),
 		}
 		if pc.Spec.Credentials.WebIdentity.RoleSessionName != "" {
-			ps.Configuration[keySessionName] = pc.Spec.Credentials.WebIdentity.RoleSessionName
+			webIdentityConfig[keySessionName] = pc.Spec.Credentials.WebIdentity.RoleSessionName
+		}
+		ps.Configuration[keyAssumeRoleWithWebIdentity] = []any{
+			webIdentityConfig,
 		}
 	case authKeyUpbound:
 		if pc.Spec.Credentials.Upbound == nil || pc.Spec.Credentials.Upbound.WebIdentity == nil {
 			return errors.New(`spec.credentials.upbound.webIdentity of ProviderConfig cannot be nil when the credential source is "Upbound"`)
 		}
-		ps.Configuration[keyAssumeRoleWithWebIdentity] = map[string]any{
+		webIdentityConfig := map[string]any{
 			keyRoleArn:              aws.ToString(pc.Spec.Credentials.Upbound.WebIdentity.RoleARN),
 			keyWebIdentityTokenFile: upboundProviderIdentityTokenFile,
 		}
 		if pc.Spec.Credentials.Upbound.WebIdentity.RoleSessionName != "" {
-			ps.Configuration[keySessionName] = pc.Spec.Credentials.Upbound.WebIdentity.RoleSessionName
+			webIdentityConfig[keySessionName] = pc.Spec.Credentials.Upbound.WebIdentity.RoleSessionName
+		}
+		ps.Configuration[keyAssumeRoleWithWebIdentity] = []any{
+			webIdentityConfig,
 		}
 	case authKeySecret:
 		data, err := resource.CommonCredentialExtractor(ctx, s, c, pc.Spec.Credentials.CommonCredentialSelectors)