From 396bcc2a964d9f184c338185b4b04572f4a73283 Mon Sep 17 00:00:00 2001 From: Alper Rifat Ulucinar Date: Wed, 3 Jan 2024 11:06:41 +0300 Subject: [PATCH] Use a list instead of a map for the value of the "assume_role_with_web_identity" config key Signed-off-by: Alper Rifat Ulucinar --- internal/clients/aws.go | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/internal/clients/aws.go b/internal/clients/aws.go index e80f9ef649..62faa6fd73 100644 --- a/internal/clients/aws.go +++ b/internal/clients/aws.go @@ -130,23 +130,29 @@ func pushDownTerraformSetupBuilder(ctx context.Context, c client.Client, pc *v1b if pc.Spec.Credentials.WebIdentity == nil { return errors.New(`spec.credentials.webIdentity of ProviderConfig cannot be nil when the credential source is "WebIdentity"`) } - ps.Configuration[keyAssumeRoleWithWebIdentity] = map[string]any{ + webIdentityConfig := map[string]any{ keyRoleArn: aws.ToString(pc.Spec.Credentials.WebIdentity.RoleARN), keyWebIdentityTokenFile: os.Getenv(envWebIdentityTokenFile), } if pc.Spec.Credentials.WebIdentity.RoleSessionName != "" { - ps.Configuration[keySessionName] = pc.Spec.Credentials.WebIdentity.RoleSessionName + webIdentityConfig[keySessionName] = pc.Spec.Credentials.WebIdentity.RoleSessionName + } + ps.Configuration[keyAssumeRoleWithWebIdentity] = []any{ + webIdentityConfig, } case authKeyUpbound: if pc.Spec.Credentials.Upbound == nil || pc.Spec.Credentials.Upbound.WebIdentity == nil { return errors.New(`spec.credentials.upbound.webIdentity of ProviderConfig cannot be nil when the credential source is "Upbound"`) } - ps.Configuration[keyAssumeRoleWithWebIdentity] = map[string]any{ + webIdentityConfig := map[string]any{ keyRoleArn: aws.ToString(pc.Spec.Credentials.Upbound.WebIdentity.RoleARN), keyWebIdentityTokenFile: upboundProviderIdentityTokenFile, } if pc.Spec.Credentials.Upbound.WebIdentity.RoleSessionName != "" { - ps.Configuration[keySessionName] = pc.Spec.Credentials.Upbound.WebIdentity.RoleSessionName + webIdentityConfig[keySessionName] = pc.Spec.Credentials.Upbound.WebIdentity.RoleSessionName + } + ps.Configuration[keyAssumeRoleWithWebIdentity] = []any{ + webIdentityConfig, } case authKeySecret: data, err := resource.CommonCredentialExtractor(ctx, s, c, pc.Spec.Credentials.CommonCredentialSelectors)