mirrors/external-dns
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/external-dns.git synced 2025-08-06 01:26:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4706 from iul1an/hide-AWSAssumeRoleExternalID

Browse Source 
Do not expose the AWS role external id in the logs
This commit is contained in:
Kubernetes Prow Robot 2024-10-10 15:20:24 +01:00 committed by GitHub
commit b024fc9237
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/apis/externaldns/types.go
View File

@ -86,7 +86,7 @@ type Config struct {
AWSZoneTagFilter []string
AWSAssumeRole string
AWSProfiles []string
AWSAssumeRoleExternalID string
AWSAssumeRoleExternalID string `secure:"yes"`
AWSBatchChangeSize int
AWSBatchChangeSizeBytes int
AWSBatchChangeSizeValues int

3
provider/aws/config.go
View File

@ -102,7 +102,8 @@ func newV2Config(awsConfig AWSSessionConfig) (awsv2.Config, error) {
stsSvc := sts.NewFromConfig(cfg)
var assumeRoleOpts []func(*stscredsv2.AssumeRoleOptions)
if awsConfig.AssumeRoleExternalID != "" {
logrus.Infof("Assuming role: %s with external id %s", awsConfig.AssumeRole, awsConfig.AssumeRoleExternalID)
logrus.Infof("Assuming role %s with external id", awsConfig.AssumeRole)
logrus.Debugf("External id: %s", awsConfig.AssumeRoleExternalID)
assumeRoleOpts = []func(*stscredsv2.AssumeRoleOptions){
func(opts *stscredsv2.AssumeRoleOptions) {
opts.ExternalID = &awsConfig.AssumeRoleExternalID