mbiryukova/lego
1
0
Fork 0
forked from TrueCloudLab/lego
Code Pull requests Activity

route53: pass ExternalID property to STS:AssumeRole API operation (#1918)

Browse source
This commit is contained in:
Julien Vdbc 2023-05-26 22:26:40 +02:00 committed by GitHub
parent 9bd5890c40
commit 8d8a3c1ccd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
providers/dns/route53/route53.go
View file

@ -30,6 +30,7 @@ const (
EnvHostedZoneID = envNamespace + "HOSTED_ZONE_ID" EnvHostedZoneID = envNamespace + "HOSTED_ZONE_ID"
EnvMaxRetries = envNamespace + "MAX_RETRIES" EnvMaxRetries = envNamespace + "MAX_RETRIES"
EnvAssumeRoleArn = envNamespace + "ASSUME_ROLE_ARN" EnvAssumeRoleArn = envNamespace + "ASSUME_ROLE_ARN"
EnvExternalID = envNamespace + "EXTERNAL_ID"
EnvTTL = envNamespace + "TTL" EnvTTL = envNamespace + "TTL"
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT" EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
@ -48,6 +49,7 @@ type Config struct {
HostedZoneID string HostedZoneID string
MaxRetries int MaxRetries int
AssumeRoleArn string AssumeRoleArn string
ExternalID string
TTL int TTL int
PropagationTimeout time.Duration PropagationTimeout time.Duration
@ -62,6 +64,7 @@ func NewDefaultConfig() *Config {
HostedZoneID: env.GetOrFile(EnvHostedZoneID), HostedZoneID: env.GetOrFile(EnvHostedZoneID),
MaxRetries: env.GetOrDefaultInt(EnvMaxRetries, 5), MaxRetries: env.GetOrDefaultInt(EnvMaxRetries, 5),
AssumeRoleArn: env.GetOrDefaultString(EnvAssumeRoleArn, ""), AssumeRoleArn: env.GetOrDefaultString(EnvAssumeRoleArn, ""),
ExternalID: env.GetOrDefaultString(EnvExternalID, ""),
TTL: env.GetOrDefaultInt(EnvTTL, 10), TTL: env.GetOrDefaultInt(EnvTTL, 10),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 2*time.Minute), PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 2*time.Minute),
@ -338,7 +341,11 @@ func createSession(config *Config) (*session.Session, error) {
return session.NewSession(&aws.Config{ return session.NewSession(&aws.Config{
Region: sess.Config.Region, Region: sess.Config.Region,
Credentials: stscreds.NewCredentials(sess, config.AssumeRoleArn), Credentials: stscreds.NewCredentials(sess, config.AssumeRoleArn, func(arp *stscreds.AssumeRoleProvider) {
if config.ExternalID != "" {
arp.ExternalID = &config.ExternalID
}
}),
}) })
} }

1
providers/dns/route53/route53.toml
View file

@ -130,6 +130,7 @@ Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with
AWS_PROFILE = "Managed by the AWS client (`AWS_PROFILE_FILE` is not supported)" AWS_PROFILE = "Managed by the AWS client (`AWS_PROFILE_FILE` is not supported)"
AWS_SDK_LOAD_CONFIG = "Managed by the AWS client. Retrieve the region from the CLI config file (`AWS_SDK_LOAD_CONFIG_FILE` is not supported)" AWS_SDK_LOAD_CONFIG = "Managed by the AWS client. Retrieve the region from the CLI config file (`AWS_SDK_LOAD_CONFIG_FILE` is not supported)"
AWS_ASSUME_ROLE_ARN = "Managed by the AWS Role ARN (`AWS_ASSUME_ROLE_ARN_FILE` is not supported)" AWS_ASSUME_ROLE_ARN = "Managed by the AWS Role ARN (`AWS_ASSUME_ROLE_ARN_FILE` is not supported)"
AWS_EXTERNAL_ID = "Managed by STS AssumeRole API operation (`AWS_EXTERNAL_ID_FILE` is not supported)"
[Configuration.Additional] [Configuration.Additional]
AWS_SHARED_CREDENTIALS_FILE = "Managed by the AWS client. Shared credentials file." AWS_SHARED_CREDENTIALS_FILE = "Managed by the AWS client. Shared credentials file."
AWS_MAX_RETRIES = "The number of maximum returns the service will use to make an individual API request" AWS_MAX_RETRIES = "The number of maximum returns the service will use to make an individual API request"