Closed rayjanoka closed 4 years ago
The code change looks fine, I am a bit concered about the number of go vendor packages that where added/removed for no code change. I ran a
go mod tidy
and it cleans up most the added modules.
nice1
We talked about the change added there at the end. This will enable stim to source/validate the username from Vault. It seemed just trusting the set username from the stim config was maybe not the best. Also, maybe better code practice if the username didn't exist to go to the source. This is less of a security feature since the user could always take the Vault provided IAM creds and just generate their own STS AWS console access. The provided username is collected from the user and should never be trusted anyways...
@thorix made me do it!