The aws_security_token option, when supplied, is not passed into the aws_iam_login call.
If using a boto profile or other session credentials, the session token from those will be used, but direct parameter binding values are never accessed.
Related: #118
ISSUE TYPE
Bug Report
COMPONENT NAME
_auth_aws_iam_login
ANSIBLE VERSION
N/A
COLLECTION VERSION
1.3.2
CONFIGURATION
N/A
OS / ENVIRONMENT
N/A
STEPS TO REPRODUCE
Use temporary AWS creds like those from role assumption which require use of the session token, then pass the token to the auth method.
EXPECTED RESULTS
Success!
ACTUAL RESULTS
An error describing an invalid session token.
Error was a <class 'ansible.errors.AnsibleError'>, original message: An unhandled exception occurred while running the lookup plugin 'community.hashi_vault.hashi_vault'. Error was a <class 'hvac.exceptions.InvalidRequest'>, original message: error making upstream request: received error code 403 from STS: <ErrorResponse xmlns=\"https://sts.amazonaws.com/doc/2011-06-15/\">\n <Error>\n <Type>Sender</Type>\n <Code>InvalidClientTokenId</Code>\n <Message>The security token included in the request is invalid.</Message>\n </Error>\n <RequestId>23453748-f61b-4b59-8e72-13ce2c90fcf4</RequestId>\n</ErrorResponse>\n, on post https://vault/v1/auth/aws/login"}
SUMMARY
The
aws_security_tokenoption, when supplied, is not passed into theaws_iam_logincall.If using a boto profile or other session credentials, the session token from those will be used, but direct parameter binding values are never accessed.
Related: #118
ISSUE TYPE
COMPONENT NAME
_auth_aws_iam_login
ANSIBLE VERSION
N/A
COLLECTION VERSION
1.3.2
CONFIGURATION
N/A
OS / ENVIRONMENT
N/A
STEPS TO REPRODUCE
Use temporary AWS creds like those from role assumption which require use of the session token, then pass the token to the auth method.
EXPECTED RESULTS
Success!
ACTUAL RESULTS
An error describing an invalid session token.