STS does not respect ca cert setting

[phoebusm]

Describe the bug

https://github.com/aws/aws-sdk-cpp/blob/e9d0d247be909ade39f213a3e2915aa262755a78/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp#L110

The SDK Client Configuration allows user to set caPath and caFIle but STS authentication doesn't use/respect the setting

Expected Behavior

All authentication respects caPath and caFile setting.

Current Behavior

The SDK Client Configuration allows user to set caPath and caFIle but STS authentication doesn't use/respect the setting

Reproduction Steps

In the below code, caFile is pointed to wrong ca file. Yet STS auth should still be able to return a valid token yet the connection to the storage should fail.

Aws::Client::ClientConfiguration config;
config.caFile = "WRONG_CA_FILE";
Aws::S3::S3Client s3_client(config, Aws::Client::AWSAuthV4Signer::PayloadSigningPolicy::Never, false);
Aws::S3::Model::ListObjectsV2Request objects_request;
objects_request.WithBucket("abc");
auto list_objects_outcome = s3_client.ListObjectsV2(objects_request);

Possible Solution

No response

Additional Information/Context

No response

AWS CPP SDK version used

1.11.201

Compiler and Version used

gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0

Operating System and version

Ubuntu 22.04

[jmklix]

Thanks for pointing this out to us. This is a problem with how the sts client was written, and will require a significant refactor of the sts client. This has been added to our backlog, but this is not something that will get completed this quarter. I don't have a timeline for when fixed, but I will update here when it does. Sorry for the delay

[ryansburgoyne]

It appears I am not able to use IRSA in my EKS cluster for my C++ application because it requires a call to STS to fetch credentials using a web identity token. Is there any workaround?

[jmklix]

@ryansburgoyne could you open a discussion and provide more details about what exactly you are trying to do?

[jmklix]

related issue: https://github.com/aws/aws-sdk-cpp/issues/1963