Closed bcressey closed 11 months ago
While I expect both changes are fine and match what users would expect, either could potentially be a breaking change since now region or creds could be taken from the environment or IMDS if the profile doesn't specify them. So I'd suggest bumping the crate versions for tough-kms
and tough-ssm
. I can do that here if that's easiest or otherwise it can be handled in the release workflow.
While I expect both changes are fine and match what users would expect, either could potentially be a breaking change since now region or creds could be taken from the environment or IMDS if the profile doesn't specify them. So I'd suggest bumping the crate versions for
tough-kms
andtough-ssm
. I can do that here if that's easiest or otherwise it can be handled in the release workflow.
I think we normally bump these as part of the release process.
Issue #, if available: Fixes #669
Description of changes: Wrap the credential provider in a provider chain which adds an outer refreshing cache provider. This is required for certain profiles to work, for example a profile that uses
source_profile
to fetch role credentials from a profile that usescredential_process
, since the presence of a cache is assumed.Do the same for the region provider, as the region may come from the environment or IMDS rather than being specified in the profile.
Testing done: With these changes, I was able to use the profile and command in the linked issue to add a key to
root.json
.Terms of contribution: By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.