From conversation in PR#12
In pkg/provider/aws.go, GetParameterDataByPath and GetParameterValue fail with log.Fatalf when the AWS client returns an error. If IAM credentials are not configured, the Pod will enter a crashloop until the pod is authorized. This is probably correct - or at least consistent - behavior when no IAM role/policy exists at all.
The bug exists when different permissions exist on different SSM keys, resulting in some values being resolved and some providing errors.
However, it prevented other secrets (for which no permission problem existed) to be updated, and since there is one single aws-ssm deployment on the cluster, serving potentially more than one application, the side effect of one broken secret in one namespace affecting operations on an unrelated application can be a bit problematic.
cmattoon
commented
5 years ago
From conversation in PR#12 In
pkg/provider/aws.go,GetParameterDataByPathandGetParameterValuefail withlog.Fatalfwhen the AWS client returns an error. If IAM credentials are not configured, the Pod will enter a crashloop until the pod is authorized. This is probably correct - or at least consistent - behavior when no IAM role/policy exists at all.The bug exists when different permissions exist on different SSM keys, resulting in some values being resolved and some providing errors.