DEFAULT_ROLE cannot be an ARN

lyft / metadataproxy

A proxy for AWS's metadata service that gives out scoped IAM credentials from STS

Other

458 stars 69 forks source link

DEFAULT_ROLE cannot be an ARN #85

Closed lowjoel closed 3 years ago

lowjoel commented 5 years ago

Hello,

After the refactor of roles.py, it appears that the DEFAULT_ROLE cannot be an ARN; in https://github.com/lyft/metadataproxy/blob/84c430ccdfcc58b8de84e7b7768646bd1d065a50/metadataproxy/roles.py#L197 only the IAM_ROLE variable is checked if it is an ARN, but not the DEFAULT_ROLE (if none is set.)

This means that IAM_ROLE can be an ARN or a short form, but the DEFAULT_ROLE can only be a short form. Any requests to the proxy would return 404 if an ARN is specified for DEFAULT_ROLE.

tedder commented 5 years ago

@ryan-lane I think you misread my comment, #87 does not fix this.

ryan-lane commented 5 years ago

@tedder doh, this is an annoying github thing. Since the PR was linked, it auto-closed the issue. Let me re-open. I know it doesn't solve it.

tedder commented 5 years ago

Oh, I see why. It isn't because it was linked, it's because I used the word "fix" right before mentioning it. doh, my bad!

dschaller commented 3 years ago

Thank you for you contribution to this repository.

Closing this contribution as this repository is being archived.