Missing profile in AWS credentials file in pod

[DhritiShikhar]

Problem

Right now, its possible to inject AWS credentials with any profile.

Expectation

Add a [default] profile when profile is explicitely missing in the source secret.

Steps to reproduce

1. Create a secret with AWS credentials without externalDNS

apiVersion: v1
stringData:
  credentials: |-
    aws_access_key_id = "lbnNoaWZ0Lm9yZwo="
    aws_secret_access_key = "PngjH/0zSTEm7n"
kind: Secret
metadata:
  name: credentials-demo
  namespace: external-dns-operator
type: Opaque

2. Create an externalDNS CR

apiVersion: externaldns.olm.openshift.io/v1alpha1
kind: ExternalDNS
metadata:
  name: external-demo-7
  namespace: external-dns-operator
spec:
  provider:
    type: AWS
    aws:  
      credentials:
        name: credentials-demo
  zones:
    - "Z3URY6TWQ91KXX"
  source:
    type: Service
    fqdnTemplate:
    - '{{.Name}}.mydomain.net'

3. Get the pod

➜  external-dns-operator git:(main) ✗ k get pods -n external-dns-operator
NAME                                            READY   STATUS             RESTARTS      AGE
external-dns-external-demo-7-5b84d4bbd5-lp5b7   1/1     Running            0             5s
external-dns-operator-696b9bf7b9-9dwt7          2/2     Running            0             55m

➜  external-dns-operator git:(main) ✗ k exec -it external-dns-external-demo-7-5b84d4bbd5-lp5b7 -n external-dns-operator -- sh
~ $ cat /etc/kubernetes/aws-credentials 
aws_access_key_id = "lbnNoaWZ0Lm9yZwo="
aws_secret_access_key = "PngjH/0zSTEm7n"~ $

Notice profile missing in the file /etc/kubernets/aws-credentials

Expected format:

~ $ cat /etc/kubernetes/aws-credentials 
[default]
aws_access_key_id = "lbnNoaWZ0Lm9yZwo="
aws_secret_access_key = "PngjH/0zSTEm7n"~ $

[DhritiShikhar]

@alebedev87 Does this seem like a valid issue?

[DhritiShikhar]

Closing this issue.

Reason:

• Content of secret keys is not part of the contract right now.