Closed DhritiShikhar closed 2 years ago
Right now, its possible to inject AWS credentials with any profile.
Add a [default] profile when profile is explicitely missing in the source secret.
[default]
apiVersion: v1 stringData: credentials: |- aws_access_key_id = "lbnNoaWZ0Lm9yZwo=" aws_secret_access_key = "PngjH/0zSTEm7n" kind: Secret metadata: name: credentials-demo namespace: external-dns-operator type: Opaque
apiVersion: externaldns.olm.openshift.io/v1alpha1 kind: ExternalDNS metadata: name: external-demo-7 namespace: external-dns-operator spec: provider: type: AWS aws: credentials: name: credentials-demo zones: - "Z3URY6TWQ91KXX" source: type: Service fqdnTemplate: - '{{.Name}}.mydomain.net'
➜ external-dns-operator git:(main) ✗ k get pods -n external-dns-operator NAME READY STATUS RESTARTS AGE external-dns-external-demo-7-5b84d4bbd5-lp5b7 1/1 Running 0 5s external-dns-operator-696b9bf7b9-9dwt7 2/2 Running 0 55m ➜ external-dns-operator git:(main) ✗ k exec -it external-dns-external-demo-7-5b84d4bbd5-lp5b7 -n external-dns-operator -- sh ~ $ cat /etc/kubernetes/aws-credentials aws_access_key_id = "lbnNoaWZ0Lm9yZwo=" aws_secret_access_key = "PngjH/0zSTEm7n"~ $
Notice profile missing in the file /etc/kubernets/aws-credentials
/etc/kubernets/aws-credentials
Expected format:
~ $ cat /etc/kubernetes/aws-credentials [default] aws_access_key_id = "lbnNoaWZ0Lm9yZwo=" aws_secret_access_key = "PngjH/0zSTEm7n"~ $
@alebedev87 Does this seem like a valid issue?
Closing this issue.
Reason:
Problem
Right now, its possible to inject AWS credentials with any profile.
Expectation
Add a
[default]
profile when profile is explicitely missing in the source secret.Steps to reproduce
Notice profile missing in the file
/etc/kubernets/aws-credentials
Expected format: