Skip to content

Commit 1596ee4

Browse files
k4kratikkuhe
k4kratik
and
kuhe
authored
added support for EKS pod identity (#4565)
* added support for EKS pod identity Signed-off-by: Kratik Jain <kratik1998@gmail.com> * removed async await Signed-off-by: Kratik Jain <kratik1998@gmail.com> * added changelog Signed-off-by: Kratik Jain <kratik1998@gmail.com> * fix: formatting, prioritize auth token vs. token file --------- Signed-off-by: Kratik Jain <kratik1998@gmail.com> Co-authored-by: George Fu <kuhe@users.noreply.github.com>
1 parent ce38231 commit 1596ee4

File tree

2 files changed

+19
-2
lines changed

2 files changed

+19
-2
lines changed

.changes/next-release/bugfix-eks-pod-identity-a72fa9c9.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
{
2+
"type": "bugfix",
3+
"category": "eks pod identity",
4+
"description": "adds support to use eks pod identity"
5+
}

lib/credentials/remote_credentials.js

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,13 @@
1+
var fs = require('fs');
2+
13
var AWS = require('../core'),
24
ENV_RELATIVE_URI = 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI',
35
ENV_FULL_URI = 'AWS_CONTAINER_CREDENTIALS_FULL_URI',
46
ENV_AUTH_TOKEN = 'AWS_CONTAINER_AUTHORIZATION_TOKEN',
7+
ENV_AUTH_TOKEN_FILE = 'AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE',
58
FULL_URI_UNRESTRICTED_PROTOCOLS = ['https:'],
69
FULL_URI_ALLOWED_PROTOCOLS = ['http:', 'https:'],
7-
FULL_URI_ALLOWED_HOSTNAMES = ['localhost', '127.0.0.1'],
10+
FULL_URI_ALLOWED_HOSTNAMES = ['localhost', '127.0.0.1', '169.254.170.23'],
811
RELATIVE_URI_HOST = '169.254.170.2';
912

1013
/**
@@ -113,7 +116,16 @@ AWS.RemoteCredentials = AWS.util.inherit(AWS.Credentials, {
113116
* @api private
114117
*/
115118
getECSAuthToken: function getECSAuthToken() {
116-
if (process && process.env && process.env[ENV_FULL_URI]) {
119+
if (process && process.env && (process.env[ENV_FULL_URI] || process.env[ENV_AUTH_TOKEN_FILE])) {
120+
if (!process.env[ENV_AUTH_TOKEN] && process.env[ENV_AUTH_TOKEN_FILE]) {
121+
try {
122+
var data = fs.readFileSync(process.env[ENV_AUTH_TOKEN_FILE]).toString();
123+
return data;
124+
} catch (error) {
125+
console.error('Error reading token file:', error);
126+
throw error; // Re-throw the error to propagate it
127+
}
128+
}
117129
return process.env[ENV_AUTH_TOKEN];
118130
}
119131
},

0 commit comments

Comments
 (0)