Skip to content

Add support for getting ECS style authentication #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
KensoDev wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add support for getting ECS style authentication #36

KensoDev wants to merge 2 commits into from

Conversation

@KensoDev
Copy link

@KensoDev KensoDev commented Mar 16, 2017

When running Credstash inside ECS as a docker container, the
authentication is being "injected" as an assumed role.

This PR adds support for checking whether the context the task is being
ran in is ECS, if it is, it will instanciate the special object to grab
the auth from the ECS proxy.

BEFORE:

When trying to run the task, it would assume the role of the instance
it's running on (which may or may not have the permissions you want).

User `<instance-role>' is not authorized to perform `<specific-task>' on resource `<some-resource>'

After:

Task is running as expected and assuming the correct role.

All tests are passing

Some more changes

  • Instead of requiring and customizing the AWS sdk in multiple places,
    put it in a single file and customizing only there.
  • Added tests for the right credentials being passed in
  • Checking whether we are in ECS context based on a special ENV var only
    passed from there

KensoDev added 2 commits March 16, 2017 15:18
@KensoDev
Add support for getting ECS style authentication
0aab6ec 
When running `Credstash` inside ECS as a docker container, the
authentication is being "injected" as an assumed role.

This PR adds support for checking whether the context the task is being
ran in is ECS, if it is, it will instanciate the special object to grab
the auth from the ECS proxy.

BEFORE:

When trying to run the task, it would assume the role of the instance
it's running on (which may or may not have the permissions you want).

```
User `<instance-role>' is not authorized to perform `<specific-task>' on resource `<some-resource>'
```

After:

Task is running as expected and assuming the correct role.

All tests are passing

Some more changes

* Instead of requiring and customizing the AWS sdk in multiple places,
put it in a single file and customizing only there.
* Added tests for the right credentials being passed in
* Checking whether we are in ECS context based on a special ENV var only
passed from there
@KensoDev
remove console logging
7151a03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@KensoDev