recognize if AWS Pod Identity is present

[balonik]

In addition to IRSA, also recognize that AWS Pod Identity is present and do not require AccessKey&SecretKey.

[coveralls]

Pull Request Test Coverage Report for Build 9487059598

Details

• 6 of 6 (100.0%) changed or added relevant lines in 1 file are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage increased (+0.005%) to 89.617%

---

Totals
Change from base Build 9486251558:	0.005%
Covered Lines:	5317
Relevant Lines:	5933

---

💛 - Coveralls

[fjogeleit]

@balonik i think it’s possible that you also need to modify https://github.com/kyverno/policy-reporter/blob/main/pkg/helper/aws.go#L146 to use the correct provider.

[balonik]

@fjogeleit thanks for the hint!

Any reason why there is the if/else block in that function? AFAIK AWS SDK will detect credentials automatically based on internal list to go through. Unless you have a reason to override in which order credentials are used.

https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials

EDIT: I get that you need to cover use-case when accessKey and secretAccessKey is hardcoded in options.

[fjogeleit]

I tried to use the chain provider in the past but it did not work correctly and yeah main reason was to dedicdew which provider should be used based on the provided configuration with access and secret keys

[balonik]

IRSA and Pod Identity worked when I removed the block handling credentials and just kept the option for hardcoded ones.

main...balonik:policy-reporter:aws_pod-identity_support_fix

I haven't had much issues in the past using the SDK built-in chain to detect provider and credentials, but I am only working in environments using IRSA or Pod Identity. If you are willing to use it again I will create new PR. If not, I respect that and I will maintain my own fork.