fix: use assumeRoleWithWebIdentity when using IRSA (external-secrets#416

) * add support for assumeRoleWithWebIdentity when used on AWS Fargate IRSA * removed trailing spaces as detected by eslint
razsha · Jun 24, 2020 · 117b926 · 117b926
1 parent 10e3991
commit 117b926
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/config/aws-config.js b/config/aws-config.js
@@ -6,6 +6,7 @@ const clonedeep = require('lodash.clonedeep')
 const merge = require('lodash.merge')
 
 const localstack = process.env.LOCALSTACK || 0
+const webIdentity = process.env.AWS_WEB_IDENTITY_TOKEN_FILE || 0
 
 let secretsManagerConfig = {}
 let systemManagerConfig = {}
@@ -44,6 +45,17 @@ module.exports = {
  },
  assumeRole: (assumeRoleOpts) => {
  const sts = new AWS.STS(stsConfig)
+ if (webIdentity) {
+ return new Promise((resolve, reject) => {
+ sts.assumeRoleWithWebIdentity(assumeRoleOpts, (err, res) => {
+ if (err) {
+ return reject(err)
+ }
+ resolve(res)
+ })
+ })
+ }
+
  return new Promise((resolve, reject) => {
  sts.assumeRole(assumeRoleOpts, (err, res) => {
  if (err) {