-
Notifications
You must be signed in to change notification settings - Fork 367
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AssumeRoleWithWebIdentity issues cross partition #1785
Comments
I've pushed a container image with a fix for this here: Please test it out and see if it fixes the issue for you. Source code is available here: https://github.com/nabuskey/provider-aws/tree/bugfix/web-token-partition. If this works, I will make a PR based on this. |
Hey @nabuskey I updated the image version but the provider doesn't come up healthy.
I'm using crossplane Do you know what might cause this or how to fix it? |
Can you get events from the provider revision object? Also can you post your controller config? |
Providerrevision events:
Controllerconfig with some specifics such as IRSA removed:
|
The image I linked is for the controller only so you need to specify it in the kind: ControllerConfig
metadata:
name: provider-aws-config
spec:
image: public.ecr.aws/m8u6z8z4/manabu-test:web-token-partition-v1 |
Got it running with that image now but the pods
|
Crossplane does not currently have enough maintainers to address every issue and pull request. This issue has been automatically marked as |
What happened?
When trying to create a resource in a different partition with
AssumeRoleWithWebIdentity
the following error occurs:How can we reproduce it?
There is an EKS cluster in the global partition
EKS cluster in another partition such as
aws-cn
Create OIDC IDP in
aws-cn
which trusts the global clusters OIDCTry to create any resource with:
What environment did it happen in?
Crossplane version:
index.docker.io/crossplanecontrib/provider-aws:v0.37.1
The text was updated successfully, but these errors were encountered: