-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: load AWS config and assume role #168
Conversation
1011a64
to
bd10b15
Compare
Codecov Report
@@ Coverage Diff @@
## main #168 +/- ##
==========================================
+ Coverage 17.48% 17.86% +0.38%
==========================================
Files 6 6
Lines 652 638 -14
==========================================
Hits 114 114
+ Misses 532 518 -14
Partials 6 6
|
bd10b15
to
7d6981a
Compare
028993d
to
e0fc0d0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see an error when I patch the plugin with this change and test with IRSA
...
sg="Error getting backup store for this location" backupLocation=velero/default controller=backup-sync error="rpc error: code = Unknown desc = AccessDenied: User: arn:aws:sts::822276436757:assumed-role/eksctl-jt-velero-irsa-addon-iamserviceaccoun-Role1-1T470KOHYLTBK/1691417499559809485 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::822276436757:role/eksctl-jt-velero-irsa-addon-iamserviceaccoun-Role1-1T470KOHYLTBK\n\tstatus code: 403, request id: 9e390336-c55f-4dd0-9d34-ec8233945ab6" error.file="/go/src/velero-plugin-for-aws/velero-plugin-for-aws/volume_snapshotter.go:67" error.function=main.getSession logSource="pkg/controller/backup_sync_controller.go:100"
Signed-off-by: Luis Davim <[email protected]>
e0fc0d0
to
6953c8c
Compare
That looks like the role is being assumed twice, I guess the SDK is handling that for us now and the extra assume role is not needed, I've updated the PR, can you run that test again? Thanks. |
This fixes vmware-tanzu/velero#3142
Please also have a look at vmware-tanzu/velero#6598