-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ImdsCredentialsProvider does not follow redirects #1303
Comments
Thanks for the report! I've opened a PR to fix this. |
The PR has been merged and changes will be present in the next release v1.2.24, scheduled for tomorrow. |
|
@lauzadis Thank you so much for the extremely efficient turnaround on this issue! |
Describe the bug
When running under k8s and using kiam to proxy IAM metadata requests, requests towards
/latest/meta-data/iam/security-credentials
result in HTTP 301 responses with redirects to/latest/meta-data/iam/security-credentials/
(trailing slash). This is different from the behavior when accessing EC2 metadata directly, where both variants result in HTTP 200. Arguably this should be addressed kiam side, but I don't think any development is done in that project at this point. It seems the Rust SDK has chosen to address this by simply always appending the final slash: awslabs/aws-sdk-rust#560Expected behavior
Instantiating
ImdsCredentialsProvider()
should be able to discover the IAM/kiam provided role associated with the running context under k8s/kiam.Current behavior
When no
profileOverride
is supplied to ImdsCredentialsProvider, it fails withSteps to Reproduce
Instantiating
ImdsCredentialsProvider
under k8s/kiam.Possible Solution
Append terminating slash to URL used for profile discovery in
loadProfile
.Context
No response
AWS Kotlin SDK version used
1.1.1, relevant code appears unchanged up until 1.2.6.
Platform (JVM/JS/Native)
JVM
Operating System and version
Linux 6.1.85
The text was updated successfully, but these errors were encountered: