Skip to content

Commit

Permalink
Add SigV4 FIPS STS endpoint config
Browse files Browse the repository at this point in the history
Signed-off-by: Anand Rajagopal <[email protected]>
  • Loading branch information
rajagopalanand committed Jun 6, 2024
1 parent d726751 commit 77ec85c
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 7 deletions.
12 changes: 10 additions & 2 deletions sigv4/sigv4.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ import (
"sync"
"time"

"github.com/aws/aws-sdk-go/aws/endpoints"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
Expand Down Expand Up @@ -59,10 +61,16 @@ func NewSigV4RoundTripper(cfg *SigV4Config, next http.RoundTripper) (http.RoundT
creds = nil
}

useFIPSSTSEndpoint := endpoints.FIPSEndpointStateDisabled
if cfg.UseFIPSSTSEndpoint {
useFIPSSTSEndpoint = endpoints.FIPSEndpointStateEnabled
}

sess, err := session.NewSessionWithOptions(session.Options{
Config: aws.Config{
Region: aws.String(cfg.Region),
Credentials: creds,
Region: aws.String(cfg.Region),
Credentials: creds,
UseFIPSEndpoint: useFIPSSTSEndpoint,
},
Profile: cfg.Profile,
})
Expand Down
11 changes: 6 additions & 5 deletions sigv4/sigv4_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,12 @@ import (
// AWS's SigV4 verification process. Empty values will be retrieved using the
// AWS default credentials chain.
type SigV4Config struct {
Region string `yaml:"region,omitempty"`
AccessKey string `yaml:"access_key,omitempty"`
SecretKey config.Secret `yaml:"secret_key,omitempty"`
Profile string `yaml:"profile,omitempty"`
RoleARN string `yaml:"role_arn,omitempty"`
Region string `yaml:"region,omitempty"`
AccessKey string `yaml:"access_key,omitempty"`
SecretKey config.Secret `yaml:"secret_key,omitempty"`
Profile string `yaml:"profile,omitempty"`
RoleARN string `yaml:"role_arn,omitempty"`
UseFIPSSTSEndpoint bool `yaml:"use_fips_sts_endpoint,omitempty"`
}

func (c *SigV4Config) Validate() error {
Expand Down
1 change: 1 addition & 0 deletions sigv4/testdata/sigv4_good.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@ access_key: AccessKey
secret_key: SecretKey
profile: profile
role_arn: blah:role/arn
use_fips_sts_endpoint: true

0 comments on commit 77ec85c

Please sign in to comment.