Skip to content

Commit

Permalink
chore(backport release-0.8): refactor(controller): minor cleanup of a…
Browse files Browse the repository at this point in the history
…ws managed identity credential helper (#2319)

Co-authored-by: Kent Rancourt <kent.rancourt@gmail.com>
  • Loading branch information
akuitybot and krancour authored Jul 19, 2024
1 parent ab2374a commit 63933a1
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -175,13 +175,21 @@ func (p *managedIdentityCredentialHelper) getAuthToken(
return "", err
}
logger.Debug(
"controller IAM role is not authorized to assume project-specific role. falling back to default config",
"Controller IAM role is not authorized to assume project-specific role " +
"or project-specific role is not authorized to obtain an ECR auth token. " +
"Falling back to using controller's IAM role directly.",
)
ecrSvc = ecr.NewFromConfig(cfg)
output, err = ecrSvc.GetAuthorizationToken(ctx, &ecr.GetAuthorizationTokenInput{})
if err != nil {
logger.Error(err, "error getting ECR authorization token")
return "", err
if !errors.As(err, &re) || re.HTTPStatusCode() != http.StatusForbidden {
return "", err
}
logger.Debug(
"Controller's IAM role is not authorized to obtain an ECR auth token. " +
"Treating this as no credentials found.",
)
return "", nil
}
}
logger.Debug("got ECR authorization token")
Expand Down

0 comments on commit 63933a1

Please sign in to comment.