diff --git a/hack/tools/go.sum b/hack/tools/go.sum index f7ff076910..2ef54d0ac1 100644 --- a/hack/tools/go.sum +++ b/hack/tools/go.sum @@ -140,8 +140,8 @@ github.com/ahmetb/gen-crd-api-reference-docs v0.3.0/go.mod h1:TdjdkYhlOifCQWPs1U github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7 h1:uSoVVbwJiQipAclBbw+8quDsfcvFjOpI5iCf4p/cqCs= github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= github.com/alecthomas/assert/v2 v2.3.0 h1:mAsH2wmvjsuvyBvAmCtm7zFsBlb8mIHx5ySLVdDZXL0= +github.com/alecthomas/participle/v2 v2.1.0/go.mod h1:Y1+hAs8DHPmc3YUFzqllV+eSQ9ljPTk0ZkPMtEdAx2c= github.com/alecthomas/participle/v2 v2.1.1 h1:hrjKESvSqGHzRb4yW1ciisFJ4p3MGYih6icjJvbsmV8= -github.com/alecthomas/participle/v2 v2.1.1/go.mod h1:Y1+hAs8DHPmc3YUFzqllV+eSQ9ljPTk0ZkPMtEdAx2c= github.com/alecthomas/repr v0.3.0 h1:NeYzUPfjjlqHY4KtzgKJiWd6sVq2eNUPTi34PiFGjY8= github.com/alecthomas/repr v0.3.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= diff --git a/pkg/cloud/identity/identity.go b/pkg/cloud/identity/identity.go index c14a667e24..223931fbf3 100644 --- a/pkg/cloud/identity/identity.go +++ b/pkg/cloud/identity/identity.go @@ -79,11 +79,12 @@ func GetAssumeRoleCredentials(roleIdentityProvider *AWSRolePrincipalTypeProvider } // NewAWSRolePrincipalTypeProvider will create a new AWSRolePrincipalTypeProvider from an AWSClusterRoleIdentity. -func NewAWSRolePrincipalTypeProvider(identity *infrav1.AWSClusterRoleIdentity, sourceProvider *AWSPrincipalTypeProvider, log logger.Wrapper) *AWSRolePrincipalTypeProvider { +func NewAWSRolePrincipalTypeProvider(identity *infrav1.AWSClusterRoleIdentity, sourceProvider *AWSPrincipalTypeProvider, region string, log logger.Wrapper) *AWSRolePrincipalTypeProvider { return &AWSRolePrincipalTypeProvider{ credentials: nil, stsClient: nil, Principal: identity, + region: region, sourceProvider: sourceProvider, log: log.WithName("AWSRolePrincipalTypeProvider"), } @@ -129,6 +130,7 @@ func (p *AWSStaticPrincipalTypeProvider) IsExpired() bool { type AWSRolePrincipalTypeProvider struct { Principal *infrav1.AWSClusterRoleIdentity credentials *credentials.Credentials + region string sourceProvider *AWSPrincipalTypeProvider log logger.Wrapper stsClient stsiface.STSAPI @@ -153,7 +155,7 @@ func (p *AWSRolePrincipalTypeProvider) Name() string { // Retrieve returns the credential values for the AWSRolePrincipalTypeProvider. func (p *AWSRolePrincipalTypeProvider) Retrieve() (credentials.Value, error) { if p.credentials == nil || p.IsExpired() { - awsConfig := aws.NewConfig() + awsConfig := aws.NewConfig().WithRegion(p.region) if p.sourceProvider != nil { sourceCreds, err := (*p.sourceProvider).Retrieve() if err != nil { diff --git a/pkg/cloud/identity/identity_test.go b/pkg/cloud/identity/identity_test.go index 841f99ed7b..b809e3e7cf 100644 --- a/pkg/cloud/identity/identity_test.go +++ b/pkg/cloud/identity/identity_test.go @@ -61,6 +61,7 @@ func TestAWSStaticPrincipalTypeProvider(t *testing.T) { var roleProvider AWSPrincipalTypeProvider = &AWSRolePrincipalTypeProvider{ credentials: nil, Principal: roleIdentity, + region: "us-west-2", sourceProvider: &staticProvider, stsClient: stsMock, } @@ -78,6 +79,7 @@ func TestAWSStaticPrincipalTypeProvider(t *testing.T) { var roleProvider2 AWSPrincipalTypeProvider = &AWSRolePrincipalTypeProvider{ credentials: nil, Principal: roleIdentity2, + region: "us-west-2", sourceProvider: &roleProvider, stsClient: stsMock, } diff --git a/pkg/cloud/scope/session.go b/pkg/cloud/scope/session.go index acf3fa3ab8..ecc492e7b7 100644 --- a/pkg/cloud/scope/session.go +++ b/pkg/cloud/scope/session.go @@ -314,9 +314,9 @@ func buildProvidersForRef( } if sourceProvider != nil { - provider = identity.NewAWSRolePrincipalTypeProvider(roleIdentity, &sourceProvider, log) + provider = identity.NewAWSRolePrincipalTypeProvider(roleIdentity, &sourceProvider, clusterScoper.Region(), log) } else { - provider = identity.NewAWSRolePrincipalTypeProvider(roleIdentity, nil, log) + provider = identity.NewAWSRolePrincipalTypeProvider(roleIdentity, nil, clusterScoper.Region(), log) } providers = append(providers, provider) default: