Skip to content

Commit

Permalink
Do not expose the AWS role external id in the logs
Browse files Browse the repository at this point in the history
  • Loading branch information
iul1an committed Sep 7, 2024
1 parent 4333b31 commit 90c15d7
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
2 changes: 1 addition & 1 deletion pkg/apis/externaldns/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ type Config struct {
AWSZoneTagFilter []string
AWSAssumeRole string
AWSProfiles []string
AWSAssumeRoleExternalID string
AWSAssumeRoleExternalID string `secure:"yes"`
AWSBatchChangeSize int
AWSBatchChangeSizeBytes int
AWSBatchChangeSizeValues int
Expand Down
3 changes: 2 additions & 1 deletion provider/aws/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,8 @@ func newV2Config(awsConfig AWSSessionConfig) (awsv2.Config, error) {
stsSvc := sts.NewFromConfig(cfg)
var assumeRoleOpts []func(*stscredsv2.AssumeRoleOptions)
if awsConfig.AssumeRoleExternalID != "" {
logrus.Infof("Assuming role: %s with external id %s", awsConfig.AssumeRole, awsConfig.AssumeRoleExternalID)
logrus.Infof("Assuming role %s with external id", awsConfig.AssumeRole)
logrus.Debugf("External id: %s", awsConfig.AssumeRoleExternalID)
assumeRoleOpts = []func(*stscredsv2.AssumeRoleOptions){
func(opts *stscredsv2.AssumeRoleOptions) {
opts.ExternalID = &awsConfig.AssumeRoleExternalID
Expand Down

0 comments on commit 90c15d7

Please sign in to comment.