Skip to content

CDRIVER-4081 Add support for AssumeRoleWithWebIdentity in AWS Auth #1211

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Mar 14, 2023
Merged

CDRIVER-4081 Add support for AssumeRoleWithWebIdentity in AWS Auth #1211

merged 15 commits into from
Mar 14, 2023

Conversation

kevinAlbs
Copy link
Collaborator

@kevinAlbs kevinAlbs commented Mar 1, 2023
edited
Loading

Summary

  • Add support for AssumeRoleWithWebIdentity in AWS Auth

Other improvements

  • Fix length in _mongoc_http_send.
  • Fix size arg in bin_to_hex utility.
  • Ignore NULL for bson_string_free.

AWS tasks were verified in this Evergreen patch build.

Background & Motivation

The specification change is described in DRIVERS-1746.

generate_AWS_ROLE_SESSION_NAME generates a random 32 character hex string to generate AWS_ROLE_SESSION_NAME if needed:

If AWS_ROLE_SESSION_NAME is set, it MUST be used for the RoleSessionName parameter, otherwise a suitable random name can be chosen.

https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html lists the constraints for RoleSessionName:

Length Constraints: Minimum length of 2. Maximum length of 64.
Pattern: [\w+=,.@-]*

kevinAlbs added 6 commits March 1, 2023 12:37
@kevinAlbs
ignore NULL for bson_string_free
36487ae 
Follows pattern of other destroy / free functions in libbson and libmongoc
@kevinAlbs
add use_tls option to _send_http_request
f9b68da
@kevinAlbs
add _obtain_creds_from_assumerolewithwebidentity
1fbad0f 
rename expiration_to_timer to expiration_iso8601_to_timer
@kevinAlbs
fix length in _mongoc_http_send
f298af2 
`datalen` is capacity of the buffer.
@kevinAlbs
fix size arg in bin_to_hex utility
6890595 
The size argument includes the NULL byte
@kevinAlbs
test in Evergreen
0b9f23b
@kevinAlbs kevinAlbs marked this pull request as ready for review March 1, 2023 18:19
eramongodb
eramongodb requested changes Mar 2, 2023
View reviewed changes
@kevinAlbs kevinAlbs requested a review from eramongodb March 2, 2023 21:12
eramongodb
eramongodb approved these changes Mar 3, 2023
View reviewed changes
Copy link
Contributor

@eramongodb eramongodb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feedback regarding double -> int64_t conversion; otherwise, LGTM.

@kevinAlbs kevinAlbs merged commit d838ef2 into mongodb:master Mar 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vector-of-bool vector-of-bool vector-of-bool approved these changes

@eramongodb eramongodb eramongodb approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kevinAlbs @vector-of-bool @eramongodb