[Bug]: Validation for assume_role_with_web_identity does not permit usage of documented environment variable AWS_WEB_IDENTITY_TOKEN_FILE #37401
Labels
authentication
Pertains to authentication; to the provider itself of otherwise.
bug
Addresses a defect in current functionality.
provider
Pertains to the provider itself, rather than any interaction with AWS.
Terraform Core Version
1.8.3
AWS Provider Version
5.48.0
Affected Resource(s)
Provider configuration
Expected Behavior
Provider is able to use the environment variable
AWS_WEB_IDENTITY_TOKEN_FILE
to obtain the path to a file containing a JWT token.Actual Behavior
The provider does not use the environment variable as errors out due to a validation failure.
Relevant Error/Panic Output Snippet
Terraform Configuration Files
Example affected configuration:
Steps to Reproduce
AWS_WEB_IDENTITY_TOKEN_FILE
with the path to the fileassume_role_with_web_identity
block and provide the ARN for the role created earlier asrole_arn
inside that blockDebug Output
No response
Panic Output
No response
Important Factoids
No response
References
Per: https://registry.terraform.io/providers/hashicorp/aws/latest/docs#assume-role-with-web-identity-configuration-reference
The environment variable
AWS_WEB_IDENTITY_TOKEN_FILE
can be set to provide the path to a file containing the identity token.The validation code:
terraform-provider-aws/internal/provider/provider.go
Line 718 in fbad5d3
requires that EITHER
web_identity_token
orweb_identity_token_file
to be set as part of the provider configuration.Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered: