Web identity + role fails to validate in the 7.0.0 release
lstoll opened this issue · comments
- I am using the latest release of AWS Vault
- I have provided my
.aws/config
(redacted if necessary) - I have provided the debug output using
aws-vault --debug
(redacted if necessary)
After upgrading to 7.0.0, we're seeing errors:
aws-vault: error: exec: Error getting temporary credentials: profile 'XXXX' has more than one source of credentials
This appears to be related to some new validation code(
Lines 684 to 709 in ec5e53c
role
and a web_identity_token_process
as two independent sources. However, the web identity provider requires both of these to be set: #587 (comment)
I'm not sure what the motivation with the new validation check was, but I'm guessing we need to only increment the count when a role exists when the web identity file/process is not set.