From 9b3da71f9237f197155ffa38847dd3becb530efc Mon Sep 17 00:00:00 2001 From: Aaron Donovan Date: Fri, 21 Jun 2019 15:36:37 -0400 Subject: [PATCH 1/2] Allow configuration of nonce for ec2 authentication --- command/agent/auth/aws/aws.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/command/agent/auth/aws/aws.go b/command/agent/auth/aws/aws.go index fdac099e99eb..9545ed517029 100644 --- a/command/agent/auth/aws/aws.go +++ b/command/agent/auth/aws/aws.go @@ -155,6 +155,14 @@ func NewAWSAuthMethod(conf *auth.AuthConfig) (auth.AuthMethod, error) { a.lastCreds = creds go a.pollForCreds(accessKey, secretKey, sessionToken, credentialPollIntervalSec) + } else { + nonceRaw, ok := conf.Config["nonce"] + if ok { + a.nonce, ok = nonceRaw.(string) + if !ok { + return nil, errors.New("could not convert 'nonce' value into string") + } + } } return a, nil From aa967852920be10a221f26f192ce5d4478f76062 Mon Sep 17 00:00:00 2001 From: Aaron Donovan Date: Mon, 24 Jun 2019 08:14:55 -0400 Subject: [PATCH 2/2] Addressing pull request comment --- command/agent/auth/aws/aws.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/command/agent/auth/aws/aws.go b/command/agent/auth/aws/aws.go index 9545ed517029..d3ea6007202d 100644 --- a/command/agent/auth/aws/aws.go +++ b/command/agent/auth/aws/aws.go @@ -134,6 +134,14 @@ func NewAWSAuthMethod(conf *auth.AuthConfig) (auth.AuthMethod, error) { } } + nonceRaw, ok := conf.Config["nonce"] + if ok { + a.nonce, ok = nonceRaw.(string) + if !ok { + return nil, errors.New("could not convert 'nonce' value into string") + } + } + if a.authType == typeIAM { // Check for an optional custom frequency at which we should poll for creds. @@ -155,14 +163,6 @@ func NewAWSAuthMethod(conf *auth.AuthConfig) (auth.AuthMethod, error) { a.lastCreds = creds go a.pollForCreds(accessKey, secretKey, sessionToken, credentialPollIntervalSec) - } else { - nonceRaw, ok := conf.Config["nonce"] - if ok { - a.nonce, ok = nonceRaw.(string) - if !ok { - return nil, errors.New("could not convert 'nonce' value into string") - } - } } return a, nil