AWS Provider for OCI Does not account for disconnected AWS partitions #832
Comments
|
I understand that an alternative path to implementing this would be to expand the regex to include these disconnected partitions, but it seems like there is a bigger discussion that should happen around this. |
|
After further investigation, it looks like this happens because the regex tries to pull the region out of the URL. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
oci/auth/aws/auth.go::40This regular expression is used to determine if flux should try to authenticate to the AWS API when pulling an OCI resource. However, this regex does not support some other AWS regions, notably disconnected AWS partitions.
Thus, flux does not detect that it is in AWS and fails due to missing username/password.
Why is this implemented as such? If the user is already forced to specify
provider: awsonhelmrepositoriesfor example, why does flux still parse the URL instead of de-facto authenticating?I recommend removing this check and assuming the OCI endpoint requires AWS authentication if the user specifies
provider: awsregardless of the URL. If the user in error specifiesprovider: awsfor a non-AWS-backed OCI repo, then flux should fail.The text was updated successfully, but these errors were encountered: