in auth/auth.go [78:108]
func (p Auth) GetAWSSession() (awsSession *session.Session, e error) {
var credProvider credential_provider.CredentialProvider
if p.usePodIdentity {
klog.Infof("Using Pod Identity for authentication in namespace: %s, service account: %s", p.nameSpace, p.svcAcc)
var err error
credProvider, err = credential_provider.NewPodIdentityCredentialProvider(p.region, p.nameSpace, p.svcAcc, p.podName, p.preferredAddressType, p.k8sClient)
if err != nil {
return nil, err
}
} else {
klog.Infof("Using IAM Roles for Service Accounts for authentication in namespace: %s, service account: %s", p.nameSpace, p.svcAcc)
credProvider = credential_provider.NewIRSACredentialProvider(p.stsClient, p.region, p.nameSpace, p.svcAcc, p.k8sClient, p.ctx)
}
config, err := credProvider.GetAWSConfig()
if err != nil {
return nil, err
}
// Include the provider in the user agent string.
sess, err := session.NewSession(config)
if err != nil {
return nil, err
}
sess.Handlers.Build.PushFront(func(r *request.Request) {
request.AddToUserAgent(r, ProviderName)
})
return session.Must(sess, err), nil
}