VaultSharp
VaultSharp copied to clipboard
rajanadar
AWS SDK v4 support
Describe the bug When upgrading to AWS .NET SDK v4 authentication fails when attempting to send requests using IAM. A few of the variables in the examples no longer exist and have been deprecated with the move to v4. I have attempted to utilize the new methods to send requests and continues to fail.
VaultSharp Version 1.17.5.1 (Latest)
Vault Version 1.20
Does this work with Vault CLI? Unknown
Sample Code Snippet
AmazonSecurityTokenServiceConfig amazonSecurityTokenServiceConfig = new AmazonSecurityTokenServiceConfig();
var credentials = DefaultAWSCredentialsIdentityResolver.GetCredentials();
var immutableCredentials = credentials.GetCredentials();
var getCallerIdentityRequest = new GetCallerIdentityRequest();
var amazonSecurityTokenServiceClient = new AmazonSecurityTokenServiceClient();
var endpoint = amazonSecurityTokenServiceClient.DetermineServiceOperationEndpoint(getCallerIdentityRequest);
var iamRequest = GetCallerIdentityRequestMarshaller.Instance.Marshall(getCallerIdentityRequest);
iamRequest.Endpoint = new Uri(endpoint.URL);
iamRequest.ResourcePath = "/";
iamRequest.Headers.Add("User-Agent", Guid.NewGuid().ToString());
iamRequest.Headers.Add("X-Amz-Security-Token", immutableCredentials.Token);
iamRequest.Headers.Add("Content-Type", "application/x-www-form-urlencoded; charset=utf-8");
iamRequest.Headers.Add('X-Vault-AWS-IAM-Server-ID", "serverId");
new AWS4Signer().Sign(request: iamRequest, amazonSecurityTokenServiceConfig, new RequestMetrics(), credentials);
string base64EncodedIamRequestHeaders = Convert.ToBase64String(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(iamRequest.Headers)));
IAuthMethodInfo authMethod = new IAMAWSAuthMethodInfo(requestHeaders: base64EncodedIamRequestHeaders, roleName: _roleName);
VaultClientSettings vaultClientSettings = new VaultClientSettings(hostName, authMethod)
var vaultClient = new VaultClient(vaultClientSettings);
Exception Details/Stack Trace/Error Message
{
"errors": [
"error validating X-Vault-AWS-IAM-Server-ID header: missing Authorization header"
]
}
Any additional info
