diff mbox series

[1/1] fetch2/aws: forward env-vars used in gitlab-ci K8s

Message ID 20231120135933.129426-1-felix.moessbauer@siemens.com
State Accepted, archived
Commit c534526ea73805ee7cc16f3168b05ece10e0c03c
Headers show
Series [1/1] fetch2/aws: forward env-vars used in gitlab-ci K8s | expand

Commit Message

Felix Moessbauer Nov. 20, 2023, 1:59 p.m. UTC 
This patch adds the following variables to the allow-list, which are
used in the "IAM roles for AWS when using the GitLab chart":

- AWS_ROLE_ARN
- AWS_WEB_IDENTITY_TOKEN_FILE

These variables are set in the CI job environment and are needed to
access the sstate cache artifacts in a connected S3 bucket.

[1] https://docs.gitlab.com/charts/advanced/external-object-storage/aws-iam-roles.html

Reported-by: Zhi Bin Dong <zhibin.dong@siemens.com>
Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 lib/bb/fetch2/__init__.py | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/lib/bb/fetch2/__init__.py b/lib/bb/fetch2/__init__.py
index 35e9ca96..22a2f801 100644
--- a/lib/bb/fetch2/__init__.py
+++ b/lib/bb/fetch2/__init__.py
@@ -872,6 +872,8 @@  FETCH_EXPORT_VARS = ['HOME', 'PATH',
                      'AWS_PROFILE',
                      'AWS_ACCESS_KEY_ID',
                      'AWS_SECRET_ACCESS_KEY',
+                     'AWS_ROLE_ARN',
+                     'AWS_WEB_IDENTITY_TOKEN_FILE',
                      'AWS_DEFAULT_REGION',
                      'GIT_CACHE_PATH',
                      'REMOTE_CONTAINERS_IPC',