fix: NuGet job can't write to SSM when using secret role #1803

rix0rrr · 2024-12-12T11:08:34Z

When the NuGet publishing script assumes a role to retrieve the API key secret, it pollutes the global environment variables with the role credentials.

When we then later try to write to SSM, it uses the wrong role (the secret role instead of the CodeBuild role).

Retrieve the secret credentials in a subshell so they don't interfere with the CodeBuild credentials.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

When the NuGet publishing script assumes a role to retrieve the API key secret, it pollutes the global environment variables with the role credentials. When we then later try to write to SSM, it uses the wrong role (the secret role instead of the CodeBuild role). Retrieve the secret credentials in a subshell so they don't interfere with the CodeBuild credentials.

rix0rrr requested a review from a team December 12, 2024 11:08

cdklabs-automation enabled auto-merge December 12, 2024 11:08

otaviomacedo approved these changes Dec 12, 2024

View reviewed changes

cdklabs-automation added this pull request to the merge queue Dec 12, 2024

Merged via the queue into main with commit 424ce20 Dec 12, 2024
6 checks passed

cdklabs-automation deleted the huijbers/no-interference-pact branch December 12, 2024 11:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: NuGet job can't write to SSM when using secret role #1803

fix: NuGet job can't write to SSM when using secret role #1803

rix0rrr commented Dec 12, 2024

fix: NuGet job can't write to SSM when using secret role #1803

fix: NuGet job can't write to SSM when using secret role #1803

Conversation

rix0rrr commented Dec 12, 2024