fix: AWS Secret manager respect pod identity overrides (kedacore#6197)

Signed-off-by: Jorge Turrado <[email protected]> Signed-off-by: Jorge Turrado Ferrero <[email protected]> Signed-off-by: michael pechner <[email protected]>
nrichardson-akasa · Nov 29, 2024 · 7973750 · 7973750
1 parent b6ea514
commit 7973750
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -80,6 +80,7 @@ Here is an overview of all new **experimental** features:
 
 ### Fixes
 
+- **AWS Secret Manager**: Pod identity overrides are honored ([#6195](https://github.com/kedacore/keda/issues/6195))
 - **Azure Event Hub Scaler**: Checkpointer errors are correctly handled ([#6084](https://github.com/kedacore/keda/issues/6084))
 - **Metrics API Scaler**: Prometheus metrics can have multiple labels ([#6077](https://github.com/kedacore/keda/issues/6077))
 

diff --git a/pkg/scaling/resolver/aws_secretmanager_handler.go b/pkg/scaling/resolver/aws_secretmanager_handler.go
@@ -108,6 +108,7 @@ func (ash *AwsSecretManagerHandler) Initialize(ctx context.Context, client clien
 			return fmt.Errorf("AccessKeyID and AccessSecretKey are expected when not using a pod identity provider")
 		}
 	case kedav1alpha1.PodIdentityProviderAws:
+		ash.awsMetadata.UsingPodIdentity = true
 		if ash.secretManager.PodIdentity.IsWorkloadIdentityOwner() {
 			awsRoleArn, err := resolveServiceAccountAnnotation(ctx, client, podSpec.ServiceAccountName, triggerNamespace, kedav1alpha1.PodIdentityAnnotationEKS, true)
 			if err != nil {