nits

Signed-off-by: nithyatsu <nithyasu@microsoft.com>

deploy/Chart/templates/ucp/deployment.yaml

@@ -84,5 +84,4 @@ spec:
         - name: {{ .Values.global.rootCA.volumeName }}
           secret:
             secretName: {{ .Values.global.rootCA.secretName }}
-        {{- end }}
-
+        {{- end }}

pkg/recipes/terraform/config/providers/aws.go

@@ -51,7 +51,6 @@ const (
 	sessionName     = "session_name"
 	tokenFile       = "web_identity_token_file"
 	tokenFilePath   = "/var/run/secrets/eks.amazonaws.com/serviceaccount/token"
-	stsRegion       = "sts_region"
 )
 
 var _ Provider = (*awsProvider)(nil)
@@ -161,6 +160,14 @@ func (p *awsProvider) generateProviderConfigMap(credentials *credentials.AWSCred
 			}
 
 		case ucp_datamodel.AWSIRSACredentialKind:
+			// Radius requests will first be routed to STS endpoint,
+			// where it will be validated and then the request to the specific service (such as S3) will be made using
+			// the bearer token from the STS response.
+			// Based on the https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html,
+			// STS endpoint should be region based, and in the same region as
+			// Radius instance to minimize latency associated eith STS call and thereby improve performance.
+			// We should provide the user with ability to configure the STS endpoint region.
+			// For now, we are using the global STS endpoint, which is the default.
 			if credentials.IRSACredential != nil && credentials.IRSACredential.RoleARN != "" {
 				config[awsIRSAProvider] = map[string]any{
 					awsRoleARN:  credentials.IRSACredential.RoleARN,

pkg/recipes/terraform/config/providers/aws_test.go

@@ -78,7 +78,6 @@ func newMockAWSIRSACredentialsProvider() *mockAWSCredentialsProvider {
 
 // Fetch returns mock AWS credentials for testing. It takes in a context, planeName and name and returns
 // an AWSCredential or an error if the credentials are empty.
-// TODO: update as part of IRSA support in Terraform provider
 func (p *mockAWSCredentialsProvider) Fetch(ctx context.Context, planeName, name string) (*ucp_credentials.AWSCredential, error) {
 	if p.testCredential == nil {
 		return nil, &secret.ErrNotFound{}

pkg/ucp/aws/ucpcredentialprovider.go

@@ -115,7 +115,7 @@ func (c *UCPCredentialProvider) Retrieve(ctx context.Context) (aws.Credentials,
 		// STS endpoint should be region based, and in the same region as
 		// Radius instance to minimize latency associated eith STS call and thereby improve performance.
 		// We should provide the user with ability to configure the STS endpoint region.
-		// For now, we are using the global STS endpoint.
+		// For now, we are using the global STS endpoint, which is the default.
 		awscfg, err := config.LoadDefaultConfig(context.TODO(),
 			config.WithRegion(awsSTSGlobalEndPointSigningRegion))
 

pkg/ucp/credentials/aws.go

@@ -98,6 +98,5 @@ func (p *AWSCredentialProvider) Fetch(ctx context.Context, planeName, name strin
 		return nil, errors.New("failed to get credential info: " + err.Error())
 	}
 
-	// going to have the irsa role retunred using AWSCredentialProvider fetch
 	return &s, nil
 }

pkg/ucp/frontend/aws/routes.go

@@ -319,5 +319,4 @@ func (m *Module) newAWSConfig(ctx context.Context) (aws.Config, error) {
 	}
 
 	return awscfg, nil
-
 }

pkg/ucp/frontend/controller/awsproxy/createorupdateawsresourcewithpost.go

@@ -64,8 +64,6 @@ func (p *CreateOrUpdateAWSResourceWithPost) Run(ctx context.Context, w http.Resp
 		return errResponse, nil
 	}
 
-	//logger.Info("ENTERED POST")
-
 	properties, err := readPropertiesFromBody(req)
 	if err != nil {
 		e := v1.ErrorResponse{

pkg/ucp/frontend/controller/credentials/aws/createorupdateawscredential_test.go

@@ -63,7 +63,6 @@ func Test_AWS_Credential(t *testing.T) {
 			fn:         setupCredentialSuccessMocks,
 			err:        nil,
 		},
-
 		{
 			name:       "test_invalid_version_credential_resource",
 			filename:   "aws-credential.json",