Allow security_token to be set by AssumeRoleWebIdentityAdapter

[sudrao]

AWS needs a "security_token" in the request when using AssumeRoleWebIdentity on EKS.
But if we try to set it using ExAws.STS.AuthCache.AssumeRoleWebIdentityAdapter, there is a recursive loop from AssumeRoleWebIdentityAdapter to ExAws.request() and back to itself.

By using the same technique used for access_key_id and secret_access_key, i.e. set those config value to a dummy string, we can prevent the recursive callback and have a security_token set by the adapter.

I did try running tests but some of them were failing without my change.

[mattcree]

I was getting this issue using the AssumeRoleCredentialsAdapter and I discovered we were configuring ex_aws in two different places. When I removed the second configuration, this bug never happened again.

[vanetix]

Hey @sudrao thanks for the contribution, and sorry for the delayed response! I'm not super familiar with this particular configuration, so I'll spend some time setting up a reproduction of the issue.

[ahamez]

FWIW: we had no trouble using ExAws.STS.AuthCache.AssumeRoleWebIdentityAdapter with EKS, even without this PR.

[smoggach-nl]

I encountered the recursive loop and these changes fixed my issue.

[RobinFrcd]

@ahamez Are you able to tell how you made it work ?
I tried:

config :ex_aws,
  access_key_id: [{:awscli, "profile_name", 30}, {:system, "AWS_ACCESS_KEY_ID"}, :instance_role],
  secret_access_key: [{:awscli, "profile_name", 30}, {:system, "AWS_SECRET_ACCESS_KEY"}, :instance_role],
  region: [{:awscli, "profile_name", 30}, {:system, "AWS_REGION"}, :instance_role],
  awscli_auth_adapter: ExAws.STS.AuthCache.AssumeRoleWebIdentityAdapter

but it didn't work.

Thanks

[ahamez]

@RobinFrcd Sorry, it's been so long ago that I can't remember and I don't have access to the relevant code anymore 😬