ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2959 from hashicorp/b-aws-iam-validation 

provider/aws: Fail silently in ValidateCredentials for IAM users
This commit is contained in:
Clint 2015-08-07 12:54:37 -05:00
parent e38615000a eb90457223
commit 6c7fe13d93
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
builtin/providers/aws/config.go
View File

@ -180,11 +180,21 @@ func (c *Config) ValidateRegion() error {
return fmt.Errorf("Not a valid region: %s", c.Region) return fmt.Errorf("Not a valid region: %s", c.Region)
} }
// Validate credentials early and fail before we do any graph walking // Validate credentials early and fail before we do any graph walking.
// In the case of an IAM role/profile with insuffecient privileges, fail
// silently
func (c *Config) ValidateCredentials(iamconn *iam.IAM) error { func (c *Config) ValidateCredentials(iamconn *iam.IAM) error {
_, err := iamconn.GetUser(nil) _, err := iamconn.GetUser(nil)
if awsErr, ok := err.(awserr.Error); ok { if awsErr, ok := err.(awserr.Error); ok {
if awsErr.Code() == "AccessDenied" || awsErr.Code() == "ValidationError" {
log.Printf("[WARN] AccessDenied Error with iam.GetUser, assuming IAM profile")
// User may be an IAM instance profile, or otherwise IAM role without the
// GetUser permissions, so fail silently
return nil
}
if awsErr.Code() == "SignatureDoesNotMatch" { if awsErr.Code() == "SignatureDoesNotMatch" {
return fmt.Errorf("Failed authenticating with AWS: please verify credentials") return fmt.Errorf("Failed authenticating with AWS: please verify credentials")
} }