ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

provider/aws: Check credentials before attempting to do anything

This commit is contained in:
Clint Shryock 2015-07-14 16:39:50 -05:00
parent eedcb40ee3
commit 975e1a6c2c
1 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
builtin/providers/aws/config.go
View File

@ -8,6 +8,7 @@ import (
"github.com/hashicorp/terraform/helper/multierror" "github.com/hashicorp/terraform/helper/multierror"
"github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/service/autoscaling" "github.com/aws/aws-sdk-go/service/autoscaling"
"github.com/aws/aws-sdk-go/service/cloudwatch" "github.com/aws/aws-sdk-go/service/cloudwatch"
@ -85,6 +86,14 @@ func (c *Config) Client() (interface{}, error) {
MaxRetries: c.MaxRetries, MaxRetries: c.MaxRetries,
} }
log.Println("[INFO] Initializing IAM Connection")
client.iamconn = iam.New(awsConfig)
err := c.ValidateCredentials(client.iamconn)
if err != nil {
errs = append(errs, err)
}
log.Println("[INFO] Initializing DynamoDB connection") log.Println("[INFO] Initializing DynamoDB connection")
client.dynamodbconn = dynamodb.New(awsConfig) client.dynamodbconn = dynamodb.New(awsConfig)
@ -103,15 +112,12 @@ func (c *Config) Client() (interface{}, error) {
log.Println("[INFO] Initializing RDS Connection") log.Println("[INFO] Initializing RDS Connection")
client.rdsconn = rds.New(awsConfig) client.rdsconn = rds.New(awsConfig)
log.Println("[INFO] Initializing IAM Connection")
client.iamconn = iam.New(awsConfig)
log.Println("[INFO] Initializing Kinesis Connection") log.Println("[INFO] Initializing Kinesis Connection")
client.kinesisconn = kinesis.New(awsConfig) client.kinesisconn = kinesis.New(awsConfig)
err := c.ValidateAccountId(client.iamconn) authErr := c.ValidateAccountId(client.iamconn)
if err != nil { if authErr != nil {
errs = append(errs, err) errs = append(errs, authErr)
} }
log.Println("[INFO] Initializing AutoScaling connection") log.Println("[INFO] Initializing AutoScaling connection")
@ -165,6 +171,21 @@ func (c *Config) ValidateRegion() error {
return fmt.Errorf("Not a valid region: %s", c.Region) return fmt.Errorf("Not a valid region: %s", c.Region)
} }
// Validate credentials early and fail before we do any graph walking
func (c *Config) ValidateCredentials(iamconn *iam.IAM) error {
_, err := iamconn.GetUser(nil)
if err != nil {
if awsErr, ok := err.(awserr.Error); ok {
if awsErr.Code() == "SignatureDoesNotMatch" {
return fmt.Errorf("Failed authenticating with AWS: please verify credentials")
}
}
return err
}
return nil
}
// ValidateAccountId returns a context-specific error if the configured account // ValidateAccountId returns a context-specific error if the configured account
// id is explicitly forbidden or not authorised; and nil if it is authorised. // id is explicitly forbidden or not authorised; and nil if it is authorised.
func (c *Config) ValidateAccountId(iamconn *iam.IAM) error { func (c *Config) ValidateAccountId(iamconn *iam.IAM) error {