Merge pull request #9314 from hashicorp/f-aws-auth-logging

provider/aws: Add extra logging on AuthFailure
This commit is contained in:
James Nugent 2016-10-10 19:25:52 -04:00 committed by GitHub
commit fbc11e269a
1 changed files with 18 additions and 0 deletions

View File

@ -6,7 +6,9 @@ import (
"fmt" "fmt"
"log" "log"
"net/http" "net/http"
"os"
"strings" "strings"
"time"
"github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/awserr"
@ -54,6 +56,7 @@ import (
"github.com/aws/aws-sdk-go/service/ssm" "github.com/aws/aws-sdk-go/service/ssm"
"github.com/aws/aws-sdk-go/service/sts" "github.com/aws/aws-sdk-go/service/sts"
"github.com/aws/aws-sdk-go/service/waf" "github.com/aws/aws-sdk-go/service/waf"
"github.com/davecgh/go-spew/spew"
"github.com/hashicorp/errwrap" "github.com/hashicorp/errwrap"
"github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/terraform/helper/logging" "github.com/hashicorp/terraform/helper/logging"
@ -199,6 +202,10 @@ func (c *Config) Client() (interface{}, error) {
} }
sess.Handlers.Build.PushFrontNamed(addTerraformVersionToUserAgent) sess.Handlers.Build.PushFrontNamed(addTerraformVersionToUserAgent)
if extraDebug := os.Getenv("TERRAFORM_AWS_AUTHFAILURE_DEBUG"); extraDebug != "" {
sess.Handlers.UnmarshalError.PushFrontNamed(debugAuthFailure)
}
// Some services exist only in us-east-1, e.g. because they manage // Some services exist only in us-east-1, e.g. because they manage
// resources that can span across multiple regions, or because // resources that can span across multiple regions, or because
// signature format v4 requires region to be us-east-1 for global // signature format v4 requires region to be us-east-1 for global
@ -351,6 +358,17 @@ var addTerraformVersionToUserAgent = request.NamedHandler{
"terraform", terraform.VersionString()), "terraform", terraform.VersionString()),
} }
var debugAuthFailure = request.NamedHandler{
Name: "terraform.AuthFailureAdditionalDebugHandler",
Fn: func(req *request.Request) {
if isAWSErr(req.Error, "AuthFailure", "AWS was not able to validate the provided access credentials") {
log.Printf("[INFO] Additional AuthFailure Debugging Context")
log.Printf("[INFO] Current system UTC time: %s", time.Now().UTC())
log.Printf("[INFO] Request object: %s", spew.Sdump(req))
}
},
}
type awsLogger struct{} type awsLogger struct{}
func (l awsLogger) Log(args ...interface{}) { func (l awsLogger) Log(args ...interface{}) {