Merge pull request #9314 from hashicorp/f-aws-auth-logging
provider/aws: Add extra logging on AuthFailure
This commit is contained in:
commit
fbc11e269a
|
@ -6,7 +6,9 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/aws/aws-sdk-go/aws"
|
"github.com/aws/aws-sdk-go/aws"
|
||||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||||
|
@ -54,6 +56,7 @@ import (
|
||||||
"github.com/aws/aws-sdk-go/service/ssm"
|
"github.com/aws/aws-sdk-go/service/ssm"
|
||||||
"github.com/aws/aws-sdk-go/service/sts"
|
"github.com/aws/aws-sdk-go/service/sts"
|
||||||
"github.com/aws/aws-sdk-go/service/waf"
|
"github.com/aws/aws-sdk-go/service/waf"
|
||||||
|
"github.com/davecgh/go-spew/spew"
|
||||||
"github.com/hashicorp/errwrap"
|
"github.com/hashicorp/errwrap"
|
||||||
"github.com/hashicorp/go-cleanhttp"
|
"github.com/hashicorp/go-cleanhttp"
|
||||||
"github.com/hashicorp/terraform/helper/logging"
|
"github.com/hashicorp/terraform/helper/logging"
|
||||||
|
@ -199,6 +202,10 @@ func (c *Config) Client() (interface{}, error) {
|
||||||
}
|
}
|
||||||
sess.Handlers.Build.PushFrontNamed(addTerraformVersionToUserAgent)
|
sess.Handlers.Build.PushFrontNamed(addTerraformVersionToUserAgent)
|
||||||
|
|
||||||
|
if extraDebug := os.Getenv("TERRAFORM_AWS_AUTHFAILURE_DEBUG"); extraDebug != "" {
|
||||||
|
sess.Handlers.UnmarshalError.PushFrontNamed(debugAuthFailure)
|
||||||
|
}
|
||||||
|
|
||||||
// Some services exist only in us-east-1, e.g. because they manage
|
// Some services exist only in us-east-1, e.g. because they manage
|
||||||
// resources that can span across multiple regions, or because
|
// resources that can span across multiple regions, or because
|
||||||
// signature format v4 requires region to be us-east-1 for global
|
// signature format v4 requires region to be us-east-1 for global
|
||||||
|
@ -351,6 +358,17 @@ var addTerraformVersionToUserAgent = request.NamedHandler{
|
||||||
"terraform", terraform.VersionString()),
|
"terraform", terraform.VersionString()),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var debugAuthFailure = request.NamedHandler{
|
||||||
|
Name: "terraform.AuthFailureAdditionalDebugHandler",
|
||||||
|
Fn: func(req *request.Request) {
|
||||||
|
if isAWSErr(req.Error, "AuthFailure", "AWS was not able to validate the provided access credentials") {
|
||||||
|
log.Printf("[INFO] Additional AuthFailure Debugging Context")
|
||||||
|
log.Printf("[INFO] Current system UTC time: %s", time.Now().UTC())
|
||||||
|
log.Printf("[INFO] Request object: %s", spew.Sdump(req))
|
||||||
|
}
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
type awsLogger struct{}
|
type awsLogger struct{}
|
||||||
|
|
||||||
func (l awsLogger) Log(args ...interface{}) {
|
func (l awsLogger) Log(args ...interface{}) {
|
||||||
|
|
Loading…
Reference in New Issue