sundowndev
/
driftctl
mirror of https://github.com/sundowndev/driftctl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1557 from snyk/fix/better_aws_err_message 

fix: Better error messages for AWS auth
main
Elie 2022-07-06 09:29:41 +02:00 committed by GitHub
parent 66520e6bb3 6b13f9012c
commit 8dab805805
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pkg/remote/aws/provider.go
View File

@ -3,7 +3,9 @@ package aws
import (
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/sts"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/snyk/driftctl/pkg/output"
"github.com/snyk/driftctl/pkg/remote/terraform"
tf "github.com/snyk/driftctl/pkg/terraform"
@ -30,10 +32,10 @@ type awsConfig struct {
IgnoreTagsConfig map[string]string
Insecure bool
SkipCredsValidation bool
SkipCredsValidation bool `cty:"skip_credentials_validation"`
SkipGetEC2Platforms bool
SkipRegionValidation bool
SkipRequestingAccountId bool
SkipRequestingAccountId bool `cty:"skip_requesting_account_id"`
SkipMetadataApiCheck bool
S3ForcePathStyle bool
}
@ -69,7 +71,12 @@ func NewAWSTerraformProvider(version string, progress output.Progress, configDir
DefaultAlias: *p.session.Config.Region,
GetProviderConfig: func(alias string) interface{} {
return awsConfig{
Region: alias,
Region: alias,
// Those two parameters are used to make sure that the credentials are not validated when calling
// Configure(). Credentials validation is now handled directly in driftctl
SkipCredsValidation: true,
SkipRequestingAccountId: true,
MaxRetries: 10, // TODO make this configurable
}
},
@ -99,5 +106,14 @@ func (p *AWSTerraformProvider) CheckCredentialsExist() error {
if err != nil {
return err
}
// This call is to make sure that the credentials are valid
// A more complex logic exist in terraform provider, but it's probably not worth to implement it
// https://github.com/hashicorp/terraform-provider-aws/blob/e3959651092864925045a6044961a73137095798/aws/auth_helpers.go#L111
_, err = sts.New(p.session).GetCallerIdentity(&sts.GetCallerIdentityInput{})
if err != nil {
logrus.Debug(err)
return errors.New("Could not authenticate successfully on AWS with the provided credentials.\n" +
"Please refer to the AWS documentation: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html\n")
}
return nil
}