Merge pull request #73 from Cox-Automotive/develop

Develop
Cox-Automotive · May 14, 2020 · 0b148df · 0b148df
2 parents e649a98 + 705a9c5
commit 0b148df
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/config.go b/config.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"strings"
 	"time"
 
 	"github.com/hashicorp/go-cleanhttp"
@@ -138,13 +139,19 @@ providing credentials for the ALKS Provider`)
 	}
 
 	// make a basic api call to test creds are valid
-	_, serr := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})
+	cident, serr := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})
 
 	// check for valid creds
 	if serr != nil {
 		return nil, serr
 	}
 
+	// check if the user is using a assume-role IAM admin session
+	if isValidIAM(cident.Arn) != true {
+		return nil, errors.New("Looks like you are not using ALKS IAM credentials. This will result in errors when creating roles. \n " +
+			"Note: If using ALKS CLI to get credentials, be sure to use the '-i' flag. \n Please see https://coxautoinc.sharepoint.com/sites/service-internal-tools-team/SitePages/ALKS-Terraform-Provider---Troubleshooting.aspx for more information.")
+	}
+
 	// got good creds, create alks sts client
 	client, err := alks.NewSTSClient(c.URL, cp.AccessKeyID, cp.SecretAccessKey, cp.SessionToken)
 
@@ -166,3 +173,12 @@ func getPluginVersion() string {
 
 	return "unknown"
 }
+
+func isValidIAM(cident *string) bool {
+
+	if strings.Contains(*cident, "assumed-role/Admin/") || strings.Contains(*cident, "assumed-role/IAMAdmin/") {
+		return true
+	}
+
+	return false
+}