Skip to content

Commit

Permalink
Merge pull request #72 from Cox-Automotive/improveErrorMessages
Browse files Browse the repository at this point in the history
Check if STS is Admin!
  • Loading branch information
americk0 authored May 14, 2020
2 parents 90ee1a2 + b413c55 commit 705a9c5
Showing 1 changed file with 17 additions and 1 deletion.
18 changes: 17 additions & 1 deletion config.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"fmt"
"log"
"os"
"strings"
"time"

"github.com/hashicorp/go-cleanhttp"
Expand Down Expand Up @@ -138,13 +139,19 @@ providing credentials for the ALKS Provider`)
}

// make a basic api call to test creds are valid
_, serr := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})
cident, serr := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})

// check for valid creds
if serr != nil {
return nil, serr
}

// check if the user is using a assume-role IAM admin session
if isValidIAM(cident.Arn) != true {
return nil, errors.New("Looks like you are not using ALKS IAM credentials. This will result in errors when creating roles. \n " +
"Note: If using ALKS CLI to get credentials, be sure to use the '-i' flag. \n Please see https://coxautoinc.sharepoint.com/sites/service-internal-tools-team/SitePages/ALKS-Terraform-Provider---Troubleshooting.aspx for more information.")
}

// got good creds, create alks sts client
client, err := alks.NewSTSClient(c.URL, cp.AccessKeyID, cp.SecretAccessKey, cp.SessionToken)

Expand All @@ -166,3 +173,12 @@ func getPluginVersion() string {

return "unknown"
}

func isValidIAM(cident *string) bool {

if strings.Contains(*cident, "assumed-role/Admin/") || strings.Contains(*cident, "assumed-role/IAMAdmin/") {
return true
}

return false
}

0 comments on commit 705a9c5

Please sign in to comment.