From fa9a86706f4d80103b646760caf2383e90586c6d Mon Sep 17 00:00:00 2001 From: Tommy Wang Date: Fri, 5 Jan 2018 15:57:45 -0600 Subject: [PATCH 1/2] fallback to session-derived credentials --- aws/config.go | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/aws/config.go b/aws/config.go index 86eb60f4f9bf..d3681ef004f0 100644 --- a/aws/config.go +++ b/aws/config.go @@ -265,16 +265,21 @@ func (c *Config) Client() (interface{}, error) { cp, err := creds.Get() if err != nil { if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "NoCredentialProviders" { - // If a profile wasn't specified then error out - if c.Profile == "" { + // The session may still be able to resolve credentials from shared config. + sess, err := session.NewSession() + if err != nil { return nil, errors.New(`No valid credential sources found for AWS Provider. Please see https://terraform.io/docs/providers/aws/index.html for more information on providing credentials for the AWS Provider`) } - // add the profile and enable share config file usage - log.Printf("[INFO] AWS Auth using Profile: %q", c.Profile) - opt.Profile = c.Profile - opt.SharedConfigState = session.SharedConfigEnable + _, err = sess.Config.Credentials.Get() + if err != nil { + return nil, errors.New(`No valid credential sources found for AWS Provider. + Please see https://terraform.io/docs/providers/aws/index.html for more information on + providing credentials for the AWS Provider`) + } + log.Printf("[INFO] Using session-derived AWS Auth") + opt.Config.Credentials = sess.Config.Credentials } else { return nil, fmt.Errorf("Error loading credentials for AWS Provider: %s", err) } From 36382deae08935c13fb5a7e78fe3b4840192fecf Mon Sep 17 00:00:00 2001 From: Tommy Wang Date: Wed, 10 Jan 2018 12:48:13 -0600 Subject: [PATCH 2/2] add support for profile within provider configuration --- aws/config.go | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/aws/config.go b/aws/config.go index d3681ef004f0..c4cbbdf7893b 100644 --- a/aws/config.go +++ b/aws/config.go @@ -265,21 +265,27 @@ func (c *Config) Client() (interface{}, error) { cp, err := creds.Get() if err != nil { if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "NoCredentialProviders" { - // The session may still be able to resolve credentials from shared config. - sess, err := session.NewSession() - if err != nil { - return nil, errors.New(`No valid credential sources found for AWS Provider. - Please see https://terraform.io/docs/providers/aws/index.html for more information on - providing credentials for the AWS Provider`) - } - _, err = sess.Config.Credentials.Get() - if err != nil { - return nil, errors.New(`No valid credential sources found for AWS Provider. - Please see https://terraform.io/docs/providers/aws/index.html for more information on - providing credentials for the AWS Provider`) + // If a profile wasn't specified, the session may still be able to resolve credentials from shared config. + if c.Profile == "" { + sess, err := session.NewSession() + if err != nil { + return nil, errors.New(`No valid credential sources found for AWS Provider. + Please see https://terraform.io/docs/providers/aws/index.html for more information on + providing credentials for the AWS Provider`) + } + _, err = sess.Config.Credentials.Get() + if err != nil { + return nil, errors.New(`No valid credential sources found for AWS Provider. + Please see https://terraform.io/docs/providers/aws/index.html for more information on + providing credentials for the AWS Provider`) + } + log.Printf("[INFO] Using session-derived AWS Auth") + opt.Config.Credentials = sess.Config.Credentials + } else { + log.Printf("[INFO] AWS Auth using Profile: %q", c.Profile) + opt.Profile = c.Profile + opt.SharedConfigState = session.SharedConfigEnable } - log.Printf("[INFO] Using session-derived AWS Auth") - opt.Config.Credentials = sess.Config.Credentials } else { return nil, fmt.Errorf("Error loading credentials for AWS Provider: %s", err) }