verifying the credentials before assumeRole fn

2024-11-25 09:40:39 +00:00 · 2019-11-26 21:54:29 +01:00 · 2019-11-26 21:54:29 +01:00 · 8d8f5c4d78
commit 8d8f5c4d78
parent efe3702937
1 changed files with 5 additions and 4 deletions
--- a/plugin.go
+++ b/plugin.go
@ -77,7 +77,7 @@ func (p Plugin) Exec() error {
 		}
 	}
-	if p.Config.RoleARN != "" {
+	if p.Config.RoleARN != "" && !credsSet() {
 		assumeRole(p.Config.RoleARN)
 	}
@ -169,14 +169,17 @@ func CopyTfEnv() {
 	}
 }
-func assumeRole(roleArn string) bool {
+func credsSet() bool {
 	awsTokens := []string{"AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"}
 	for _, token := range awsTokens {
 		if os.Getenv(token) != "" {
 			return true
 		}
 	}
 	return false
 }
 func assumeRole(roleArn string) {
 	client := sts.New(session.New())
 	duration := time.Hour * 1
 	stsProvider := &stscreds.AssumeRoleProvider{
@ -195,8 +198,6 @@ func assumeRole(roleArn string) bool {
 	os.Setenv("AWS_ACCESS_KEY_ID", value.AccessKeyID)
 	os.Setenv("AWS_SECRET_ACCESS_KEY", value.SecretAccessKey)
 	os.Setenv("AWS_SESSION_TOKEN", value.SessionToken)
 	return true
 }
 func deleteCache(terraformDataDir string) *exec.Cmd {