From 7c3f0aa3b2f4d10ad37bc12ebf7217297c5fd141 Mon Sep 17 00:00:00 2001
From: Megan Marsh <megan@hashicorp.com>
Date: Tue, 16 Oct 2018 14:15:55 -0700
Subject: [PATCH] make sure region validation catches authentication errors

---
 builder/amazon/common/access_config.go |  5 ++++-
 builder/amazon/common/ami_config.go    |  6 +++++-
 builder/amazon/common/regions.go       | 22 +++++++++++++++-------
 3 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/builder/amazon/common/access_config.go b/builder/amazon/common/access_config.go
index 4ce478dd9..16dde5965 100644
--- a/builder/amazon/common/access_config.go
+++ b/builder/amazon/common/access_config.go
@@ -149,7 +149,10 @@ func (c *AccessConfig) Prepare(ctx *interpolate.Context) []error {
 
 	if c.RawRegion != "" && !c.SkipValidation {
 		ec2conn := getValidationSession()
-		if valid := ValidateRegion(c.RawRegion, ec2conn); !valid {
+		valid, err := ValidateRegion(c.RawRegion, ec2conn)
+		if err != nil {
+			errs = append(errs, fmt.Errorf("error validating region: %s", err.Error()))
+		} else if !valid {
 			errs = append(errs, fmt.Errorf("Unknown region: %s", c.RawRegion))
 		}
 	}
diff --git a/builder/amazon/common/ami_config.go b/builder/amazon/common/ami_config.go
index 58c6b8827..49fc10cfe 100644
--- a/builder/amazon/common/ami_config.go
+++ b/builder/amazon/common/ami_config.go
@@ -112,7 +112,11 @@ func (c *AMIConfig) prepareRegions(ec2conn ec2iface.EC2API, accessConfig *Access
 
 			if !c.AMISkipRegionValidation {
 				// Verify the region is real
-				if valid := ValidateRegion(region, ec2conn); !valid {
+				ec2conn := getValidationSession()
+				valid, err := ValidateRegion(region, ec2conn)
+				if err != nil {
+					errs = append(errs, fmt.Errorf("error validating region: %s", err.Error()))
+				} else if !valid {
 					errs = append(errs, fmt.Errorf("Unknown region: %s", region))
 				}
 			}
diff --git a/builder/amazon/common/regions.go b/builder/amazon/common/regions.go
index 67dee4212..b76e1db57 100644
--- a/builder/amazon/common/regions.go
+++ b/builder/amazon/common/regions.go
@@ -15,23 +15,31 @@ func getValidationSession() *ec2.EC2 {
 	return ec2conn
 }
 
-func listEC2Regions(ec2conn ec2iface.EC2API) []string {
+func listEC2Regions(ec2conn ec2iface.EC2API) ([]string, error) {
 	var regions []string
-	resultRegions, _ := ec2conn.DescribeRegions(nil)
+	resultRegions, err := ec2conn.DescribeRegions(nil)
+	if err != nil {
+		return []string{}, err
+	}
 	for _, region := range resultRegions.Regions {
 		regions = append(regions, *region.RegionName)
 	}
 
-	return regions
+	return regions, nil
 }
 
 // ValidateRegion returns true if the supplied region is a valid AWS
 // region and false if it's not.
-func ValidateRegion(region string, ec2conn ec2iface.EC2API) bool {
-	for _, valid := range listEC2Regions(ec2conn) {
+func ValidateRegion(region string, ec2conn ec2iface.EC2API) (bool, error) {
+	regions, err := listEC2Regions(ec2conn)
+	if err != nil {
+		return false, err
+	}
+
+	for _, valid := range regions {
 		if region == valid {
-			return true
+			return true, nil
 		}
 	}
-	return false
+	return false, nil
 }