make sure region validation catches authentication errors

2018-10-16 14:15:55 -07:00 · 2018-10-16 14:15:55 -07:00 · 7c3f0aa3b2
parent ce30ed9444
commit 7c3f0aa3b2
3 changed files with 24 additions and 9 deletions
--- a/builder/amazon/common/access_config.go
+++ b/builder/amazon/common/access_config.go
@ -149,7 +149,10 @@ func (c *AccessConfig) Prepare(ctx *interpolate.Context) []error {

 	if c.RawRegion != "" && !c.SkipValidation {
 		ec2conn := getValidationSession()
-		if valid := ValidateRegion(c.RawRegion, ec2conn); !valid {
+		valid, err := ValidateRegion(c.RawRegion, ec2conn)
+		if err != nil {
+			errs = append(errs, fmt.Errorf("error validating region: %s", err.Error()))
+		} else if !valid {
 			errs = append(errs, fmt.Errorf("Unknown region: %s", c.RawRegion))
 		}
 	}
--- a/builder/amazon/common/ami_config.go
+++ b/builder/amazon/common/ami_config.go
@ -112,7 +112,11 @@ func (c *AMIConfig) prepareRegions(ec2conn ec2iface.EC2API, accessConfig *Access

 			if !c.AMISkipRegionValidation {
 				// Verify the region is real
-				if valid := ValidateRegion(region, ec2conn); !valid {
+				ec2conn := getValidationSession()
+				valid, err := ValidateRegion(region, ec2conn)
+				if err != nil {
+					errs = append(errs, fmt.Errorf("error validating region: %s", err.Error()))
+				} else if !valid {
 					errs = append(errs, fmt.Errorf("Unknown region: %s", region))
 				}
 			}
--- a/builder/amazon/common/regions.go
+++ b/builder/amazon/common/regions.go
@ -15,23 +15,31 @@ func getValidationSession() *ec2.EC2 {
 	return ec2conn
 }

-func listEC2Regions(ec2conn ec2iface.EC2API) []string {
+func listEC2Regions(ec2conn ec2iface.EC2API) ([]string, error) {
 	var regions []string
-	resultRegions, _ := ec2conn.DescribeRegions(nil)
+	resultRegions, err := ec2conn.DescribeRegions(nil)
+	if err != nil {
+		return []string{}, err
+	}
 	for _, region := range resultRegions.Regions {
 		regions = append(regions, *region.RegionName)
 	}

-	return regions
+	return regions, nil
 }

 // ValidateRegion returns true if the supplied region is a valid AWS
 // region and false if it's not.
-func ValidateRegion(region string, ec2conn ec2iface.EC2API) bool {
-	for _, valid := range listEC2Regions(ec2conn) {
+func ValidateRegion(region string, ec2conn ec2iface.EC2API) (bool, error) {
+	regions, err := listEC2Regions(ec2conn)
+	if err != nil {
+		return false, err
+	}
+
+	for _, valid := range regions {
 		if region == valid {
-			return true
+			return true, nil
 		}
 	}
-	return false
+	return false, nil
 }