builder/aws: catch static credential errors early.

If we're using static credentials, either both the access key and secret key must be set, or neither of them should be.
This commit is contained in:
Matthew Hooker 2018-01-04 11:50:27 -08:00
parent 0ae1df2071
commit 98c2a2d1f7
No known key found for this signature in database
GPG Key ID: 7B5F933D9CE8C6A1
1 changed files with 10 additions and 11 deletions

View File

@ -53,17 +53,8 @@ func (c *AccessConfig) Session() (*session.Session, error) {
} }
if c.AccessKey != "" { if c.AccessKey != "" {
creds := credentials.NewChainCredentials( config = config.WithCredentials(
[]credentials.Provider{ credentials.NewStaticCredentials(c.AccessKey, c.SecretKey, c.Token))
&credentials.StaticProvider{
Value: credentials.Value{
AccessKeyID: c.AccessKey,
SecretAccessKey: c.SecretKey,
SessionToken: c.Token,
},
},
})
config = config.WithCredentials(creds)
} }
opts := session.Options{ opts := session.Options{
@ -110,6 +101,14 @@ func (c *AccessConfig) metadataRegion() string {
func (c *AccessConfig) Prepare(ctx *interpolate.Context) []error { func (c *AccessConfig) Prepare(ctx *interpolate.Context) []error {
var errs []error var errs []error
// Either both access and secret key must be set or neither of them should
// be.
if (len(c.AccessKey) > 0) != (len(c.SecretKey) > 0) {
errs = append(errs,
fmt.Errorf("`access_key` and `secret_key` must both be either set or not set."))
}
if c.RawRegion != "" && !c.SkipValidation { if c.RawRegion != "" && !c.SkipValidation {
if valid := ValidateRegion(c.RawRegion); !valid { if valid := ValidateRegion(c.RawRegion); !valid {
errs = append(errs, fmt.Errorf("Unknown region: %s", c.RawRegion)) errs = append(errs, fmt.Errorf("Unknown region: %s", c.RawRegion))