Throw an error if aws session token is detected (#842)

vishalbollu · web-flow · commit bb403140badc · 2020-03-04T21:16:20.000Z
diff --git a/cli/cmd/lib_aws_creds.go b/cli/cmd/lib_aws_creds.go
@@ -113,6 +113,10 @@ func readAWSCredsFromConfigFile(awsCreds *AWSCredentials, path string) error {
 // awsCreds is what was read from the cluster config YAML
 func setInstallAWSCredentials(awsCreds *AWSCredentials) error {
 	// First check env vars
+	if os.Getenv("AWS_SESSION_TOKEN") != "" {
+		fmt.Println("warning: credentials requiring aws session tokens are not supported")
+	}
+
 	if os.Getenv("AWS_ACCESS_KEY_ID") != "" && os.Getenv("AWS_SECRET_ACCESS_KEY") != "" {
 		awsCreds.AWSAccessKeyID = os.Getenv("AWS_ACCESS_KEY_ID")
 		awsCreds.AWSSecretAccessKey = os.Getenv("AWS_SECRET_ACCESS_KEY")
diff --git a/pkg/lib/aws/credentials.go b/pkg/lib/aws/credentials.go
@@ -17,6 +17,8 @@ limitations under the License.
 package aws
 
 import (
+	"fmt"
+
 	"github.com/aws/aws-sdk-go/aws/credentials"
 )
 
@@ -31,6 +33,10 @@ func GetCredentialsFromCLIConfigFile() (string, string, error) {
 		return "", "", err
 	}
 
+	if value.SessionToken != "" {
+		fmt.Println("warning: credentials requiring aws session tokens are not supported")
+	}
+
 	if value.AccessKeyID == "" || value.SecretAccessKey == "" {
 		return "", "", ErrorReadCredentials()
 	}

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,8 @@ limitations under the License.`
`17`	`17`	`package aws`
`18`	`18`
`19`	`19`	`import (`
	`20`	`+ "fmt"`
	`21`	`+`
`20`	`22`	`"github.com/aws/aws-sdk-go/aws/credentials"`
`21`	`23`	`)`
`22`	`24`
`@@ -31,6 +33,10 @@ func GetCredentialsFromCLIConfigFile() (string, string, error) {`
`31`	`33`	`return "", "", err`
`32`	`34`	`}`
`33`	`35`
	`36`	`+ if value.SessionToken != "" {`
	`37`	`+ fmt.Println("warning: credentials requiring aws session tokens are not supported")`
	`38`	`+ }`
	`39`	`+`
`34`	`40`	`if value.AccessKeyID == "" \|\| value.SecretAccessKey == "" {`
`35`	`41`	`return "", "", ErrorReadCredentials()`
`36`	`42`	`}`