/terraform

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

provider/aws: Fail silently in ValidateCredentials for IAM users #2959

Merged
merged 2 commits into from Aug 7, 2015

Conversation

Reviewers
No reviews
Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
2 participants
@catsby @phinze
@catsby
Member

catsby commented Aug 7, 2015

WIP, don't merge yet

This should help fix #2828 and #2955 (introduced by #2730) by failing silently in the event of an AccessDenied or ValidationError error message from the iam.GetUser call. Instance Profiles may not have this role/permission, but right now we're failing here. If there exists any hierarchy of nodes (dependencies), you can trigger a crash (patched in #2963).

  • If a role has no IAM policy attached, any authentication via iam.GetUser with an IAM profile will receive an AccessDenied error message.
  • If the role does have an IAM policy, any authentication via iam.GetUser will return a ValidationError regarding a missing user name

Testing this now, may change to specifically confirm the awsErr.Message() contains iam:GetUser message Good To Go

@catsby catsby referenced this pull request Aug 7, 2015

Closed

provider/aws crash when authenticating via instance profile on 0.6.2 #2955

@catsby catsby referenced this pull request Aug 7, 2015

Closed

Cannot read from AWS instance IAM role for AWS provider (as of 5a15c02cbbea27d3f8345b5fe0f348a08a24fdb9) #2828

@catsby catsby added bug provider/aws labels Aug 7, 2015

@phinze

This comment has been minimized.

Show comment
Hide comment
@phinze

phinze Aug 7, 2015

Member

LGTM
Member

phinze commented Aug 7, 2015

LGTM

catsby added a commit that referenced this pull request Aug 7, 2015

@catsby
Merge pull request #2959 from hashicorp/b-aws-iam-validation 
provider/aws: Fail silently in ValidateCredentials for IAM users
6c7fe13

@catsby catsby merged commit 6c7fe13 into master Aug 7, 2015
1 check passed

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@sarguru sarguru referenced this pull request Aug 14, 2015

Merged

Fail silently when account validation fails while from instance profile #3001

@phinze phinze deleted the b-aws-iam-validation branch Jan 4, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment