-
Notifications
You must be signed in to change notification settings - Fork 9
/
resolveaccount.go
65 lines (50 loc) · 2 KB
/
resolveaccount.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
// Copyright 2022 Namespace Labs Inc; All rights reserved.
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
package auth
import (
"context"
"errors"
"github.com/aws/aws-sdk-go-v2/credentials/ssocreds"
"github.com/aws/aws-sdk-go-v2/service/sts"
"namespacelabs.dev/foundation/internal/compute"
"namespacelabs.dev/foundation/internal/fnerrors"
awsprovider "namespacelabs.dev/foundation/internal/providers/aws"
"namespacelabs.dev/foundation/std/tasks"
)
func ResolveWithConfig(session *awsprovider.Session) compute.Computable[*sts.GetCallerIdentityOutput] {
return &resolveAccount{Session: session}
}
type resolveAccount struct {
Session *awsprovider.Session
compute.DoScoped[*sts.GetCallerIdentityOutput]
}
func (r *resolveAccount) Action() *tasks.ActionEvent {
return tasks.Action("sts.get-caller-identity").Category("aws")
}
func (r *resolveAccount) Inputs() *compute.In {
return compute.Inputs().Str("cacheKey", r.Session.CacheKey())
}
func (r *resolveAccount) Compute(ctx context.Context, _ compute.Resolved) (*sts.GetCallerIdentityOutput, error) {
out, err := sts.NewFromConfig(r.Session.Config()).GetCallerIdentity(ctx, &sts.GetCallerIdentityInput{})
if err != nil {
return nil, CheckNeedsLoginOr(r.Session, err, func(err error) error {
return fnerrors.InvocationError("aws", "sts: obtaining caller identity failed: %w", err)
})
}
if out.Account == nil {
return nil, fnerrors.InvocationError("aws", "expected GetCallerIdentityOutput.Account to be present")
}
tasks.Attachments(ctx).AddResult("account", *out.Account)
return out, nil
}
func CheckNeedsLoginOr(s *awsprovider.Session, err error, transformErr func(error) error) error {
var e1 *ssocreds.InvalidTokenError
if errors.As(err, &e1) {
if usage := s.RefreshUsage(); usage != "" {
return fnerrors.UsageError(usage, "AWS session credentials have expired.")
}
return fnerrors.New("AWS session credentials have expired")
}
return transformErr(err)
}