Refactor for clarity

mtibben · mtibben · commit afa09bfa487a · 2023-03-04T12:23:55.000+11:00
diff --git a/cli/exec.go b/cli/exec.go
@@ -172,7 +172,7 @@ func ExecCommand(input ExecCommandInput, f *vault.ConfigFile, keyring keyring.Ke
 		return 0, fmt.Errorf("Error loading config: %w", err)
 	}
 
-	credsProvider, err := vault.NewTempCredentialsProvider(config, &vault.CredentialKeyring{Keyring: keyring}, !input.NoSession)
+	credsProvider, err := vault.NewTempCredentialsProvider(config, &vault.CredentialKeyring{Keyring: keyring}, input.NoSession)
 	if err != nil {
 		return 0, fmt.Errorf("Error getting temporary credentials: %w", err)
 	}
diff --git a/cli/export.go b/cli/export.go
@@ -96,7 +96,7 @@ func ExportCommand(input ExportCommandInput, f *vault.ConfigFile, keyring keyrin
 	}
 
 	ckr := &vault.CredentialKeyring{Keyring: keyring}
-	credsProvider, err := vault.NewTempCredentialsProvider(config, ckr, !input.NoSession)
+	credsProvider, err := vault.NewTempCredentialsProvider(config, ckr, input.NoSession)
 	if err != nil {
 		return fmt.Errorf("Error getting temporary credentials: %w", err)
 	}
diff --git a/cli/login.go b/cli/login.go
@@ -106,7 +106,7 @@ func LoginCommand(input LoginCommandInput, f *vault.ConfigFile, keyring keyring.
 		ckr := &vault.CredentialKeyring{Keyring: keyring}
 		if config.HasRole() || config.HasSSOStartURL() || config.HasCredentialProcess() || config.HasWebIdentity() {
 			// If AssumeRole or sso.GetRoleCredentials isn't used, GetFederationToken has to be used for IAM credentials
-			credsProvider, err = vault.NewTempCredentialsProvider(config, ckr, !input.NoSession)
+			credsProvider, err = vault.NewTempCredentialsProvider(config, ckr, input.NoSession)
 		} else {
 			credsProvider, err = vault.NewFederationTokenCredentialsProvider(context.TODO(), input.ProfileName, ckr, config)
 		}
diff --git a/cli/rotate.go b/cli/rotate.go
@@ -51,7 +51,6 @@ func ConfigureRotateCommand(app *kingpin.Application, a *AwsVault) {
 }
 
 func RotateCommand(input RotateCommandInput, f *vault.ConfigFile, keyring keyring.Keyring) error {
-	// Can't disable sessions completely, might need to use session for MFA-Protected API Access
 	vault.UseSessionCache = false
 
 	configLoader := vault.NewConfigLoader(input.Config, f, input.ProfileName)
@@ -87,7 +86,8 @@ func RotateCommand(input RotateCommandInput, f *vault.ConfigFile, keyring keyrin
 	if input.NoSession {
 		credsProvider = vault.NewMasterCredentialsProvider(ckr, config.ProfileName)
 	} else {
-		credsProvider, err = vault.NewTempCredentialsProvider(config, ckr, !input.NoSession)
+		// Can't always disable sessions completely, might need to use session for MFA-Protected API Access
+		credsProvider, err = vault.NewTempCredentialsProvider(config, ckr, input.NoSession)
 		if err != nil {
 			return fmt.Errorf("Error getting temporary credentials: %w", err)
 		}
diff --git a/vault/vault.go b/vault/vault.go
@@ -230,9 +230,9 @@ func FindMasterCredentialsNameFor(profileName string, keyring *CredentialKeyring
 }
 
 type tempCredsCreator struct {
-	// UseSession will disable the use of GetSessionToken when set to false
-	UseSession bool
-	Keyring    *CredentialKeyring
+	// DisableSessions will disable the use of GetSessionToken when set to true
+	DisableSessions bool
+	Keyring         *CredentialKeyring
 
 	chainedMfa string
 }
@@ -303,7 +303,7 @@ func (t *tempCredsCreator) GetProviderForProfile(config *ProfileConfig) (aws.Cre
 
 // canUseGetSessionToken determines if GetSessionToken should be used, and if not returns a reason
 func (t *tempCredsCreator) canUseGetSessionToken(c *ProfileConfig) (bool, string) {
-	if !t.UseSession {
+	if t.DisableSessions {
 		return false, "sessions are disabled"
 	}
 
@@ -339,10 +339,10 @@ func mfaDetails(mfaChained bool, config *ProfileConfig) string {
 }
 
 // NewTempCredentialsProvider creates a credential provider for the given config
-func NewTempCredentialsProvider(config *ProfileConfig, keyring *CredentialKeyring, useSession bool) (aws.CredentialsProvider, error) {
+func NewTempCredentialsProvider(config *ProfileConfig, keyring *CredentialKeyring, disableSessions bool) (aws.CredentialsProvider, error) {
 	t := tempCredsCreator{
-		Keyring:    keyring,
-		UseSession: useSession,
+		Keyring:         keyring,
+		DisableSessions: disableSessions,
 	}
 	return t.GetProviderForProfile(config)
 }

Original file line number	Diff line number	Diff line change
`@@ -172,7 +172,7 @@ func ExecCommand(input ExecCommandInput, f *vault.ConfigFile, keyring keyring.Ke`
`172`	`172`	`return 0, fmt.Errorf("Error loading config: %w", err)`
`173`	`173`	`}`
`174`	`174`
`175`		`- credsProvider, err := vault.NewTempCredentialsProvider(config, &vault.CredentialKeyring{Keyring: keyring}, !input.NoSession)`
	`175`	`+ credsProvider, err := vault.NewTempCredentialsProvider(config, &vault.CredentialKeyring{Keyring: keyring}, input.NoSession)`
`176`	`176`	`if err != nil {`
`177`	`177`	`return 0, fmt.Errorf("Error getting temporary credentials: %w", err)`
`178`	`178`	`}`
Original file line number	Diff line number	Diff line change
`@@ -96,7 +96,7 @@ func ExportCommand(input ExportCommandInput, f *vault.ConfigFile, keyring keyrin`
`96`	`96`	`}`
`97`	`97`
`98`	`98`	`ckr := &vault.CredentialKeyring{Keyring: keyring}`
`99`		`- credsProvider, err := vault.NewTempCredentialsProvider(config, ckr, !input.NoSession)`
	`99`	`+ credsProvider, err := vault.NewTempCredentialsProvider(config, ckr, input.NoSession)`
`100`	`100`	`if err != nil {`
`101`	`101`	`return fmt.Errorf("Error getting temporary credentials: %w", err)`
`102`	`102`	`}`
Original file line number	Diff line number	Diff line change
`@@ -106,7 +106,7 @@ func LoginCommand(input LoginCommandInput, f *vault.ConfigFile, keyring keyring.`
`106`	`106`	`ckr := &vault.CredentialKeyring{Keyring: keyring}`
`107`	`107`	`if config.HasRole() \|\| config.HasSSOStartURL() \|\| config.HasCredentialProcess() \|\| config.HasWebIdentity() {`
`108`	`108`	`// If AssumeRole or sso.GetRoleCredentials isn't used, GetFederationToken has to be used for IAM credentials`
`109`		`- credsProvider, err = vault.NewTempCredentialsProvider(config, ckr, !input.NoSession)`
	`109`	`+ credsProvider, err = vault.NewTempCredentialsProvider(config, ckr, input.NoSession)`
`110`	`110`	`} else {`
`111`	`111`	`credsProvider, err = vault.NewFederationTokenCredentialsProvider(context.TODO(), input.ProfileName, ckr, config)`
`112`	`112`	`}`
Original file line number	Diff line number	Diff line change
`@@ -230,9 +230,9 @@ func FindMasterCredentialsNameFor(profileName string, keyring *CredentialKeyring`
`230`	`230`	`}`
`231`	`231`
`232`	`232`	`type tempCredsCreator struct {`
`233`		`- // UseSession will disable the use of GetSessionToken when set to false`
`234`		`- UseSession bool`
`235`		`- Keyring *CredentialKeyring`
	`233`	`+ // DisableSessions will disable the use of GetSessionToken when set to true`
	`234`	`+ DisableSessions bool`
	`235`	`+ Keyring *CredentialKeyring`
`236`	`236`
`237`	`237`	`chainedMfa string`
`238`	`238`	`}`
`@@ -303,7 +303,7 @@ func (t tempCredsCreator) GetProviderForProfile(config ProfileConfig) (aws.Cre`
`303`	`303`
`304`	`304`	`// canUseGetSessionToken determines if GetSessionToken should be used, and if not returns a reason`
`305`	`305`	`func (t tempCredsCreator) canUseGetSessionToken(c ProfileConfig) (bool, string) {`
`306`		`- if !t.UseSession {`
	`306`	`+ if t.DisableSessions {`
`307`	`307`	`return false, "sessions are disabled"`
`308`	`308`	`}`
`309`	`309`
`@@ -339,10 +339,10 @@ func mfaDetails(mfaChained bool, config *ProfileConfig) string {`
`339`	`339`	`}`
`340`	`340`
`341`	`341`	`// NewTempCredentialsProvider creates a credential provider for the given config`
`342`		`-func NewTempCredentialsProvider(config ProfileConfig, keyring CredentialKeyring, useSession bool) (aws.CredentialsProvider, error) {`
	`342`	`+func NewTempCredentialsProvider(config ProfileConfig, keyring CredentialKeyring, disableSessions bool) (aws.CredentialsProvider, error) {`
`343`	`343`	`t := tempCredsCreator{`
`344`		`- Keyring: keyring,`
`345`		`- UseSession: useSession,`
	`344`	`+ Keyring: keyring,`
	`345`	`+ DisableSessions: disableSessions,`
`346`	`346`	`}`
`347`	`347`	`return t.GetProviderForProfile(config)`
`348`	`348`	`}`