Skip to content

Commit e40eda3

Browse files
martinstibbemartinstibbe
authored
INTMDB-521: Add additional error handlers to STS login logic (#1000)
* Add additional logging * Add error handler exit for failed AWS STS areas * Add error handler to get secret value
1 parent be572da commit e40eda3

File tree

1 file changed

+18
-7
lines changed

1 file changed

+18
-7
lines changed

mongodbatlas/provider.go

Lines changed: 18 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -295,7 +295,11 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
295295
awsSecretAccessKey := d.Get("aws_secret_access_key").(string)
296296
awsSessionToken := d.Get("aws_session_token").(string)
297297
endpoint := d.Get("sts_endpoint").(string)
298-
config, _ = configureCredentialsSTS(&config, secret, region, awsAccessKeyID, awsSecretAccessKey, awsSessionToken, endpoint)
298+
var err error
299+
config, err = configureCredentialsSTS(&config, secret, region, awsAccessKeyID, awsSecretAccessKey, awsSessionToken, endpoint)
300+
if err != nil {
301+
return nil, diag.FromErr(err)
302+
}
299303
}
300304

301305
return config.NewClient(ctx)
@@ -305,6 +309,7 @@ func configureCredentialsSTS(config *Config, secret, region, awsAccessKeyID, aws
305309
ep, err := endpoints.GetSTSRegionalEndpoint("regional")
306310
if err != nil {
307311
fmt.Printf("GetSTSRegionalEndpoint error: %s", err)
312+
return *config, err
308313
}
309314

310315
sess := session.Must(session.NewSession(&aws.Config{
@@ -318,25 +323,31 @@ func configureCredentialsSTS(config *Config, secret, region, awsAccessKeyID, aws
318323

319324
_, err = sess.Config.Credentials.Get()
320325
if err != nil {
321-
fmt.Printf("Session get credentils error: %s", err)
326+
fmt.Printf("Session get credentials error: %s", err)
327+
return *config, err
322328
}
323329
_, err = creds.Get()
324330
if err != nil {
325331
fmt.Printf("STS get credentials error: %s", err)
332+
return *config, err
333+
}
334+
secretString, err := secretsManagerGetSecretValue(sess, &aws.Config{Credentials: creds, Region: aws.String(region)}, secret)
335+
if err != nil {
336+
fmt.Printf("Get Secrets error: %s", err)
337+
return *config, err
326338
}
327-
secretString := secretsManagerGetSecretValue(sess, &aws.Config{Credentials: creds, Region: aws.String(region)}, secret)
328339

329340
var secretData SecretData
330341
err = json.Unmarshal([]byte(secretString), &secretData)
331342
if err != nil {
332-
return *config, nil
343+
return *config, err
333344
}
334345
config.PublicKey = secretData.PublicKey
335346
config.PrivateKey = secretData.PrivateKey
336347
return *config, nil
337348
}
338349

339-
func secretsManagerGetSecretValue(sess *session.Session, creds *aws.Config, secret string) string {
350+
func secretsManagerGetSecretValue(sess *session.Session, creds *aws.Config, secret string) (string, error) {
340351
svc := secretsmanager.New(sess, creds)
341352
input := &secretsmanager.GetSecretValueInput{
342353
SecretId: aws.String(secret),
@@ -363,11 +374,11 @@ func secretsManagerGetSecretValue(sess *session.Session, creds *aws.Config, secr
363374
} else {
364375
fmt.Println(err.Error())
365376
}
366-
return ""
377+
return "", err
367378
}
368379

369380
fmt.Println(result)
370-
return *result.SecretString
381+
return *result.SecretString, err
371382
}
372383

373384
func encodeStateID(values map[string]string) string {

0 commit comments

Comments
 (0)