Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

provider/aws: Fail silently in ValidateCredentials for IAM users #2959

Merged
merged 2 commits into from
Aug 7, 2015
Merged

provider/aws: Fail silently in ValidateCredentials for IAM users #2959

merged 2 commits into from
Aug 7, 2015

Conversation

catsby
Copy link
Contributor

@catsby catsby commented Aug 7, 2015

WIP, don't merge yet

This should help fix #2828 and #2955 (introduced by #2730) by failing silently in the event of an AccessDenied or ValidationError error message from the iam.GetUser call. Instance Profiles may not have this role/permission, but right now we're failing here. If there exists any hierarchy of nodes (dependencies), you can trigger a crash (patched in #2963).

  • If a role has no IAM policy attached, any authentication via iam.GetUser with an IAM profile will receive an AccessDenied error message.
  • If the role does have an IAM policy, any authentication via iam.GetUser will return a ValidationError regarding a missing user name

Testing this now, may change to specifically confirm the awsErr.Message() contains iam:GetUser message Good To Go

@catsby catsby mentioned this pull request Aug 7, 2015
Closed
@catsby catsby mentioned this pull request Aug 7, 2015
Closed
@phinze
Copy link
Contributor

phinze commented Aug 7, 2015

LGTM

catsby added a commit that referenced this pull request Aug 7, 2015
@catsby
Merge pull request #2959 from hashicorp/b-aws-iam-validation
6c7fe13 
provider/aws: Fail silently in ValidateCredentials for IAM users
@catsby catsby merged commit 6c7fe13 into master Aug 7, 2015
@sarguru sarguru mentioned this pull request Aug 14, 2015
Merged
@phinze phinze deleted the b-aws-iam-validation branch January 4, 2016 16:42
@ghost
Copy link

ghost commented Apr 29, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 29, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
bug provider/aws
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cannot read from AWS instance IAM role for AWS provider (as of 5a15c02cbbea27d3f8345b5fe0f348a08a24fdb9)
2 participants
@catsby @phinze