Skip to content

Commit

Permalink
Refactor for clarity
Browse files Browse the repository at this point in the history
  • Loading branch information
mtibben committed Mar 4, 2023
1 parent cf78af3 commit afa09bf
Show file tree
Hide file tree
Showing 5 changed files with 12 additions and 12 deletions.
2 changes: 1 addition & 1 deletion cli/exec.go
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@ func ExecCommand(input ExecCommandInput, f *vault.ConfigFile, keyring keyring.Ke
return 0, fmt.Errorf("Error loading config: %w", err)
}

credsProvider, err := vault.NewTempCredentialsProvider(config, &vault.CredentialKeyring{Keyring: keyring}, !input.NoSession)
credsProvider, err := vault.NewTempCredentialsProvider(config, &vault.CredentialKeyring{Keyring: keyring}, input.NoSession)
if err != nil {
return 0, fmt.Errorf("Error getting temporary credentials: %w", err)
}
Expand Down
2 changes: 1 addition & 1 deletion cli/export.go
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ func ExportCommand(input ExportCommandInput, f *vault.ConfigFile, keyring keyrin
}

ckr := &vault.CredentialKeyring{Keyring: keyring}
credsProvider, err := vault.NewTempCredentialsProvider(config, ckr, !input.NoSession)
credsProvider, err := vault.NewTempCredentialsProvider(config, ckr, input.NoSession)
if err != nil {
return fmt.Errorf("Error getting temporary credentials: %w", err)
}
Expand Down
2 changes: 1 addition & 1 deletion cli/login.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ func LoginCommand(input LoginCommandInput, f *vault.ConfigFile, keyring keyring.
ckr := &vault.CredentialKeyring{Keyring: keyring}
if config.HasRole() || config.HasSSOStartURL() || config.HasCredentialProcess() || config.HasWebIdentity() {
// If AssumeRole or sso.GetRoleCredentials isn't used, GetFederationToken has to be used for IAM credentials
credsProvider, err = vault.NewTempCredentialsProvider(config, ckr, !input.NoSession)
credsProvider, err = vault.NewTempCredentialsProvider(config, ckr, input.NoSession)
} else {
credsProvider, err = vault.NewFederationTokenCredentialsProvider(context.TODO(), input.ProfileName, ckr, config)
}
Expand Down
4 changes: 2 additions & 2 deletions cli/rotate.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,6 @@ func ConfigureRotateCommand(app *kingpin.Application, a *AwsVault) {
}

func RotateCommand(input RotateCommandInput, f *vault.ConfigFile, keyring keyring.Keyring) error {
// Can't disable sessions completely, might need to use session for MFA-Protected API Access
vault.UseSessionCache = false

configLoader := vault.NewConfigLoader(input.Config, f, input.ProfileName)
Expand Down Expand Up @@ -87,7 +86,8 @@ func RotateCommand(input RotateCommandInput, f *vault.ConfigFile, keyring keyrin
if input.NoSession {
credsProvider = vault.NewMasterCredentialsProvider(ckr, config.ProfileName)
} else {
credsProvider, err = vault.NewTempCredentialsProvider(config, ckr, !input.NoSession)
// Can't always disable sessions completely, might need to use session for MFA-Protected API Access
credsProvider, err = vault.NewTempCredentialsProvider(config, ckr, input.NoSession)
if err != nil {
return fmt.Errorf("Error getting temporary credentials: %w", err)
}
Expand Down
14 changes: 7 additions & 7 deletions vault/vault.go
Original file line number Diff line number Diff line change
Expand Up @@ -230,9 +230,9 @@ func FindMasterCredentialsNameFor(profileName string, keyring *CredentialKeyring
}

type tempCredsCreator struct {
// UseSession will disable the use of GetSessionToken when set to false
UseSession bool
Keyring *CredentialKeyring
// DisableSessions will disable the use of GetSessionToken when set to true
DisableSessions bool
Keyring *CredentialKeyring

chainedMfa string
}
Expand Down Expand Up @@ -303,7 +303,7 @@ func (t *tempCredsCreator) GetProviderForProfile(config *ProfileConfig) (aws.Cre

// canUseGetSessionToken determines if GetSessionToken should be used, and if not returns a reason
func (t *tempCredsCreator) canUseGetSessionToken(c *ProfileConfig) (bool, string) {
if !t.UseSession {
if t.DisableSessions {
return false, "sessions are disabled"
}

Expand Down Expand Up @@ -339,10 +339,10 @@ func mfaDetails(mfaChained bool, config *ProfileConfig) string {
}

// NewTempCredentialsProvider creates a credential provider for the given config
func NewTempCredentialsProvider(config *ProfileConfig, keyring *CredentialKeyring, useSession bool) (aws.CredentialsProvider, error) {
func NewTempCredentialsProvider(config *ProfileConfig, keyring *CredentialKeyring, disableSessions bool) (aws.CredentialsProvider, error) {
t := tempCredsCreator{
Keyring: keyring,
UseSession: useSession,
Keyring: keyring,
DisableSessions: disableSessions,
}
return t.GetProviderForProfile(config)
}

0 comments on commit afa09bf

Please sign in to comment.