From 2271d6cae216ec135450db09e7a98dfa8912c431 Mon Sep 17 00:00:00 2001
From: Theron Voran <tvoran@users.noreply.github.com>
Date: Tue, 15 Sep 2020 22:54:07 -0700
Subject: [PATCH] Added log_level option to aws cli login

Used to setup the logger for use in GenerateCredentialChain()
---
 builtin/credential/aws/cli.go                   | 17 ++++++++++++++++-
 sdk/helper/awsutil/generate_credentials.go      |  2 +-
 .../sdk/helper/awsutil/generate_credentials.go  |  2 +-
 3 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/builtin/credential/aws/cli.go b/builtin/credential/aws/cli.go
index 019168bf144f..cec44f63754a 100644
--- a/builtin/credential/aws/cli.go
+++ b/builtin/credential/aws/cli.go
@@ -98,7 +98,18 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
 		headerValue = ""
 	}
 
-	creds, err := RetrieveCreds(m["aws_access_key_id"], m["aws_secret_access_key"], m["aws_security_token"], hclog.Default())
+	logVal, ok := m["log_level"]
+	if !ok {
+		logVal = "info"
+	}
+	level := hclog.LevelFromString(logVal)
+	if level == hclog.NoLevel {
+		return nil, fmt.Errorf("failed to parse 'log_level' value: %q", logVal)
+	}
+	hlogger := hclog.Default()
+	hlogger.SetLevel(level)
+
+	creds, err := RetrieveCreds(m["aws_access_key_id"], m["aws_secret_access_key"], m["aws_security_token"], hlogger)
 	if err != nil {
 		return nil, err
 	}
@@ -196,6 +207,10 @@ Configuration:
 
   role=<string>
       Name of the role to request a token against
+
+  log_level=<string>
+      Set logging level during AWS credential acquisition. Valid levels are
+      trace, debug, info, warn, error. Defaults to info.
 `
 
 	return strings.TrimSpace(help)
diff --git a/sdk/helper/awsutil/generate_credentials.go b/sdk/helper/awsutil/generate_credentials.go
index af1a11da309c..180e2fab2d0c 100644
--- a/sdk/helper/awsutil/generate_credentials.go
+++ b/sdk/helper/awsutil/generate_credentials.go
@@ -46,7 +46,7 @@ type CredentialsConfig struct {
 // Make sure the logger isn't nil before logging
 func (c *CredentialsConfig) log(level hclog.Level, msg string, args ...interface{}) {
 	if c.Logger != nil {
-		c.Logger.Log(level, msg, args)
+		c.Logger.Log(level, msg, args...)
 	}
 }
 
diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/awsutil/generate_credentials.go b/vendor/github.com/hashicorp/vault/sdk/helper/awsutil/generate_credentials.go
index af1a11da309c..180e2fab2d0c 100644
--- a/vendor/github.com/hashicorp/vault/sdk/helper/awsutil/generate_credentials.go
+++ b/vendor/github.com/hashicorp/vault/sdk/helper/awsutil/generate_credentials.go
@@ -46,7 +46,7 @@ type CredentialsConfig struct {
 // Make sure the logger isn't nil before logging
 func (c *CredentialsConfig) log(level hclog.Level, msg string, args ...interface{}) {
 	if c.Logger != nil {
-		c.Logger.Log(level, msg, args)
+		c.Logger.Log(level, msg, args...)
 	}
 }