Skip to content

Commit

Permalink
check for nil logger and update go-kms-wrapping
Browse files Browse the repository at this point in the history
  • Loading branch information
tvoran committed Sep 3, 2020
1 parent 9162d73 commit 98adda6
Showing 6 changed files with 26 additions and 12 deletions.
4 changes: 2 additions & 2 deletions builtin/credential/aws/path_role_test.go
Original file line number Diff line number Diff line change
@@ -8,7 +8,7 @@ import (
"testing"

"github.com/go-test/deep"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-hclog"
vlttesting "github.com/hashicorp/vault/helper/testhelpers/logical"
"github.com/hashicorp/vault/sdk/helper/awsutil"
"github.com/hashicorp/vault/sdk/helper/logging"
@@ -1011,7 +1011,7 @@ func TestRoleResolutionWithSTSEndpointConfigured(t *testing.T) {
}

// Ensure aws credentials are available locally for testing.
logger := logging.NewVaultLogger(log.Debug)
logger := logging.NewVaultLogger(hclog.Debug)
credsConfig := &awsutil.CredentialsConfig{Logger: logger}
credsChain, err := credsConfig.GenerateCredentialChain()
if err != nil {
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -55,7 +55,7 @@ require (
github.com/hashicorp/go-cleanhttp v0.5.1
github.com/hashicorp/go-gcp-common v0.6.0
github.com/hashicorp/go-hclog v0.14.1
github.com/hashicorp/go-kms-wrapping v0.5.15-0.20200820184447-e735e02841a5
github.com/hashicorp/go-kms-wrapping v0.5.15
github.com/hashicorp/go-memdb v1.0.2
github.com/hashicorp/go-msgpack v0.5.5
github.com/hashicorp/go-multierror v1.1.0
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
@@ -464,8 +464,8 @@ github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39
github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
github.com/hashicorp/go-immutable-radix v1.1.0 h1:vN9wG1D6KG6YHRTWr8512cxGOVgTMEfgEdSj/hr8MPc=
github.com/hashicorp/go-immutable-radix v1.1.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
github.com/hashicorp/go-kms-wrapping v0.5.15-0.20200820184447-e735e02841a5 h1:w82YXLU/JSK4PFUVleXF/TGcfoRAQU8hpmXI24aTcYQ=
github.com/hashicorp/go-kms-wrapping v0.5.15-0.20200820184447-e735e02841a5/go.mod h1:hKJ7tS+eMXOLxwFs7mYJtPRQtT/rGtwqE6awY3JATCw=
github.com/hashicorp/go-kms-wrapping v0.5.15 h1:u/3OsQdtM1VbRCKFPQ2YIgNGP16eYhh2UKut7MdQCEM=
github.com/hashicorp/go-kms-wrapping v0.5.15/go.mod h1:hKJ7tS+eMXOLxwFs7mYJtPRQtT/rGtwqE6awY3JATCw=
github.com/hashicorp/go-kms-wrapping/entropy v0.1.0 h1:xuTi5ZwjimfpvpL09jDE71smCBRpnF5xfo871BSX4gs=
github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g=
github.com/hashicorp/go-memdb v1.0.2 h1:AIjzJlwIxz2inhZqRJZfe6D15lPeF0/cZyS1BVlnlHg=
13 changes: 10 additions & 3 deletions sdk/helper/awsutil/generate_credentials.go
Original file line number Diff line number Diff line change
@@ -43,6 +43,13 @@ type CredentialsConfig struct {
Logger hclog.Logger
}

// Make sure the logger isn't nil before logging
func (c *CredentialsConfig) log(level hclog.Level, msg string, args ...interface{}) {
if c.Logger != nil {
c.Logger.Log(level, msg, args)
}
}

func (c *CredentialsConfig) GenerateCredentialChain() (*credentials.Credentials, error) {
var providers []credentials.Provider

@@ -55,7 +62,7 @@ func (c *CredentialsConfig) GenerateCredentialChain() (*credentials.Credentials,
SecretAccessKey: c.SecretKey,
SessionToken: c.SessionToken,
}})
c.Logger.Debug("added static credential provider", "AccessKey", c.AccessKey)
c.log(hclog.Debug, "added static credential provider", "AccessKey", c.AccessKey)

case c.AccessKey == "" && c.SecretKey == "":
// Attempt to get credentials from the IAM instance role below
@@ -71,7 +78,7 @@ func (c *CredentialsConfig) GenerateCredentialChain() (*credentials.Credentials,
if roleARN != "" && tokenPath != "" {
// this session is only created to create the WebIdentityRoleProvider, as the env variables are already there
// this automatically assumes the role, but the provider needs to be added to the chain
c.Logger.Debug("adding web identity provider", "roleARN", roleARN)
c.log(hclog.Debug, "adding web identity provider", "roleARN", roleARN)
sess, err := session.NewSession()
if err != nil {
return nil, errors.Wrap(err, "error creating a new session to create a WebIdentityRoleProvider")
@@ -81,7 +88,7 @@ func (c *CredentialsConfig) GenerateCredentialChain() (*credentials.Credentials,
// Check if the webIdentityProvider can successfully retrieve
// credentials (via sts:AssumeRole), and warn if there's a problem.
if _, err := webIdentityProvider.Retrieve(); err != nil {
c.Logger.Warn("error assuming role", "roleARN", roleARN, "tokenPath", tokenPath, "sessionName", sessionName, "err", err)
c.log(hclog.Warn, "error assuming role", "roleARN", roleARN, "tokenPath", tokenPath, "sessionName", sessionName, "err", err)
}

//Add the web identity role credential provider

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion vendor/modules.txt
Original file line number Diff line number Diff line change
@@ -389,7 +389,7 @@ github.com/hashicorp/go-gcp-common/gcputil
github.com/hashicorp/go-hclog
# github.com/hashicorp/go-immutable-radix v1.1.0
github.com/hashicorp/go-immutable-radix
# github.com/hashicorp/go-kms-wrapping v0.5.15-0.20200820184447-e735e02841a5
# github.com/hashicorp/go-kms-wrapping v0.5.15
github.com/hashicorp/go-kms-wrapping
github.com/hashicorp/go-kms-wrapping/internal/xor
github.com/hashicorp/go-kms-wrapping/wrappers/aead

0 comments on commit 98adda6

Please sign in to comment.