Skip to content
This repository was archived by the owner on May 18, 2021. It is now read-only.

Commit 86d56e5

Browse files
ejcxejcx
authored
Merge pull request #14 from segmentio/ej/support-source
Allow assuming a source profile.
2 parents 20bd3d7 + 091f191 commit 86d56e5

File tree

1 file changed

+13
-8
lines changed

1 file changed

+13
-8
lines changed

lib/provider.go

Lines changed: 13 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -102,15 +102,20 @@ func (p *Provider) Retrieve() (credentials.Value, error) {
102102
(*session.AccessKeyId)[len(*session.AccessKeyId)-4:],
103103
session.Expiration.Sub(time.Now()).String())
104104

105-
if role, ok := p.profiles[p.profile]["role_arn"]; ok {
106-
session, err = p.assumeRoleFromSession(session, role)
107-
if err != nil {
108-
return credentials.Value{}, err
105+
// If sourceProfile returns the same source then we do not need to assume a
106+
// second role. Not assuming a second role allows us to assume IDP enabled
107+
// roles directly.
108+
if p.profile != source {
109+
if role, ok := p.profiles[p.profile]["role_arn"]; ok {
110+
session, err = p.assumeRoleFromSession(session, role)
111+
if err != nil {
112+
return credentials.Value{}, err
113+
}
114+
115+
log.Debugf("using role %s expires in %s",
116+
(*session.AccessKeyId)[len(*session.AccessKeyId)-4:],
117+
session.Expiration.Sub(time.Now()).String())
109118
}
110-
111-
log.Debugf("using role %s expires in %s",
112-
(*session.AccessKeyId)[len(*session.AccessKeyId)-4:],
113-
session.Expiration.Sub(time.Now()).String())
114119
}
115120

116121
p.SetExpiration(*session.Expiration, window)

0 commit comments

Comments
 (0)