Skip to content

Commit

Permalink
Check if profile has stored credentials before calling credential_pro…
Browse files Browse the repository at this point in the history 
…cess
  • Loading branch information
@dgholz
dgholz committed Mar 8, 2023
1 parent 276270c commit 73bd342
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 2 deletions.
14 changes: 13 additions & 1 deletion vault/credentialkeyring.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,25 @@ func (ck *CredentialKeyring) Keys() (credentialsNames []string, err error) {
return credentialsNames, err
}
for _, keyName := range allKeys {
if !IsSessionKey(keyName) && !IsOIDCTokenKey(keyName) {
if IsStoredCredential(keyName) {
credentialsNames = append(credentialsNames, keyName)
}
}
return credentialsNames, nil
}

func IsStoredCredential(keyName string) bool {
return !IsSessionKey(keyName) && !IsOIDCTokenKey(keyName)
}

func (ck *CredentialKeyring) HasStoredCredential(credentialsName string) bool {
_, err := ck.Has(credentialsName)
if err == nil {
return IsStoredCredential(credentialsName)
}
return false
}

func (ck *CredentialKeyring) Has(credentialsName string) (bool, error) {
allKeys, err := ck.Keyring.Keys()
if err != nil {
Expand Down
3 changes: 2 additions & 1 deletion vault/vault.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -271,7 +271,8 @@ func (t *tempCredsCreator) GetProviderForProfile(config *ProfileConfig) (aws.Cre
return NewAssumeRoleWithWebIdentityProvider(t.Keyring.Keyring, config, !t.DisableCache)
}

if config.HasCredentialProcess() {
storedCredentialForProfile := t.Keyring.HasStoredCredential(config.ProfileName)
if !storedCredentialForProfile && config.HasCredentialProcess() {
log.Printf("profile %s: using credential process", config.ProfileName)
return NewCredentialProcessProvider(t.Keyring.Keyring, config, !t.DisableCache)
}
Expand Down

0 comments on commit 73bd342

Please sign in to comment.