Skip to content

Commit

Permalink
Fix bug where login failed to assume role
Browse files Browse the repository at this point in the history
  • Loading branch information
@lox
lox committed Oct 5, 2015
1 parent 60c99a8 commit 0a97a86
Showing 1 changed file with 10 additions and 10 deletions.
20 changes: 10 additions & 10 deletions provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,20 +74,20 @@ func (p *VaultProvider) Retrieve() (credentials.Value, error) {
Data: bytes,
TrustSelf: true,
})

if role, ok := p.profilesConf[p.Profile]["role_arn"]; ok {
session, err = p.assumeRole(session, role)
if err != nil {
return credentials.Value{}, err
}

log.Printf("Role token expires in %s", session.Expiration.Sub(time.Now()))
}
}

p.SetExpiration(*session.Expiration, p.ExpiryWindow)
p.expires = *session.Expiration

if role, ok := p.profilesConf[p.Profile]["role_arn"]; ok {
session, err = p.assumeRole(session, role)
if err != nil {
return credentials.Value{}, err
}

log.Printf("Role token expires in %s", session.Expiration.Sub(time.Now()))
}

value := credentials.Value{
AccessKeyID: *session.AccessKeyId,
SecretAccessKey: *session.SecretAccessKey,
Expand Down Expand Up @@ -166,7 +166,7 @@ func (p *VaultProvider) assumeRole(session sts.Credentials, roleArn string) (sts
input := &sts.AssumeRoleInput{
RoleArn: aws.String(roleArn),
RoleSessionName: aws.String(roleSessionName),
DurationSeconds: aws.Int64(int64((time.Minute * 15) / time.Second)), // shortest session possible
DurationSeconds: aws.Int64(int64(time.Hour.Seconds())),
}

log.Printf("Assuming role %s", roleArn)
Expand Down

0 comments on commit 0a97a86

Please sign in to comment.