From 88f0a6bf79c4394acd21aa70b5a46f8eb8e613da Mon Sep 17 00:00:00 2001 From: Liu Tao Date: Wed, 24 Jul 2024 16:02:42 +0800 Subject: [PATCH] use MFA config of SourceProfile --- vault/vault.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/vault/vault.go b/vault/vault.go index 9fd27fe2a..fd36580ba 100644 --- a/vault/vault.go +++ b/vault/vault.go @@ -313,21 +313,21 @@ func (t *TempCredentialsCreator) canUseGetSessionToken(c *ProfileConfig) (bool, return false, "sessions are disabled for this profile" } - if c.IsChained() { - if !c.ChainedFromProfile.HasMfaSerial() { - return false, fmt.Sprintf("profile '%s' has no MFA serial defined", c.ChainedFromProfile.ProfileName) + if c.HasSourceProfile() { + if !c.SourceProfile.HasMfaSerial() { + return false, fmt.Sprintf("profile '%s' has no MFA serial defined", c.SourceProfile.ProfileName) } - if !c.HasMfaSerial() && c.ChainedFromProfile.HasMfaSerial() { + if !c.HasMfaSerial() && c.SourceProfile.HasMfaSerial() { return false, fmt.Sprintf("profile '%s' has no MFA serial defined", c.ProfileName) } - if c.ChainedFromProfile.MfaSerial != c.MfaSerial { - return false, fmt.Sprintf("MFA serial doesn't match profile '%s'", c.ChainedFromProfile.ProfileName) + if c.SourceProfile.MfaSerial != c.MfaSerial { + return false, fmt.Sprintf("MFA serial doesn't match profile '%s'", c.SourceProfile.ProfileName) } - if c.ChainedFromProfile.AssumeRoleDuration > roleChainingMaximumDuration { - return false, fmt.Sprintf("duration %s in profile '%s' is greater than the AWS maximum %s for chaining MFA", c.ChainedFromProfile.AssumeRoleDuration, c.ChainedFromProfile.ProfileName, roleChainingMaximumDuration) + if c.SourceProfile.AssumeRoleDuration > roleChainingMaximumDuration { + return false, fmt.Sprintf("duration %s in profile '%s' is greater than the AWS maximum %s for chaining MFA", c.SourceProfile.AssumeRoleDuration, c.SourceProfile.ProfileName, roleChainingMaximumDuration) } }