Skip to content
This repository has been archived by the owner on May 18, 2021. It is now read-only.

Commit

Permalink
Merge pull request #14 from segmentio/ej/support-source
Browse files Browse the repository at this point in the history 
Allow assuming a source profile.
  • Loading branch information
@ejcx
ejcx authored Nov 16, 2017
2 parents 20bd3d7 + 091f191 commit 86d56e5
Showing 1 changed file with 13 additions and 8 deletions.
21 changes: 13 additions & 8 deletions lib/provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,15 +102,20 @@ func (p *Provider) Retrieve() (credentials.Value, error) {
(*session.AccessKeyId)[len(*session.AccessKeyId)-4:],
session.Expiration.Sub(time.Now()).String())

if role, ok := p.profiles[p.profile]["role_arn"]; ok {
session, err = p.assumeRoleFromSession(session, role)
if err != nil {
return credentials.Value{}, err
// If sourceProfile returns the same source then we do not need to assume a
// second role. Not assuming a second role allows us to assume IDP enabled
// roles directly.
if p.profile != source {
if role, ok := p.profiles[p.profile]["role_arn"]; ok {
session, err = p.assumeRoleFromSession(session, role)
if err != nil {
return credentials.Value{}, err
}

log.Debugf("using role %s expires in %s",
(*session.AccessKeyId)[len(*session.AccessKeyId)-4:],
session.Expiration.Sub(time.Now()).String())
}

log.Debugf("using role %s expires in %s",
(*session.AccessKeyId)[len(*session.AccessKeyId)-4:],
session.Expiration.Sub(time.Now()).String())
}

p.SetExpiration(*session.Expiration, window)
Expand Down

0 comments on commit 86d56e5

Please sign in to comment.