Fix error checks on retry logic for assuming roles with common fate

common-fate · Jun 6, 2024 · 3d4f961 · 3d4f961
1 parent 14edf76
commit 3d4f961
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/pkg/assume/assume.go b/pkg/assume/assume.go
@@ -425,6 +425,7 @@ func AssumeCommand(c *cli.Context) error {
 				Profile:  profile,
 				Reason:   reason,
 				Duration: apiDuration,
+				Confirm:  assumeFlags.Bool("confirm"),
 			})
 			if hookErr != nil {
 				return hookErr
@@ -436,7 +437,7 @@ func AssumeCommand(c *cli.Context) error {
 				b = sethRetry.WithMaxDuration(time.Minute*1, b)
 				err = sethRetry.Do(c.Context, b, func(ctx context.Context) (err error) {
 					creds, err = profile.AssumeConsole(c.Context, configOpts)
-					if err == nil {
+					if err != nil {
 						return sethRetry.RetryableError(err)
 					}
 					return nil
@@ -557,6 +558,7 @@ func AssumeCommand(c *cli.Context) error {
 				Profile:  profile,
 				Reason:   reason,
 				Duration: apiDuration,
+				Confirm:  assumeFlags.Bool("confirm"),
 			})
 			if hookErr != nil {
 				return hookErr
@@ -568,7 +570,7 @@ func AssumeCommand(c *cli.Context) error {
 				b = sethRetry.WithMaxDuration(time.Minute*1, b)
 				err = sethRetry.Do(c.Context, b, func(ctx context.Context) (err error) {
 					creds, err = profile.AssumeTerminal(c.Context, configOpts)
-					if err == nil {
+					if err != nil {
 						return sethRetry.RetryableError(err)
 					}
 					return nil

diff --git a/pkg/assume/entrypoint.go b/pkg/assume/entrypoint.go
@@ -52,6 +52,7 @@ func GlobalFlags() []cli.Flag {
 		&cli.StringFlag{Name: "aws-config-file"},
 		&cli.StringFlag{Name: "chain", Usage: "Assume a given role ARN using the profile selected"},
 		&cli.StringFlag{Name: "reason", Usage: "Provide a reason for requesting access to the role"},
+		&cli.StringFlag{Name: "confirm", Usage: "Use this to skip confirmation prompts for access requests"},
 	}
 }
 

diff --git a/pkg/granted/credential_process.go b/pkg/granted/credential_process.go
@@ -152,7 +152,7 @@ var CredentialProcess = cli.Command{
 			b = sethRetry.WithMaxDuration(time.Second*30, b)
 			err = sethRetry.Do(c.Context, b, func(ctx context.Context) (err error) {
 				credentials, err = profile.AssumeTerminal(c.Context, cfaws.ConfigOpts{Duration: duration, UsingCredentialProcess: true, CredentialProcessAutoLogin: autoLogin})
-				if err == nil {
+				if err != nil {
 					return sethRetry.RetryableError(err)
 				}
 				return nil