From 9d50ab8fb5606aa7d7e6845de150a37a64786255 Mon Sep 17 00:00:00 2001
From: Mitsuhiro Tanda <mitsuhiro.tanda@gmail.com>
Date: Thu, 20 Jul 2017 21:11:51 +0900
Subject: [PATCH] (cloudwatch) check auth type before assume role (#8895)

---
 pkg/api/cloudwatch/cloudwatch.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/api/cloudwatch/cloudwatch.go b/pkg/api/cloudwatch/cloudwatch.go
index bd0d61ec272..bfafc8b912b 100644
--- a/pkg/api/cloudwatch/cloudwatch.go
+++ b/pkg/api/cloudwatch/cloudwatch.go
@@ -39,6 +39,7 @@ type cwRequest struct {
 type datasourceInfo struct {
 	Profile       string
 	Region        string
+	AuthType      string
 	AssumeRoleArn string
 	Namespace     string
 
@@ -47,6 +48,7 @@ type datasourceInfo struct {
 }
 
 func (req *cwRequest) GetDatasourceInfo() *datasourceInfo {
+	authType := req.DataSource.JsonData.Get("authType").MustString()
 	assumeRoleArn := req.DataSource.JsonData.Get("assumeRoleArn").MustString()
 	accessKey := ""
 	secretKey := ""
@@ -61,6 +63,7 @@ func (req *cwRequest) GetDatasourceInfo() *datasourceInfo {
 	}
 
 	return &datasourceInfo{
+		AuthType:      authType,
 		AssumeRoleArn: assumeRoleArn,
 		Region:        req.Region,
 		Profile:       req.DataSource.Database,
@@ -110,7 +113,7 @@ func getCredentials(dsInfo *datasourceInfo) (*credentials.Credentials, error) {
 	sessionToken := ""
 	var expiration *time.Time
 	expiration = nil
-	if strings.Index(dsInfo.AssumeRoleArn, "arn:aws:iam:") == 0 {
+	if dsInfo.AuthType == "arn" && strings.Index(dsInfo.AssumeRoleArn, "arn:aws:iam:") == 0 {
 		params := &sts.AssumeRoleInput{
 			RoleArn:         aws.String(dsInfo.AssumeRoleArn),
 			RoleSessionName: aws.String("GrafanaSession"),