From 52f4e23ac3a5c581108dd55f94ffbddffa417b85 Mon Sep 17 00:00:00 2001 From: James Nugent Date: Mon, 10 Oct 2016 17:26:30 -0400 Subject: [PATCH] provider/aws: Add extra logging on AuthFailure This pull request is intended to add a temporary control to Terraform to output more verbose logging in the case of an AuthFailure error being returned by the AWS API. --- builtin/providers/aws/config.go | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go index 52c18f0941..c0e2475237 100644 --- a/builtin/providers/aws/config.go +++ b/builtin/providers/aws/config.go @@ -6,7 +6,9 @@ import ( "fmt" "log" "net/http" + "os" "strings" + "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" @@ -54,6 +56,7 @@ import ( "github.com/aws/aws-sdk-go/service/ssm" "github.com/aws/aws-sdk-go/service/sts" "github.com/aws/aws-sdk-go/service/waf" + "github.com/davecgh/go-spew/spew" "github.com/hashicorp/errwrap" "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/terraform/helper/logging" @@ -199,6 +202,10 @@ func (c *Config) Client() (interface{}, error) { } sess.Handlers.Build.PushFrontNamed(addTerraformVersionToUserAgent) + if extraDebug := os.Getenv("TERRAFORM_AWS_AUTHFAILURE_DEBUG"); extraDebug != "" { + sess.Handlers.UnmarshalError.PushFrontNamed(debugAuthFailure) + } + // Some services exist only in us-east-1, e.g. because they manage // resources that can span across multiple regions, or because // signature format v4 requires region to be us-east-1 for global @@ -351,6 +358,17 @@ var addTerraformVersionToUserAgent = request.NamedHandler{ "terraform", terraform.VersionString()), } +var debugAuthFailure = request.NamedHandler{ + Name: "terraform.AuthFailureAdditionalDebugHandler", + Fn: func(req *request.Request) { + if isAWSErr(req.Error, "AuthFailure", "AWS was not able to validate the provided access credentials") { + log.Printf("[INFO] Additional AuthFailure Debugging Context") + log.Printf("[INFO] Current system UTC time: %s", time.Now().UTC()) + log.Printf("[INFO] Request object: %s", spew.Sdump(req)) + } + }, +} + type awsLogger struct{} func (l awsLogger) Log(args ...interface{}) {