Remove broken consumer assignment

AOEpeople · Apr 27, 2021 · 081d503 · 081d503
1 parent e4a01e9
commit 081d503
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 9 deletions.
diff --git a/aws_consumer.go b/aws_consumer.go
@@ -4,8 +4,10 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/iam"
 	"github.com/aws/aws-sdk-go/service/sts"
+	log "github.com/sirupsen/logrus"
 	"regexp"
 	"strings"
 )
@@ -20,7 +22,7 @@ type AwsConsumerInterface interface {
 	Rules() []Rule
 	// AssumeRole performs this for the give rule
 	AssumeRole(rule *Rule, name string) (*sts.Credentials, error)
-	// RetrieveRulesFromRoleTags checks wether a string matches the rule format
+	// RetrieveRulesFromRoleTags checks whether a string matches the rule format
 	RetrieveRulesFromRoleTags(role string) ([]Rule, error)
 }
 
@@ -53,6 +55,7 @@ func (a *AwsConsumer) ReadConfiguration() error {
 	if err := decoder.Decode(a.Config); err != nil {
 		return fmt.Errorf("Unable to read RULES inputClaims.\n Error: %v", err)
 	}
+	log.Debugf("Successfully imported config %v", a.Config)
 	defer content.Close()
 	return nil
 }
@@ -78,14 +81,15 @@ func (a *AwsConsumer) AssumeRole(rule *Rule, name string) (*sts.Credentials, err
 }
 
 // RetrieveRulesFromRoleTags checks the IAM role for further rules configured through tags
-func (a *AwsConsumer) RetrieveRulesFromRoleTags(role string) ([]Rule, error) {
+func (a *AwsConsumer) RetrieveRulesFromRoleTags(roleArn string) ([]Rule, error) {
 	validRole := regexp.MustCompile(`^arn:aws:iam::\d{12}:role/[a-zA-Z0-9-_]+$`)
-	if !validRole.MatchString(role) {
+	if !validRole.MatchString(roleArn) {
 		return nil, fmt.Errorf("invalid role format")
 	}
 
+	log.Debugf("GetRole %s", roleArn[31:])
 	result, err := a.AWS.GetRole(&iam.GetRoleInput{
-		RoleName: &role,
+		RoleName: aws.String(roleArn[31:]),
 	})
 	if err != nil {
 		return nil, err
@@ -105,7 +109,7 @@ func (a *AwsConsumer) RetrieveRulesFromRoleTags(role string) ([]Rule, error) {
 			continue
 		}
 		rule := Rule{
-			Role:        role,
+			Role:        roleArn,
 			Duration:    a.Config.Duration,
 			ClaimValues: tagDecoded,
 		}

diff --git a/cmd/token_auth.go b/cmd/token_auth.go
@@ -33,7 +33,7 @@ func init() {
 		RoleAnnotationPrefix:   "token_auth/",
 	}
 
-	awsConsumer, err := auth.NewAwsConsumer(config)
+	awsConsumer, err = auth.NewAwsConsumer(config)
 	if err != nil {
 		log.Fatalf("Error initializing: %v", err)
 	}

diff --git a/token_validator.go b/token_validator.go
@@ -4,12 +4,11 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"log"
-	"strings"
-
 	"github.com/MicahParks/keyfunc"
 	"github.com/buger/jsonparser"
 	"github.com/dgrijalva/jwt-go"
+	log "github.com/sirupsen/logrus"
+	"strings"
 )
 
 // TokenValidatorInterface interface of validation objects
@@ -21,6 +20,7 @@ type TokenValidatorInterface interface {
 
 // NewTokenValidator creates a new TokenValidator for a given system
 func NewTokenValidator(jwksURL string) *TokenValidator {
+	log.Debugf("Using %s for JWK retrival", jwksURL)
 	jwks, err := keyfunc.Get(jwksURL)
 	if err != nil {
 		log.Fatalf("Failed to get the JWKS from the given URL.\nError: %v", err)