Moved the GetAccountId call out of ValidateAccountId and setting it e…

…arly in the config process
hashicorp · Apr 28, 2016 · ad6a917 · ad6a917
1 parent 5e122e5
commit ad6a917
Showing 1 changed file with 15 additions and 15 deletions.
diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
@@ -175,6 +175,9 @@ func (c *Config) Client() (interface{}, error) {
 		awsIamSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.IamEndpoint)})
 		client.iamconn = iam.New(awsIamSess)
 
+		log.Println("[INFO] Initializing STS connection")
+		client.stsconn = sts.New(sess)
+
 		err = c.ValidateCredentials(client.iamconn)
 		if err != nil {
 			errs = append(errs, err)
@@ -188,6 +191,11 @@ func (c *Config) Client() (interface{}, error) {
 		// http://docs.aws.amazon.com/general/latest/gr/sigv4_changes.html
 		usEast1Sess := sess.Copy(&aws.Config{Region: aws.String("us-east-1")})
 
+		account_id, err := GetAccountId(client.iamconn, client.stsconn, cp.ProviderName)
+		if err == nil {
+			client.accountid = account_id
+		}
+
 		log.Println("[INFO] Initializing DynamoDB connection")
 		dynamoSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.DynamoDBEndpoint)})
 		client.dynamodbconn = dynamodb.New(dynamoSess)
@@ -208,9 +216,6 @@ func (c *Config) Client() (interface{}, error) {
 		log.Println("[INFO] Initializing SNS connection")
 		client.snsconn = sns.New(sess)
 
-		log.Println("[INFO] Initializing STS connection")
-		client.stsconn = sts.New(sess)
-
 		log.Println("[INFO] Initializing RDS Connection")
 		client.rdsconn = rds.New(sess)
 
@@ -221,11 +226,10 @@ func (c *Config) Client() (interface{}, error) {
 		log.Println("[INFO] Initializing Elastic Beanstalk Connection")
 		client.elasticbeanstalkconn = elasticbeanstalk.New(sess)
 
-		account_id, authErr := c.ValidateAccountId(client.iamconn, client.stsconn, cp.ProviderName)
+		authErr := c.ValidateAccountId(client.accountid)
 		if authErr != nil {
 			errs = append(errs, authErr)
 		}
-		client.accountid = account_id
 
 		log.Println("[INFO] Initializing Kinesis Firehose Connection")
 		client.firehoseconn = firehose.New(sess)
@@ -345,35 +349,31 @@ func (c *Config) ValidateCredentials(iamconn *iam.IAM) error {
 
 // ValidateAccountId returns a context-specific error if the configured account
 // id is explicitly forbidden or not authorised; and nil if it is authorised.
-func (c *Config) ValidateAccountId(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string) (string, error) {
+func (c *Config) ValidateAccountId(account_id string) error {
 	if c.AllowedAccountIds == nil && c.ForbiddenAccountIds == nil {
-		return "", nil
+		return nil
 	}
 
 	log.Printf("[INFO] Validating account ID")
-	account_id, err := GetAccountId(iamconn, stsconn, authProviderName)
-	if err != nil {
-		return "", err
-	}
 
 	if c.ForbiddenAccountIds != nil {
 		for _, id := range c.ForbiddenAccountIds {
 			if id == account_id {
-				return "", fmt.Errorf("Forbidden account ID (%s)", id)
+				return fmt.Errorf("Forbidden account ID (%s)", id)
 			}
 		}
 	}
 
 	if c.AllowedAccountIds != nil {
 		for _, id := range c.AllowedAccountIds {
 			if id == account_id {
-				return account_id, nil
+				return nil
 			}
 		}
-		return "", fmt.Errorf("Account ID not allowed (%s)", account_id)
+		return fmt.Errorf("Account ID not allowed (%s)", account_id)
 	}
 
-	return account_id, nil
+	return nil
 }
 
 // addTerraformVersionToUserAgent is a named handler that will add Terraform's