Skip to content
This repository has been archived by the owner on Aug 16, 2022. It is now read-only.

fix: Classify auth failure #904

Merged
merged 3 commits into from
May 16, 2022
Merged

fix: Classify auth failure #904

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2bd0a46
fix: Classify auth failure
roneli May 16, 2022
6c86545
ignore invalid sso
roneli May 16, 2022
92c0545
add AuthFailure to descriptions
roneli May 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion client/errors.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ import (
"github.com/cloudquery/cq-provider-sdk/provider/schema"
)

const ssoInvalidOrExpired = "failed to refresh cached credentials, the SSO session has expired or is invalid"

func ErrorClassifier(meta schema.ClientMeta, resourceName string, err error) diag.Diagnostics {
client := meta.(*Client)

Expand All @@ -22,7 +24,7 @@ func classifyError(err error, fallbackType diag.Type, accounts []Account, opts .
var ae smithy.APIError
if errors.As(err, &ae) {
switch ae.ErrorCode() {
case "AccessDenied", "AccessDeniedException", "UnauthorizedOperation", "AuthorizationError", "OptInRequired", "SubscriptionRequiredException", "InvalidClientTokenId":
case "AccessDenied", "AccessDeniedException", "UnauthorizedOperation", "AuthorizationError", "OptInRequired", "SubscriptionRequiredException", "InvalidClientTokenId", "AuthFailure":
return diag.Diagnostics{
RedactError(accounts, diag.NewBaseError(err,
diag.ACCESS,
Expand Down Expand Up @@ -61,6 +63,19 @@ func classifyError(err error, fallbackType diag.Type, accounts []Account, opts .
),
}
}
if ae.ErrorMessage() == ssoInvalidOrExpired {
return diag.Diagnostics{
RedactError(accounts, diag.NewBaseError(err,
diag.ACCESS,
append(opts,
diag.WithType(diag.ACCESS),
diag.WithSeverity(diag.WARNING),
ParseSummaryMessage(err),
diag.WithDetails(errorCodeDescriptions[ae.ErrorCode()]),
roneli marked this conversation as resolved.
Show resolved Hide resolved
)...),
),
}
}
}
if IsErrorThrottle(err) {
return diag.Diagnostics{
Expand Down Expand Up @@ -152,6 +167,7 @@ var errorCodeDescriptions = map[string]string{
"AccessDeniedException": "You are not authorized to perform this operation. Check your IAM policies, and ensure that you are using the correct access keys.",
"AccessDenied": "You are not authorized to perform this operation. Check your IAM policies, and ensure that you are using the correct access keys.",
"AuthorizationError": "You are not authorized to perform this operation. Check your IAM policies, and ensure that you are using the correct access keys.",
"AuthFailure": "You are not authorized to perform this operation. Check your IAM policies, and ensure that you are using the correct access keys.",
}

var throttleCodes = map[string]struct{}{
Expand Down