Bump versions and support throwing an error if role not found (#7)

jonathanmorley · Mar 26, 2018 · 97e4a62 · 97e4a62
1 parent 499e331
commit 97e4a62
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 23 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -11,9 +11,9 @@ serde_derive = "1.0"
 serde_json = "1.0"
 serde_str = "0.1.0"
 toml = "0.4.5"
-rusoto_core = "0.30.0"
-rusoto_sts = "0.30.0"
-rusoto_credential = "0.9.2"
+rusoto_core = "0.32.0"
+rusoto_sts = "0.32.0"
+rusoto_credential = "0.11.0"
 base64 = "0.9.0"
 structopt = "0.2.5"
 structopt-derive = "0.2.5"
@@ -26,9 +26,14 @@ dialoguer = "0.1.0"
 sxd-document = "0.2.6"
 sxd-xpath = "0.4.1"
 kuchiki = "0.7.0"
-regex = "0.2"
+regex = "0.2.10"
 serde_ini = "0.1.3"
-path_abs = "0.3.16"
+path_abs = "0.4.0"
 
 [patch.crates-io]
+# For https://github.com/servo/html5ever/pull/322
 html5ever = { git = 'https://github.com/servo/html5ever', rev = '3d5e24bbc3ebadf4e1bb9a4e25dc24c80fed1670' }
+# For https://github.com/rusoto/rusoto/pull/1001
+rusoto_core = { git = 'https://github.com/rusoto/rusoto' }
+# To support rusoto_core above
+rusoto_credential = { git = 'https://github.com/rusoto/rusoto' }
diff --git a/src/aws/credentials.rs b/src/aws/credentials.rs
@@ -48,13 +48,13 @@ impl CredentialsStore {
         creds: T,
     ) -> Result<(), Error> {
         match self.0.entry(name) {
-            Entry::Occupied(mut entry) => match entry.get() {
-                &ProfileCredentials::Sts { .. } => {
+            Entry::Occupied(mut entry) => match *entry.get() {
+                ProfileCredentials::Sts { .. } => {
                     entry.insert(creds.into());
                 }
-                &ProfileCredentials::Iam { .. } => {
+                ProfileCredentials::Iam { .. } => {
                     bail!(
-                        "Profile '{}' does not contain STS credentials. Leaving alone",
+                        "Profile '{}' does not contain STS credentials. Ignoring",
                         entry.key()
                     );
                 }

diff --git a/src/aws/role.rs b/src/aws/role.rs
@@ -1,8 +1,8 @@
 use failure::Error;
-use rusoto_core;
 use rusoto_core::Region;
 use rusoto_sts::{AssumeRoleWithSAMLRequest, AssumeRoleWithSAMLResponse, Sts, StsClient};
 use rusoto_credential::StaticProvider;
+use rusoto_core::reactor::RequestDispatcher;
 
 use std::str;
 use std::str::FromStr;
@@ -58,11 +58,10 @@ pub fn assume_role(
     };
 
     let provider = StaticProvider::new_minimal(String::from(""), String::from(""));
-    let client = StsClient::new(
-        rusoto_core::default_tls_client()?,
-        provider,
-        Region::UsEast1,
-    );
+    let client = StsClient::new(RequestDispatcher::default(), provider, Region::default());
 
-    client.assume_role_with_saml(&req).map_err(|e| e.into())
+    client
+        .assume_role_with_saml(&req)
+        .sync()
+        .map_err(|e| e.into())
 }
diff --git a/src/main.rs b/src/main.rs
@@ -72,7 +72,7 @@ fn main() {
 
             let username = match opts.username.clone() {
                 Some(username) => username,
-                None => (|| credentials::get_username(&org))()?,
+                None => credentials::get_username(&org)?,
             };
 
             let password = credentials::get_password(&org, &username, opts.force_new)?;
@@ -106,14 +106,14 @@ fn main() {
                             saml::Response::from_okta(&org, app.link_url.clone(), &session_id)?;
                         debug!("SAML assertion: {:?}", saml);
 
-                        let saml_raw = saml.raw;
-
-                        for role in saml.roles {
-                            if role.role_name()? == profile.role {
+                        match saml.roles
+                            .into_iter()
+                            .find(|r| r.role_name().map(|r| r == profile.role).unwrap_or(false))
+                        {
+                            Some(role) => {
                                 debug!("Role: {:?}", role);
 
-                                let assumption_response =
-                                    aws::role::assume_role(role, saml_raw.clone())?;
+                                let assumption_response = aws::role::assume_role(role, saml.raw)?;
                                 if let Some(credentials) = assumption_response.credentials {
                                     debug!("Credentials: {:?}", credentials);
 
@@ -122,6 +122,10 @@ fn main() {
                                     error!("Error fetching credentials from assumed AWS role")
                                 }
                             }
+                            None => error!(
+                                "No matching role ({}) found for profile {}",
+                                profile.role, &profile.id
+                            ),
                         }
                     }
                     None => error!("Could not find application {}", &profile.id),