@@ -2245,6 +2245,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
2245
2245
forbiddenAccountIds []string
2246
2246
needSecret = true
2247
2247
needAccountFilter = false
2248
+ err error
2248
2249
)
2249
2250
2250
2251
if v , ok := d .GetOk ("secret_id" ); ok {
@@ -2325,7 +2326,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
2325
2326
// get auth from CAM role name
2326
2327
if camRoleName != "" {
2327
2328
needSecret = false
2328
- err : = genClientWithCAM (& tcClient , camRoleName )
2329
+ err = genClientWithCAM (& tcClient , camRoleName )
2329
2330
if err != nil {
2330
2331
return nil , fmt .Errorf ("Get auth from CAM role name failed. Reason: %s" , err .Error ())
2331
2332
}
@@ -2350,7 +2351,10 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
2350
2351
2351
2352
if assumeRoleArn != "" && assumeRoleSessionName != "" {
2352
2353
assumeRoleSessionDuration = 7200
2353
- _ = genClientWithSTS (& tcClient , assumeRoleArn , assumeRoleSessionName , assumeRoleSessionDuration , assumeRolePolicy , assumeRoleExternalId )
2354
+ err = genClientWithSTS (& tcClient , assumeRoleArn , assumeRoleSessionName , assumeRoleSessionDuration , assumeRolePolicy , assumeRoleExternalId )
2355
+ if err != nil {
2356
+ return nil , fmt .Errorf ("Get auth from assume role by credential failed. Reason: %s" , err .Error ())
2357
+ }
2354
2358
}
2355
2359
2356
2360
// get assume role from env
@@ -2379,19 +2383,30 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
2379
2383
2380
2384
if envSamlAssertion == "" && envPrincipalArn == "" && envWebIdentityToken == "" {
2381
2385
// use assume role
2382
- _ = genClientWithSTS (& tcClient , envRoleArn , envSessionName , assumeRoleSessionDuration , "" , assumeRoleExternalId )
2386
+ err = genClientWithSTS (& tcClient , envRoleArn , envSessionName , assumeRoleSessionDuration , "" , assumeRoleExternalId )
2387
+ if err != nil {
2388
+ return nil , fmt .Errorf ("Get auth from assume role by env failed. Reason: %s" , err .Error ())
2389
+ }
2383
2390
} else if envSamlAssertion != "" && envPrincipalArn != "" && envWebIdentityToken != "" {
2384
- return nil , fmt .Errorf ("can not set `TENCENTCLOUD_ASSUME_ROLE_SAML_ASSERTION`, `TENCENTCLOUD_ASSUME_ROLE_PRINCIPAL_ARN`, `TENCENTCLOUD_ASSUME_ROLE_WEB_IDENTITY_TOKEN` at the same time.\n " )
2391
+ return nil , fmt .Errorf ("Can not set `TENCENTCLOUD_ASSUME_ROLE_SAML_ASSERTION`, `TENCENTCLOUD_ASSUME_ROLE_PRINCIPAL_ARN`, `TENCENTCLOUD_ASSUME_ROLE_WEB_IDENTITY_TOKEN` at the same time.\n " )
2385
2392
} else if envSamlAssertion != "" && envPrincipalArn != "" {
2386
2393
// use assume role with saml
2387
- _ = genClientWithSamlSTS (& tcClient , envRoleArn , envSessionName , assumeRoleSessionDuration , envSamlAssertion , envPrincipalArn )
2394
+ err = genClientWithSamlSTS (& tcClient , envRoleArn , envSessionName , assumeRoleSessionDuration , envSamlAssertion , envPrincipalArn )
2395
+ if err != nil {
2396
+ return nil , fmt .Errorf ("Get auth from assume role with SAML by env failed. Reason: %s" , err .Error ())
2397
+ }
2398
+
2388
2399
needSecret = false
2389
2400
} else if envWebIdentityToken != "" {
2390
2401
// use assume role with oidc
2391
- _ = genClientWithOidcSTS (& tcClient , envRoleArn , envSessionName , assumeRoleSessionDuration , envWebIdentityToken )
2402
+ err = genClientWithOidcSTS (& tcClient , envRoleArn , envSessionName , assumeRoleSessionDuration , envWebIdentityToken )
2403
+ if err != nil {
2404
+ return nil , fmt .Errorf ("Get auth from assume role with OIDC by env failed. Reason: %s" , err .Error ())
2405
+ }
2406
+
2392
2407
needSecret = false
2393
2408
} else {
2394
- return nil , fmt .Errorf ("get `assume_role` from env error.\n " )
2409
+ return nil , fmt .Errorf ("Get `assume_role` from env error.\n " )
2395
2410
}
2396
2411
}
2397
2412
@@ -2406,7 +2421,11 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
2406
2421
assumeRolePolicy = assumeRole ["policy" ].(string )
2407
2422
assumeRoleExternalId = assumeRole ["external_id" ].(string )
2408
2423
2409
- _ = genClientWithSTS (& tcClient , assumeRoleArn , assumeRoleSessionName , assumeRoleSessionDuration , assumeRolePolicy , assumeRoleExternalId )
2424
+ err = genClientWithSTS (& tcClient , assumeRoleArn , assumeRoleSessionName , assumeRoleSessionDuration , assumeRolePolicy , assumeRoleExternalId )
2425
+ if err != nil {
2426
+ return nil , fmt .Errorf ("Get auth from assume role failed. Reason: %s" , err .Error ())
2427
+ }
2428
+
2410
2429
if camRoleName != "" {
2411
2430
needSecret = false
2412
2431
} else {
@@ -2432,7 +2451,11 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
2432
2451
assumeRoleSessionName = assumeRoleWithSaml ["session_name" ].(string )
2433
2452
assumeRoleSessionDuration = assumeRoleWithSaml ["session_duration" ].(int )
2434
2453
2435
- _ = genClientWithSamlSTS (& tcClient , assumeRoleArn , assumeRoleSessionName , assumeRoleSessionDuration , assumeRoleSamlAssertion , assumeRolePrincipalArn )
2454
+ err = genClientWithSamlSTS (& tcClient , assumeRoleArn , assumeRoleSessionName , assumeRoleSessionDuration , assumeRoleSamlAssertion , assumeRolePrincipalArn )
2455
+ if err != nil {
2456
+ return nil , fmt .Errorf ("Get auth from assume role with SAML failed. Reason: %s" , err .Error ())
2457
+ }
2458
+
2436
2459
needSecret = false
2437
2460
}
2438
2461
}
@@ -2447,7 +2470,11 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
2447
2470
assumeRoleSessionName = assumeRoleWithWebIdentity ["session_name" ].(string )
2448
2471
assumeRoleSessionDuration = assumeRoleWithWebIdentity ["session_duration" ].(int )
2449
2472
2450
- _ = genClientWithOidcSTS (& tcClient , assumeRoleArn , assumeRoleSessionName , assumeRoleSessionDuration , assumeRoleWebIdentityToken )
2473
+ err = genClientWithOidcSTS (& tcClient , assumeRoleArn , assumeRoleSessionName , assumeRoleSessionDuration , assumeRoleWebIdentityToken )
2474
+ if err != nil {
2475
+ return nil , fmt .Errorf ("Get auth from assume role with OIDC failed. Reason: %s" , err .Error ())
2476
+ }
2477
+
2451
2478
needSecret = false
2452
2479
}
2453
2480
}
@@ -2710,7 +2737,7 @@ func getCallerIdentity(tcClient *TencentCloudClient) (indentity *sdksts.GetCalle
2710
2737
}
2711
2738
2712
2739
if response == nil || response .Response == nil {
2713
- return nil , fmt .Errorf ("get GetCallerIdentity failed" )
2740
+ return nil , fmt .Errorf ("get GetCallerIdentity failed. " )
2714
2741
}
2715
2742
2716
2743
indentity = response .Response
0 commit comments