Fixed web credentials fetching (#1)

denis256 · web-flow · commit c522e8808501 · 2024-06-06T13:12:02.000-07:00
Found that in internal tests, only with WebIdentityToken, Terragrunt fails with: ``` time=2024-06-05T18:11:01Z level=error msg=Error finding AWS credentials (did you set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables?): NoCredentialProviders: no valid providers in chain. Deprecated. For verbose messaging see aws.Config.CredentialsChainVerboseErrors time=2024-06-05T[18](https://github.com/gruntwork-test/testing-terragrunt-with-web-identity/actions/runs/9389092410/job/25855946545#step:6:19):11:01Z level=error msg=Unable to determine underlying exit code, so Terragrunt will exit with error code 1 ``` Fixed by updating AssumeIamRole
diff --git a/aws_helper/config.go b/aws_helper/config.go
@@ -214,6 +214,10 @@ func AssumeIamRole(iamRoleOpts options.IAMRoleOptions) (*sts.Credentials, error)
 
 	sess.Handlers.Build.PushFrontNamed(addUserAgent)
 
+	if iamRoleOpts.RoleARN != "" && iamRoleOpts.WebIdentityToken != "" {
+		sess.Config.Credentials = getWebIdentityCredentialsFromIAMRoleOptions(sess, iamRoleOpts)
+	}
+
 	_, err = sess.Config.Credentials.Get()
 	if err != nil {
 		return nil, errors.WithStackTraceAndPrefix(err, "Error finding AWS credentials (did you set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables?)")
@@ -239,7 +243,7 @@ func AssumeIamRole(iamRoleOpts options.IAMRoleOptions) (*sts.Credentials, error)
 		} else {
 			tb, err := os.ReadFile(iamRoleOpts.WebIdentityToken)
 			if err != nil {
-				return nil, err
+				return nil, errors.WithStackTrace(err)
 			}
 			token = string(tb)
 		}
