From ca1060d0fcb472e6691f8cc1334e8bbc7f769e16 Mon Sep 17 00:00:00 2001 From: Arun Date: Fri, 16 Jun 2023 02:17:13 -0400 Subject: [PATCH 1/5] Silence AWS config file import logs while running any aws commands --- plugins/aws/sts_provisioner.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/plugins/aws/sts_provisioner.go b/plugins/aws/sts_provisioner.go index 714e2f9ce..4d783078d 100644 --- a/plugins/aws/sts_provisioner.go +++ b/plugins/aws/sts_provisioner.go @@ -3,6 +3,8 @@ package aws import ( "context" "fmt" + "io" + "log" "os" "time" @@ -183,6 +185,9 @@ func (m CacheProviderFactory) NewAccessKeysProvider() aws.CredentialsProvider { // getAWSAuthConfigurationForProfile loads specified configurations from both config file and environment func getAWSAuthConfigurationForProfile(profile string) (*confighelpers.Config, error) { + // Disable log output produced by AWS Vault code + log.SetOutput(io.Discard) + // Read config file from the location set in AWS_CONFIG_FILE env var or from ~/.aws/config configFile, err := confighelpers.LoadConfigFromEnv() if err != nil { From b8acb1ec3720876b2c01b06a58d7b731fa451a6b Mon Sep 17 00:00:00 2001 From: Arun Date: Wed, 21 Jun 2023 04:46:20 -0400 Subject: [PATCH 2/5] Set up generic function to execute aws-vault's LoadConfigFromEnv function silently, without outputting any logs to the console --- plugins/aws/sts_provisioner.go | 7 +------ plugins/aws/utils.go | 13 +++++++++++++ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/plugins/aws/sts_provisioner.go b/plugins/aws/sts_provisioner.go index 4d783078d..6d248a66b 100644 --- a/plugins/aws/sts_provisioner.go +++ b/plugins/aws/sts_provisioner.go @@ -3,8 +3,6 @@ package aws import ( "context" "fmt" - "io" - "log" "os" "time" @@ -185,11 +183,8 @@ func (m CacheProviderFactory) NewAccessKeysProvider() aws.CredentialsProvider { // getAWSAuthConfigurationForProfile loads specified configurations from both config file and environment func getAWSAuthConfigurationForProfile(profile string) (*confighelpers.Config, error) { - // Disable log output produced by AWS Vault code - log.SetOutput(io.Discard) - // Read config file from the location set in AWS_CONFIG_FILE env var or from ~/.aws/config - configFile, err := confighelpers.LoadConfigFromEnv() + configFile, err := ExecuteSilently(confighelpers.LoadConfigFromEnv)() if err != nil { return nil, err } diff --git a/plugins/aws/utils.go b/plugins/aws/utils.go index 73bb9b27a..d3e7b4ca5 100644 --- a/plugins/aws/utils.go +++ b/plugins/aws/utils.go @@ -2,7 +2,11 @@ package aws import ( "fmt" + "io" + "log" + "os" + "github.com/99designs/aws-vault/v7/vault" "gopkg.in/ini.v1" ) @@ -20,3 +24,12 @@ func getConfigSectionByProfile(configFile *ini.File, profileName string) *ini.Se return nil } + +func ExecuteSilently(f func() (*vault.ConfigFile, error)) func() (*vault.ConfigFile, error) { + return func() (*vault.ConfigFile, error) { + log.SetOutput(io.Discard) + vaultConfig, err := f() + defer log.SetOutput(os.Stderr) + return vaultConfig, err + } +} From 8455b64bd9b09dac64553dc8b1bf39b5b1edf0f6 Mon Sep 17 00:00:00 2001 From: Arun Date: Wed, 21 Jun 2023 23:23:11 -0400 Subject: [PATCH 3/5] Properly set up a generic function to execute the passed function silently, by suppressing the additional logs --- plugins/aws/sts_provisioner.go | 10 ++++++++++ plugins/aws/utils.go | 13 ------------- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/plugins/aws/sts_provisioner.go b/plugins/aws/sts_provisioner.go index 6d248a66b..442abfb96 100644 --- a/plugins/aws/sts_provisioner.go +++ b/plugins/aws/sts_provisioner.go @@ -3,6 +3,8 @@ package aws import ( "context" "fmt" + "io" + "log" "os" "time" @@ -181,6 +183,14 @@ func (m CacheProviderFactory) NewAccessKeysProvider() aws.CredentialsProvider { return accessKeysProvider{itemFields: m.ItemFields} } +func ExecuteSilently[G interface{}, e error](f func() (G, e)) func() (G, e) { + return func() (G, e) { + log.SetOutput(io.Discard) + defer log.SetOutput(os.Stderr) + return f() + } +} + // getAWSAuthConfigurationForProfile loads specified configurations from both config file and environment func getAWSAuthConfigurationForProfile(profile string) (*confighelpers.Config, error) { // Read config file from the location set in AWS_CONFIG_FILE env var or from ~/.aws/config diff --git a/plugins/aws/utils.go b/plugins/aws/utils.go index d3e7b4ca5..73bb9b27a 100644 --- a/plugins/aws/utils.go +++ b/plugins/aws/utils.go @@ -2,11 +2,7 @@ package aws import ( "fmt" - "io" - "log" - "os" - "github.com/99designs/aws-vault/v7/vault" "gopkg.in/ini.v1" ) @@ -24,12 +20,3 @@ func getConfigSectionByProfile(configFile *ini.File, profileName string) *ini.Se return nil } - -func ExecuteSilently(f func() (*vault.ConfigFile, error)) func() (*vault.ConfigFile, error) { - return func() (*vault.ConfigFile, error) { - log.SetOutput(io.Discard) - vaultConfig, err := f() - defer log.SetOutput(os.Stderr) - return vaultConfig, err - } -} From a681a640be4b1bc7324e95adafaaea5f55c2404c Mon Sep 17 00:00:00 2001 From: Arun Date: Thu, 22 Jun 2023 05:27:53 -0400 Subject: [PATCH 4/5] Update ExecuteSilently to support exactly one function param and use that to wrap various aws-vault function calls --- plugins/aws/sts_provisioner.go | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/plugins/aws/sts_provisioner.go b/plugins/aws/sts_provisioner.go index 442abfb96..9e8296b10 100644 --- a/plugins/aws/sts_provisioner.go +++ b/plugins/aws/sts_provisioner.go @@ -56,7 +56,7 @@ func (p STSProvisioner) Provision(ctx context.Context, in sdk.ProvisionInput, ou return } - awsConfig, err := getAWSAuthConfigurationForProfile(profile) + awsConfig, err := ExecuteSilently(getAWSAuthConfigurationForProfile)(profile) if err != nil { out.AddError(err) return @@ -183,18 +183,10 @@ func (m CacheProviderFactory) NewAccessKeysProvider() aws.CredentialsProvider { return accessKeysProvider{itemFields: m.ItemFields} } -func ExecuteSilently[G interface{}, e error](f func() (G, e)) func() (G, e) { - return func() (G, e) { - log.SetOutput(io.Discard) - defer log.SetOutput(os.Stderr) - return f() - } -} - // getAWSAuthConfigurationForProfile loads specified configurations from both config file and environment func getAWSAuthConfigurationForProfile(profile string) (*confighelpers.Config, error) { // Read config file from the location set in AWS_CONFIG_FILE env var or from ~/.aws/config - configFile, err := ExecuteSilently(confighelpers.LoadConfigFromEnv)() + configFile, err := confighelpers.LoadConfigFromEnv() if err != nil { return nil, err } @@ -274,7 +266,7 @@ type assumeRoleProvider struct { } func (p assumeRoleProvider) Retrieve(ctx context.Context) (aws.Credentials, error) { - credentials, err := p.AssumeRoleProvider.Retrieve(ctx) + credentials, err := ExecuteSilently(p.AssumeRoleProvider.Retrieve)(ctx) if err != nil { return aws.Credentials{}, err } @@ -311,7 +303,7 @@ type mfaSessionTokenProvider struct { } func (p mfaSessionTokenProvider) Retrieve(ctx context.Context) (aws.Credentials, error) { - credentials, err := p.SessionTokenProvider.Retrieve(ctx) + credentials, err := ExecuteSilently(p.SessionTokenProvider.Retrieve)(ctx) if err != nil { return aws.Credentials{}, err } @@ -399,3 +391,11 @@ func DetectSourceProfileLoop(profile string, config *confighelpers.ConfigFile) e return nil } + +func ExecuteSilently[input interface{}, output interface{}, e error](f func(input) (output, e)) func(input) (output, e) { + return func(i input) (output, e) { + log.SetOutput(io.Discard) + defer log.SetOutput(os.Stderr) + return f(i) + } +} From 9a43fdcde8cc0d6ad1a3053d5d45acc93754e96a Mon Sep 17 00:00:00 2001 From: Arun Date: Thu, 22 Jun 2023 10:18:55 -0400 Subject: [PATCH 5/5] Move our ExecuteSilently wrapper one level higher up to the tempCredentialsProvider call --- plugins/aws/sts_provisioner.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/aws/sts_provisioner.go b/plugins/aws/sts_provisioner.go index 9e8296b10..b2181ed1a 100644 --- a/plugins/aws/sts_provisioner.go +++ b/plugins/aws/sts_provisioner.go @@ -69,7 +69,7 @@ func (p STSProvisioner) Provision(ctx context.Context, in sdk.ProvisionInput, ou return } - tempCredentials, err := tempCredentialsProvider.Retrieve(ctx) + tempCredentials, err := ExecuteSilently(tempCredentialsProvider.Retrieve)(ctx) if err != nil { out.AddError(err) return @@ -266,7 +266,7 @@ type assumeRoleProvider struct { } func (p assumeRoleProvider) Retrieve(ctx context.Context) (aws.Credentials, error) { - credentials, err := ExecuteSilently(p.AssumeRoleProvider.Retrieve)(ctx) + credentials, err := p.AssumeRoleProvider.Retrieve(ctx) if err != nil { return aws.Credentials{}, err } @@ -303,7 +303,7 @@ type mfaSessionTokenProvider struct { } func (p mfaSessionTokenProvider) Retrieve(ctx context.Context) (aws.Credentials, error) { - credentials, err := ExecuteSilently(p.SessionTokenProvider.Retrieve)(ctx) + credentials, err := p.SessionTokenProvider.Retrieve(ctx) if err != nil { return aws.Credentials{}, err }