From 48c2e91cb45189a973a5e721b5802954527e7100 Mon Sep 17 00:00:00 2001 From: Hugo Ferreira Date: Fri, 26 May 2017 20:10:58 +0100 Subject: [PATCH] Prevent "unbound variable" errors in `kops-mfa` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When none of the `KOPS_MFA_ROLE_ARN` or `KOPS_MFA_ARN` variables are set, we get the following errors… kops-mfa: line 11: KOPS_MFA_ROLE_ARN: unbound variable or, kops-mfa: line 16: KOPS_MFA_ARN: unbound variable … instead of the expected error message: Set the KOPS_MFA_ROLE_ARN environment variable or, Set the KOPS_MFA_ARN environment variable --- docs/mfa.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/mfa.md b/docs/mfa.md index 2fe9780bac..9062fe5fdd 100644 --- a/docs/mfa.md +++ b/docs/mfa.md @@ -4,7 +4,7 @@ You can secure `kops` with MFA by creating an AWS role & policy that requires MF ## The Workaround -The work around uses `aws sts-assume role` in combination with an MFA prompt to retrieve temporary AWS access keys. This provides `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN` environment variables which are automatically picked up by Go AWS SDK. You provide the MFA & Role ARNs, then invoke `kops`. +The work around uses `aws sts assume-role` in combination with an MFA prompt to retrieve temporary AWS access keys. This provides `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN` environment variables which are automatically picked up by Go AWS SDK. You provide the MFA & Role ARNs, then invoke `kops`. Here's an example wrapper script: @@ -18,12 +18,12 @@ main() { local serial_number="${KOPS_MFA_ARN:-}" local token_code - if [ -z "${KOPS_MFA_ROLE_ARN}" ]; then + if [ -z "${role_arn}" ]; then echo "Set the KOPS_MFA_ROLE_ARN environment variable" 1>&2 return 1 fi - if [ -z "${KOPS_MFA_ARN}" ]; then + if [ -z "${serial_number}" ]; then echo "Set the KOPS_MFA_ARN environment variable" 1>&2 return 1 fi