From 577b9f8b76866c46977a4eec810d4b67137f627c Mon Sep 17 00:00:00 2001
From: Vivian <2908189+vivianho@users.noreply.github.com>
Date: Fri, 7 Jun 2019 11:31:25 -0700
Subject: [PATCH] Catch aws-okta related errors and bubble up user (#128)

---
 cmd/run.go | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/cmd/run.go b/cmd/run.go
index 649e3ea1..ab4f2ffe 100644
--- a/cmd/run.go
+++ b/cmd/run.go
@@ -126,7 +126,11 @@ func processRegion(ctx context.Context, conf *config.Config, sess *session.Sessi
 	defer span.End()
 	span.AddAttributes(trace.StringAttribute(telemetry.FieldRegion, region.AWSRegion))
 
-	awsClient := getAWSClient(ctx, conf, sess, region)
+	awsClient, err := getAWSClient(ctx, conf, sess, region)
+	if err != nil {
+		span.AddAttributes(trace.StringAttribute(telemetry.FieldError, err.Error()))
+		return err
+	}
 	username, err := conf.GetAWSUsername(ctx, awsClient)
 	if err != nil {
 		span.AddAttributes(trace.StringAttribute(telemetry.FieldError, err.Error()))
@@ -138,7 +142,7 @@ func processRegion(ctx context.Context, conf *config.Config, sess *session.Sessi
 }
 
 // getAWSClient configures an aws client
-func getAWSClient(ctx context.Context, conf *config.Config, sess *session.Session, region config.Region) *cziAWS.Client {
+func getAWSClient(ctx context.Context, conf *config.Config, sess *session.Session, region config.Region) (*cziAWS.Client, error) {
 	_, span := trace.StartSpan(ctx, "get_aws_client")
 	defer span.End()
 	// for things meant to be run as a user
@@ -151,7 +155,7 @@ func getAWSClient(ctx context.Context, conf *config.Config, sess *session.Sessio
 		creds, err := getAWSOktaCredentials(conf)
 		if err != nil {
 			log.Errorf("Error in retrieving AWS Okta session credentials: %s.", err.Error())
-			return nil
+			return nil, err
 		}
 
 		userConf = &aws.Config{
@@ -182,7 +186,7 @@ func getAWSClient(ctx context.Context, conf *config.Config, sess *session.Sessio
 		WithKMS(userConf).
 		WithSTS(userConf).
 		WithLambda(lambdaConf)
-	return awsClient
+	return awsClient, nil
 }
 
 func getAWSOktaCredentials(conf *config.Config) (*credentials.Value, error) {