From 1f8b0faab7b3f0cfe867df9cbcbeacc5516ae085 Mon Sep 17 00:00:00 2001
From: thomasgouveia <gouveia.thomas@outlook.fr>
Date: Sun, 11 Jun 2023 22:38:19 +1000
Subject: [PATCH] chore: improve error handling for missing role flag

Signed-off-by: thomasgouveia <gouveia.thomas@outlook.fr>
---
 cmd/root.go                    | 8 ++++++--
 pkg/credentials/credentials.go | 6 ++++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/cmd/root.go b/cmd/root.go
index c988569..661800a 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"os"
 	"time"
@@ -38,12 +39,15 @@ var rootCmd = &cobra.Command{
 			TTL:        awsTtl,
 		}
 
-		credentials, err := credentials.Fetch(cmd, client, cfg)
+		creds, err := credentials.Fetch(cmd, client, cfg)
 		if err != nil {
+			if errors.Is(err, credentials.ErrVaultRoleEmpty) {
+				return fmt.Errorf("you must provide a Vault role configured in your AWS backend to generate credentials using --aws.role")
+			}
 			return err
 		}
 
-		by, err := json.MarshalIndent(credentials, "", " ")
+		by, err := json.MarshalIndent(creds, "", " ")
 		if err != nil {
 			return err
 		}
diff --git a/pkg/credentials/credentials.go b/pkg/credentials/credentials.go
index 4881c28..fd2ced1 100644
--- a/pkg/credentials/credentials.go
+++ b/pkg/credentials/credentials.go
@@ -52,6 +52,7 @@ var authStrategies = map[string]vaultLoginStrategy{
 
 var (
 	ErrUnknownAuthMethod = errors.New("unknown auth method")
+	ErrVaultRoleEmpty    = errors.New("the vault role must not be empty")
 )
 
 type FetchCredentialConfig struct {
@@ -70,6 +71,11 @@ type FetchCredentialConfig struct {
 func Fetch(cmd *cobra.Command, client *vault.Client, cfg *FetchCredentialConfig) (*AWSCredentials, error) {
 	ctx := cmd.Context()
 
+	// Ensure the user has given a Vault role
+	if cfg.Role == "" {
+		return nil, ErrVaultRoleEmpty
+	}
+
 	strategy, ok := authStrategies[cfg.AuthMethod]
 	if !ok {
 		return nil, ErrUnknownAuthMethod