Fix validate connection

Mouli Mukherjee · Mouli Mukherjee · commit 0226f3f8418b · 2023-11-21T15:51:01.000-08:00
diff --git a/src/storage-types/src/connections/aws.rs b/src/storage-types/src/connections/aws.rs
@@ -244,37 +244,54 @@ impl AwsConfig {
         id: GlobalId,
         connection_context: &ConnectionContext,
     ) -> Result<(), anyhow::Error> {
-        let external_id_prefix = connection_context
-            .aws_external_id_prefix
-            .as_ref()
-            .ok_or_else(|| anyhow!("external ID should have been provided!"))?;
-        let external_id = format!("{}_{}", external_id_prefix, id);
         let account_id = &connection_context.aws_principal;
-        let aws_config = self
-            .load(
-                Some(external_id),
-                account_id.clone(),
-                connection_context.secrets_reader.as_ref(),
-            )
-            .await?;
-
-        let sts_client = aws_sdk_sts::Client::new(&aws_config);
-        let response = sts_client.get_caller_identity().send().await?;
-        println!("{:?}", response);
-
-        let aws_config_without_external_id = self
-            .load(
-                None,
-                account_id.clone(),
-                connection_context.secrets_reader.as_ref(),
-            )
-            .await?;
-
-        let sts_client = aws_sdk_sts::Client::new(&aws_config_without_external_id);
-        if sts_client.get_caller_identity().send().await.is_ok() {
-            Err(anyhow!("Validate succeeded without external_id!"))
-        } else {
-            Ok(())
+        match &self.auth {
+            AwsAuth::Credentials(_) => {
+                let aws_config = self
+                    .load(
+                        None,
+                        account_id.clone(),
+                        connection_context.secrets_reader.as_ref(),
+                    )
+                    .await?;
+
+                let sts_client = aws_sdk_sts::Client::new(&aws_config);
+                let _ = sts_client.get_caller_identity().send().await?;
+                Ok(())
+            }
+            AwsAuth::AssumeRole(_) => {
+                let external_id_prefix = connection_context
+                    .aws_external_id_prefix
+                    .as_ref()
+                    .ok_or_else(|| anyhow!("external ID should have been provided!"))?;
+                let external_id = format!("{}_{}", external_id_prefix, id);
+
+                let aws_config = self
+                    .load(
+                        Some(external_id),
+                        account_id.clone(),
+                        connection_context.secrets_reader.as_ref(),
+                    )
+                    .await?;
+
+                let sts_client = aws_sdk_sts::Client::new(&aws_config);
+                let _ = sts_client.get_caller_identity().send().await?;
+
+                let aws_config_without_external_id = self
+                    .load(
+                        None,
+                        account_id.clone(),
+                        connection_context.secrets_reader.as_ref(),
+                    )
+                    .await?;
+
+                let sts_client = aws_sdk_sts::Client::new(&aws_config_without_external_id);
+                if sts_client.get_caller_identity().send().await.is_ok() {
+                    Err(anyhow!("Validate succeeded without external_id!"))
+                } else {
+                    Ok(())
+                }
+            }
         }
     }
 
