aws_key.rb in heroku-config-0.3.0

- old
+ new

@@ -1,9 +1,10 @@
 module HerokuConfig
   class AwsKey < Base
     include AwsServices
     class MaxKeysError < StandardError; end
+    class AccessKeyNotFound < StandardError; end
 
     def initialize(options, access_key_id)
       @options, @access_key_id = options, access_key_id
       @app = options[:app]
     end
@@ -24,17 +25,29 @@
       delete_old_access_key(user_name)
 
       true
     end
 
-    def get_user_name
+    def get_user_name(quiet_error: true)
       return "fakeuser" if @options[:noop]
 
-      resp = iam.get_access_key_last_used(
-        access_key_id: @access_key_id,
-      )
-      resp.user_name
+      begin
+        resp = iam.get_access_key_last_used(
+          access_key_id: @access_key_id,
+        )
+        resp.user_name
+      rescue Aws::IAM::Errors::AccessDenied => e # "obscure" error if access key is not found also
+        puts "#{e.class} #{e.message}".color(:red)
+        puts <<~EOL
+          Are you sure the access key exists?
+          You can try running the following with an admin user to see if the key exists:
+
+              aws iam get-access-key-last-used --access-key-id #{@access_key_id}
+
+        EOL
+        @options[:cli] ? exit(1) : raise(AccessKeyNotFound)
+      end
     end
 
     def wait_until_usable(key, secret)
       puts "Checking if new AWS key is usable yet."
       delay, retries = 5, 0
@@ -42,9 +55,10 @@
         access_key_id: key,
         secret_access_key: secret,
       )
       begin
         sts.get_caller_identity
+        puts "Confirmed that new AWS key is usable."
         true
       rescue Aws::STS::Errors::InvalidClientTokenId => e
         puts "#{e.class}: #{e.message}"
         retries += 1
         if retries <= 20