Log session-name and external-id when logging credentials (#447)

* Log session-name and external-id when logging credentials * Log the ARN and not the object
uswitch · Dec 8, 2020 · 7f7fd09 · 7f7fd09
1 parent 72a7bb4
commit 7f7fd09
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/pkg/aws/sts/log.go b/pkg/aws/sts/log.go
@@ -14,13 +14,25 @@
 package sts
 
 import (
+	"strings"
+
 	log "github.com/sirupsen/logrus"
 )
 
 func CredentialsFields(identity *RoleIdentity, creds *Credentials) log.Fields {
-	return log.Fields{
+	fields := log.Fields{
 		"credentials.access.key": creds.AccessKeyId,
 		"credentials.expiration": creds.Expiration,
-		"credentials.role":       identity.Role,
+		"credentials.role":       identity.Role.ARN,
+	}
+
+	if identity.SessionName != "" {
+		fields["credentials.session-name"] = identity.SessionName
 	}
+
+	if identity.ExternalID != "" {
+		fields["credentials.external-id"] = strings.Repeat("*", len(identity.ExternalID))
+	}
+
+	return fields
 }