From 563cd7106022bbe42c0a750d48896d69d9581d49 Mon Sep 17 00:00:00 2001
From: Pepe Fagoaga <jose.fagoaga@smartprotection.com>
Date: Fri, 12 Nov 2021 19:33:22 +0100
Subject: [PATCH] fix(iam-role): Delete temporary prowler.sts_assumed* if error

---
 include/assume_role        | 8 +++++---
 include/credentials_report | 1 +
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/include/assume_role b/include/assume_role
index 53158ec6..95bd3e00 100644
--- a/include/assume_role
+++ b/include/assume_role
@@ -52,12 +52,10 @@ assume_role(){
     fi
     if [[ $(grep AccessDenied $TEMP_STS_ASSUMED_FILE) ]]; then
       textFail "Access Denied assuming role $PROWLER_ROLE"
-      rm -f $TEMP_STS_ASSUMED_FILE
       EXITCODE=1
       exit $EXITCODE
     elif [[ "$(grep MaxSessionDuration $TEMP_STS_ASSUMED_FILE)" ]]; then
       textFail "The requested DurationSeconds exceeds the MaxSessionDuration set for the role ${PROWLER_ROLE}"
-      rm -f $TEMP_STS_ASSUMED_FILE
       EXITCODE=1
       exit $EXITCODE
     fi
@@ -86,5 +84,9 @@ assume_role(){
     export AWS_SECRET_ACCESS_KEY=$(cat $TEMP_STS_ASSUMED_FILE | jq -r '.Credentials.SecretAccessKey')
     export AWS_SESSION_TOKEN=$(cat $TEMP_STS_ASSUMED_FILE | jq -r '.Credentials.SessionToken')
     export AWS_SESSION_EXPIRATION=$(cat $TEMP_STS_ASSUMED_FILE | jq -r '.Credentials.Expiration | sub("\\+00:00";"Z") | fromdateiso8601')
-    rm -fr $TEMP_STS_ASSUMED_FILE
+    cleanSTSAssumeFile
 }
+
+cleanSTSAssumeFile() {
+    rm -fr "${TEMP_STS_ASSUMED_FILE}"
+}
\ No newline at end of file
diff --git a/include/credentials_report b/include/credentials_report
index 3741e89a..51f145f9 100644
--- a/include/credentials_report
+++ b/include/credentials_report
@@ -43,6 +43,7 @@ cleanTemp(){
   if [[ $KEEPCREDREPORT -ne 1 ]]; then
     rm -fr $TEMP_REPORT_FILE
   fi
+  cleanSTSAssumeFile
 }
 
 # Delete the temporary report file if we get interrupted/terminated