From ec8ff9574fb5187f547a73f5bda749ee57b5d931 Mon Sep 17 00:00:00 2001
From: erezrokah <erezrokah@users.noreply.github.com>
Date: Tue, 31 May 2022 21:36:37 +0300
Subject: [PATCH 1/3] fix: Revert "fix: Fail on access errors during initial
 setup (#906)"

This reverts commit c512535fd67960150dd0e4800eabf9b9df0dd83b.
---
 client/client.go |  4 ++--
 client/errors.go | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/client/client.go b/client/client.go
index 42e06bc47..6759b327b 100644
--- a/client/client.go
+++ b/client/client.go
@@ -444,7 +444,7 @@ func configureAwsClient(ctx context.Context, logger hclog.Logger, awsConfig *Con
 	// Test out retrieving credentials
 	if _, err := awsCfg.Credentials.Retrieve(ctx); err != nil {
 		logger.Error("error retrieving credentials", "err", err)
-		return awsCfg, classifyError(fmt.Errorf(awsFailedToConfigureErrMsg, account.AccountName, err, checkEnvVariables()), diag.INTERNAL, nil, diag.WithSeverity(diag.ERROR))
+		return awsCfg, fmt.Errorf(awsFailedToConfigureErrMsg, account.AccountName, err, checkEnvVariables())
 	}
 
 	return awsCfg, err
@@ -517,7 +517,7 @@ func Configure(logger hclog.Logger, providerConfig interface{}) (schema.ClientMe
 				}
 			})
 		if err != nil {
-			return nil, diags.Add(classifyError(fmt.Errorf("failed to find disabled regions for account %s. AWS Error: %w", account.AccountName, err), diag.INTERNAL, nil, diag.WithSeverity(diag.ERROR)))
+			return nil, diags.Add(classifyError(fmt.Errorf("failed to find disabled regions for account %s. AWS Error: %w", account.AccountName, err), diag.INTERNAL, nil))
 		}
 		account.Regions = filterDisabledRegions(localRegions, res.Regions)
 
diff --git a/client/errors.go b/client/errors.go
index 8757fda88..1c8494612 100644
--- a/client/errors.go
+++ b/client/errors.go
@@ -60,13 +60,13 @@ func classifyError(err error, fallbackType diag.Type, accounts []Account, opts .
 	var ae smithy.APIError
 	if errors.As(err, &ae) {
 		switch ae.ErrorCode() {
-		case "AccessDenied", "AccessDeniedException", "UnauthorizedOperation", "AuthorizationError", "OptInRequired", "SubscriptionRequiredException", "InvalidClientTokenId", "AuthFailure", "ExpiredToken":
+		case "AccessDenied", "AccessDeniedException", "UnauthorizedOperation", "AuthorizationError", "OptInRequired", "SubscriptionRequiredException", "InvalidClientTokenId", "AuthFailure":
 			return diag.Diagnostics{
 				RedactError(accounts, diag.NewBaseError(err,
 					diag.ACCESS,
 					append(opts,
 						diag.WithType(diag.ACCESS),
-						diag.WithOptionalSeverity(diag.WARNING),
+						diag.WithSeverity(diag.WARNING),
 						ParseSummaryMessage(err),
 						diag.WithDetails(errorCodeDescriptions[ae.ErrorCode()]),
 					)...),
@@ -79,7 +79,7 @@ func classifyError(err error, fallbackType diag.Type, accounts []Account, opts .
 						diag.ACCESS,
 						append(opts,
 							diag.WithType(diag.ACCESS),
-							diag.WithOptionalSeverity(diag.WARNING),
+							diag.WithSeverity(diag.WARNING),
 							ParseSummaryMessage(err),
 							diag.WithDetails("Something is wrong with your credentials. Either the accessKeyId or secretAccessKey (or both) are wrong."),
 						)...),
@@ -106,7 +106,7 @@ func classifyError(err error, fallbackType diag.Type, accounts []Account, opts .
 					diag.RESOLVING,
 					append(opts,
 						diag.WithType(diag.RESOLVING),
-						diag.WithOptionalSeverity(diag.IGNORE),
+						diag.WithSeverity(diag.IGNORE),
 						ParseSummaryMessage(err),
 						diag.WithDetails("The action is invalid for the service."),
 					)...),
@@ -133,7 +133,7 @@ func classifyError(err error, fallbackType diag.Type, accounts []Account, opts .
 				diag.THROTTLE,
 				append(opts,
 					diag.WithType(diag.THROTTLE),
-					diag.WithOptionalSeverity(diag.WARNING),
+					diag.WithSeverity(diag.WARNING),
 					ParseSummaryMessage(err),
 					diag.WithDetails("CloudQuery AWS provider has been throttled. This is unexpected - you can open an issue on github (https://github.com/cloudquery/cq-provider-aws/issues) or contact us on discord (https://cloudquery.io/discord)"),
 				)...),

From 6f056d3b9b79f00e3449f232b9db49d78d82b6a0 Mon Sep 17 00:00:00 2001
From: erezrokah <erezrokah@users.noreply.github.com>
Date: Tue, 31 May 2022 21:40:25 +0300
Subject: [PATCH 2/3] fix: Add ExpiredToken code

---
 client/errors.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/errors.go b/client/errors.go
index 1c8494612..2a1c5a7e0 100644
--- a/client/errors.go
+++ b/client/errors.go
@@ -60,7 +60,7 @@ func classifyError(err error, fallbackType diag.Type, accounts []Account, opts .
 	var ae smithy.APIError
 	if errors.As(err, &ae) {
 		switch ae.ErrorCode() {
-		case "AccessDenied", "AccessDeniedException", "UnauthorizedOperation", "AuthorizationError", "OptInRequired", "SubscriptionRequiredException", "InvalidClientTokenId", "AuthFailure":
+		case "AccessDenied", "AccessDeniedException", "UnauthorizedOperation", "AuthorizationError", "OptInRequired", "SubscriptionRequiredException", "InvalidClientTokenId", "AuthFailure", "ExpiredToken":
 			return diag.Diagnostics{
 				RedactError(accounts, diag.NewBaseError(err,
 					diag.ACCESS,

From ce84468fb261ca01342c20bf04881af1e703e44f Mon Sep 17 00:00:00 2001
From: erezrokah <erezrokah@users.noreply.github.com>
Date: Wed, 1 Jun 2022 09:10:17 +0300
Subject: [PATCH 3/3] fix(errors): Use WithNoOverwrite instead of
 WithOptionalSeverity

---
 client/client.go | 4 ++--
 client/errors.go | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/client/client.go b/client/client.go
index 6759b327b..ddf2d0b16 100644
--- a/client/client.go
+++ b/client/client.go
@@ -444,7 +444,7 @@ func configureAwsClient(ctx context.Context, logger hclog.Logger, awsConfig *Con
 	// Test out retrieving credentials
 	if _, err := awsCfg.Credentials.Retrieve(ctx); err != nil {
 		logger.Error("error retrieving credentials", "err", err)
-		return awsCfg, fmt.Errorf(awsFailedToConfigureErrMsg, account.AccountName, err, checkEnvVariables())
+		return awsCfg, classifyError(fmt.Errorf(awsFailedToConfigureErrMsg, account.AccountName, err, checkEnvVariables()), diag.INTERNAL, nil, diag.WithSeverity(diag.ERROR), diag.WithNoOverwrite())
 	}
 
 	return awsCfg, err
@@ -517,7 +517,7 @@ func Configure(logger hclog.Logger, providerConfig interface{}) (schema.ClientMe
 				}
 			})
 		if err != nil {
-			return nil, diags.Add(classifyError(fmt.Errorf("failed to find disabled regions for account %s. AWS Error: %w", account.AccountName, err), diag.INTERNAL, nil))
+			return nil, diags.Add(classifyError(fmt.Errorf("failed to find disabled regions for account %s. AWS Error: %w", account.AccountName, err), diag.INTERNAL, nil, diag.WithSeverity(diag.ERROR), diag.WithNoOverwrite()))
 		}
 		account.Regions = filterDisabledRegions(localRegions, res.Regions)
 
diff --git a/client/errors.go b/client/errors.go
index 2a1c5a7e0..b1a84e50e 100644
--- a/client/errors.go
+++ b/client/errors.go
@@ -93,7 +93,7 @@ func classifyError(err error, fallbackType diag.Type, accounts []Account, opts .
 						diag.ACCESS,
 						append(opts,
 							diag.WithType(diag.ACCESS),
-							diag.WithOptionalSeverity(diag.WARNING),
+							diag.WithSeverity(diag.WARNING),
 							ParseSummaryMessage(err),
 							diag.WithDetails("Something is wrong with your credentials. Ensure you have access to the specified resource."),
 						)...),