From 928c328f1d37ebbadc0b51416adc8da895f40358 Mon Sep 17 00:00:00 2001
From: JoshuaWilkes <14214200+JoshuaWilkes@users.noreply.github.com>
Date: Wed, 17 Jul 2024 16:56:41 +0800
Subject: [PATCH] The NoAccess hook should return an error when a user does not
 use Common Fate (#700)

---
 pkg/hook/accessrequesthook/accessrequesthook.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/hook/accessrequesthook/accessrequesthook.go b/pkg/hook/accessrequesthook/accessrequesthook.go
index 86243a78..ca774e1b 100644
--- a/pkg/hook/accessrequesthook/accessrequesthook.go
+++ b/pkg/hook/accessrequesthook/accessrequesthook.go
@@ -41,7 +41,8 @@ type NoAccessInput struct {
 func (h Hook) NoAccess(ctx context.Context, input NoAccessInput) (retry bool, err error) {
 	cfg, err := cfcfg.Load(ctx, input.Profile)
 	if err != nil {
-		return false, err
+		clio.Debugw("failed to load cfconfig, skipping check for active grants in a common fate deployment", "error", err)
+		return false, nil
 	}
 
 	target := eid.New("AWS::Account", input.Profile.AWSConfig.SSOAccountID)