From 75f2095d376f1268602d6c103c6807c6b116b70f Mon Sep 17 00:00:00 2001 From: Steffen Opel Date: Tue, 6 Nov 2012 16:18:14 +0100 Subject: [PATCH 1/3] Replaced opt in exception 'InvalidClientTokenId' with opt out exception 'AccessDenied'. [Issue(s) #21] --- botocross/iam/accountinfo.py | 6 ++---- botocross/iam/userinfo.py | 3 +-- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/botocross/iam/accountinfo.py b/botocross/iam/accountinfo.py index 4ec5ca2..d852da3 100644 --- a/botocross/iam/accountinfo.py +++ b/botocross/iam/accountinfo.py @@ -45,8 +45,7 @@ def describe(self, user=None): except boto.exception.BotoServerError, e: # NOTE: given some information can be deduced from the exception still, the lack of permissions is # considered a normal condition still and the exception handled/logged accordingly. - # TODO: Identify proper exception code for this condition (rather than raising InvalidClientTokenId only). - if e.error_code == 'InvalidClientTokenId': + if e.error_code != 'AccessDenied': raise self.log.debug(e.error_message) try: @@ -60,8 +59,7 @@ def describe(self, user=None): except boto.exception.BotoServerError, e: # NOTE: given some information can be deduced from the exception still, the lack of permissions is # considered a normal condition still and the exception handled/logged accordingly. - # TODO: Identify proper exception code for this condition (rather than raising InvalidClientTokenId only). - if e.error_code == 'InvalidClientTokenId': + if e.error_code != 'AccessDenied': raise self.id = e.error_message.replace('User: arn:aws:iam::', '').partition(':')[0] self.log.debug(e.error_message) diff --git a/botocross/iam/userinfo.py b/botocross/iam/userinfo.py index 43beb70..3170ef3 100644 --- a/botocross/iam/userinfo.py +++ b/botocross/iam/userinfo.py @@ -50,8 +50,7 @@ def describe(self): except boto.exception.BotoServerError, e: # NOTE: given some information can be deduced from the exception still, the lack of permissions is # considered a normal condition still and the exception handled/logged accordingly. - # TODO: Identify proper exception code for this condition (rather than raising InvalidClientTokenId only). - if e.error_code == 'InvalidClientTokenId': + if e.error_code != 'AccessDenied': raise self.arn = e.error_message.rpartition(' ')[2] self.name = e.error_message.rpartition('/')[2] From a3dc103500f8bab970557d31f1656063281dbb25 Mon Sep 17 00:00:00 2001 From: Steffen Opel Date: Tue, 6 Nov 2012 17:41:29 +0100 Subject: [PATCH 2/3] Fixed list index out of range error when no account alias is available. [Issue(s) #21] --- botocross/iam/__init__.py | 3 +++ botocross/iam/accountinfo.py | 10 ++++++++-- botocross/iam/userinfo.py | 7 ++++--- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/botocross/iam/__init__.py b/botocross/iam/__init__.py index 50cd383..3550b89 100644 --- a/botocross/iam/__init__.py +++ b/botocross/iam/__init__.py @@ -21,3 +21,6 @@ import logging iam_log = logging.getLogger('botocross.iam') + +RESOURCE_NONEXISTENT = '' +RESOURCE_UNAUTHORIZED = '' diff --git a/botocross/iam/accountinfo.py b/botocross/iam/accountinfo.py index d852da3..af68530 100644 --- a/botocross/iam/accountinfo.py +++ b/botocross/iam/accountinfo.py @@ -20,6 +20,7 @@ # IN THE SOFTWARE. import boto +import botocross.iam import logging class AccountInfo: @@ -32,7 +33,7 @@ def __init__(self, iam_connection): self.log = logging.getLogger('boto_cli.iam.AccountInfo') self.user = None # populate those attributes not leaked via the exception, if user has no permission for iam:ListAccountAliases - self.alias = '' + self.alias = botocross.iam.RESOURCE_UNAUTHORIZED def __repr__(self): return '' % (self.alias, self.id) @@ -41,7 +42,12 @@ def describe(self, user=None): self.account = {} try: alias = self.connection.get_account_alias() - self.alias = alias['list_account_aliases_response']['list_account_aliases_result']['account_aliases'][0] + aliases = alias['list_account_aliases_response']['list_account_aliases_result']['account_aliases'] + # Is there an alias at all? If so, use the first one (currently only one alias is supported). + if len(aliases): + self.alias = alias['list_account_aliases_response']['list_account_aliases_result']['account_aliases'][0] + else: + self.alias = botocross.iam.RESOURCE_NONEXISTENT except boto.exception.BotoServerError, e: # NOTE: given some information can be deduced from the exception still, the lack of permissions is # considered a normal condition still and the exception handled/logged accordingly. diff --git a/botocross/iam/userinfo.py b/botocross/iam/userinfo.py index 3170ef3..56aca36 100644 --- a/botocross/iam/userinfo.py +++ b/botocross/iam/userinfo.py @@ -20,6 +20,7 @@ # IN THE SOFTWARE. import boto +import botocross.iam import logging class UserInfo: @@ -31,9 +32,9 @@ def __init__(self, iam_connection): self.connection = iam_connection self.log = logging.getLogger('boto_cli.iam.UserInfo') # populate those attributes not leaked via the exception, if user has no permission for iam:GetUser - self.path = '' - self.create_date = '' - self.id = '' # TODO: could be deduced from credentials in use instead. + self.path = botocross.iam.RESOURCE_UNAUTHORIZED + self.create_date = botocross.iam.RESOURCE_UNAUTHORIZED + self.id = botocross.iam.RESOURCE_UNAUTHORIZED # TODO: could be deduced from credentials in use instead. def __repr__(self): return '' % (self.path, self.create_date, self.id, self.arn, self.name) From 3ad05adb9bc58d4014989dc26e35df5b24c7335b Mon Sep 17 00:00:00 2001 From: Steffen Opel Date: Tue, 6 Nov 2012 18:22:59 +0100 Subject: [PATCH 3/3] Bumped version to 1.0.9. --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 0506548..5e987e1 100644 --- a/setup.py +++ b/setup.py @@ -9,7 +9,7 @@ sys.exit(1) setup(name="botocross", - version="1.0.8", + version="1.0.9", author = "Steffen Opel", packages=find_packages(), scripts=[