From b6cb6e153cb8396adf7e6a0bcf1d078855102a8c Mon Sep 17 00:00:00 2001 From: James Saryerwinnie Date: Fri, 18 Sep 2015 13:50:46 -0700 Subject: [PATCH] Catch more specific exceptions in assume role provider To repro, call an aws command with an explicit ``--region`` and a non-existent profile: aws ec2 describe-instances --region us-east-1 --profile does-not-exist The issue was that the assume role provider was catching too general of an exception so the profile does not exist error was not being propogated. There's also a bug in botocore with how we're handling failures for lazily registered components. This is why we're seeing the "Unknown component" bug. This will require a separate PR to botocore. --- awscli/customizations/assumerole.py | 6 ++++-- tests/unit/customizations/test_assumerole.py | 4 +++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/awscli/customizations/assumerole.py b/awscli/customizations/assumerole.py index 46e34611f173..a18d0c822869 100644 --- a/awscli/customizations/assumerole.py +++ b/awscli/customizations/assumerole.py @@ -11,6 +11,7 @@ from botocore import credentials from botocore.compat import total_seconds from botocore.exceptions import PartialCredentialsError +from botocore.exceptions import UnknownCredentialError LOG = logging.getLogger(__name__) @@ -40,11 +41,12 @@ def inject_assume_role_provider(session, **kwargs): # * ... cred_chain = session.get_component('credential_provider') cred_chain.insert_before('shared-credentials-file', provider) - except Exception: + except (ValueError, UnknownCredentialError): + # Only catch UnknownCredentialError and ValueError # This is ok, it just means that we couldn't create the credential # provider object. LOG.debug("Not registering assume-role provider, credential " - "provider from session could not be created.") + "provider from session could not be created.", exc_info=True) def create_assume_role_provider(session, provider_cls): diff --git a/tests/unit/customizations/test_assumerole.py b/tests/unit/customizations/test_assumerole.py index 8d8b8675afba..79b5a34861cf 100644 --- a/tests/unit/customizations/test_assumerole.py +++ b/tests/unit/customizations/test_assumerole.py @@ -49,7 +49,9 @@ def test_assume_role_provider_registration(self): def test_provider_not_registered_on_error(self): session = mock.Mock() - session.get_component.side_effect = Exception( + # This is the exception raised when we can't retrieve the component + # from the ComponentLocator. + session.get_component.side_effect = ValueError( "Couldn't get credential_provider.") assumerole.inject_assume_role_provider( session, event_name='building-command-table.foo')