Merge pull request #484 from refinery-labs/credential-logging

Credential logging for misconfig
refinery-labs · Dec 2, 2019 · b502b1a · b502b1a
2 parents e0c88a5 + 635d186
commit b502b1a
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 14 deletions.
diff --git a/.gitignore b/.gitignore
@@ -93,7 +93,7 @@ fabric.properties
 
 *.iml
 # modules.xml
-# .idea/misc.xml
+.idea/misc.xml
 # *.ipr
 
 # Sonarlint plugin

diff --git a/api/controller/base.py b/api/controller/base.py
@@ -2,6 +2,8 @@
 import json
 import os
 
+from tornado import gen
+
 from models.initiate_database import *
 from models.users import User
 from models.projects import Project
@@ -30,7 +32,10 @@ def __init__( self, *args, **kwargs ):
 
 		# For caching the currently-authenticated user
 		self.authenticated_user = None
-
+
+		# For caching the user's aws credentials
+		self.user_aws_credentials = None
+
 		self._dbsession = None
 
 	def initialize( self ):
@@ -81,24 +86,40 @@ def get_authenticated_user_cloud_configuration( self ):
 		This just returns the first cloud configuration. Short term use since we'll
 		eventually be moving to a multiple AWS account deploy system.
 		"""
+		def raise_credential_error():
+			self.write({
+				"success": False,
+				"code": "NO_CREDENTIALS",
+				"msg": "No aws credentials are present for the current user.",
+			})
+			raise gen.Return()
+
+		if self.user_aws_credentials is not None:
+			return self.user_aws_credentials
+
 		# Pull the authenticated user's organization
 		user_organization = self.get_authenticated_user_org()
-		
+
 		if user_organization == None:
-			return None
-
+			logit( "Account has no organization associated with it!" )
+
+			# credential error is raised, does not return
+			raise_credential_error()
+
 		aws_account = self.dbsession.query( AWSAccount ).filter_by(
 			organization_id=user_organization.id,
 			aws_account_status="IN_USE"
 		).first()
-		
+
 		if aws_account:
-			return aws_account.to_dict()
-
+			self.user_aws_credentials = aws_account.to_dict()
+			return self.user_aws_credentials
+
 		logit( "Account has no AWS account associated with it!" )
-
-		return False
-
+
+		# credential error is raised, does not return
+		raise_credential_error()
+
 	def get_authenticated_user_org( self ):
 		# First we grab the organization ID
 		authentication_user = self.get_authenticated_user()

diff --git a/api/server.py b/api/server.py
@@ -267,7 +267,7 @@ def wrapper( *args, **kwargs ):
 
 		return func( *args, **kwargs )
 	return wrapper
-	
+
 def disable_on_overdue_payment( func ):
 	"""
 	Decorator to disable specific endpoints if the user
@@ -6228,7 +6228,7 @@ def deploy_diagram( credentials, project_name, project_id, diagram_data, project
 	]
 	"""
 	deployment_exceptions = []
-	
+
 	for workflow_state in diagram_data[ "workflow_states" ]:
 		if workflow_state[ "type" ] == "lambda":
 			node_arn = "arn:aws:lambda:" + credentials[ "region" ] + ":" + str( credentials[ "account_id" ] ) + ":function:" + get_lambda_safe_name( workflow_state[ "name" ] )
@@ -7943,7 +7943,7 @@ def post( self ):
 		diagram_data = json.loads( self.json[ "diagram_data" ] )
 
 		credentials = self.get_authenticated_user_cloud_configuration()
-		
+
 		deployment_data = yield deploy_diagram(
 			credentials,
 			project_name,