search

nccgroup / PMapper

A tool for quickly evaluating IAM permissions in AWS.
GNU Affero General Public License v3.0
1.37k stars 169 forks source link

Stack trace on missing credentials #135

Open rdegraaf opened 10 months ago

rdegraaf commented 10 months ago

Describe the bug If pmapper decides that it needs credentials but cannot find any, it dumps a stack trace.

To Reproduce

  1. Make sure that no AWS credentials are present in your shell.
  2. pmapper graph create

  3. Stack trace:

    Traceback (most recent call last):
  File "/home/rdegraaf/aws-venv/bin/pmapper", line 8, in <module>
    sys.exit(main())
  File "/home/rdegraaf/aws-venv/lib/python3.8/site-packages/principalmapper/__main__.py", line 145, in main
    return graph_cli.process_arguments(parsed_args)
  File "/home/rdegraaf/aws-venv/lib/python3.8/site-packages/principalmapper/graphing/graph_cli.py", line 142, in process_arguments
    session = botocore_tools.get_session(parsed_args.profile)
  File "/home/rdegraaf/aws-venv/lib/python3.8/site-packages/principalmapper/util/botocore_tools.py", line 45, in get_session
    stsclient.get_caller_identity()  # raises error if it's not workable
  File "/home/rdegraaf/aws-venv/lib/python3.8/site-packages/botocore/client.py", line 535, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/home/rdegraaf/aws-venv/lib/python3.8/site-packages/botocore/client.py", line 963, in _make_api_call
    http, parsed_response = self._make_request(
  File "/home/rdegraaf/aws-venv/lib/python3.8/site-packages/botocore/client.py", line 986, in _make_request
    return self._endpoint.make_request(operation_model, request_dict)
  File "/home/rdegraaf/aws-venv/lib/python3.8/site-packages/botocore/endpoint.py", line 119, in make_request
    return self._send_request(request_dict, operation_model)
  File "/home/rdegraaf/aws-venv/lib/python3.8/site-packages/botocore/endpoint.py", line 198, in _send_request
    request = self.create_request(request_dict, operation_model)
  File "/home/rdegraaf/aws-venv/lib/python3.8/site-packages/botocore/endpoint.py", line 134, in create_request
    self._event_emitter.emit(
  File "/home/rdegraaf/aws-venv/lib/python3.8/site-packages/botocore/hooks.py", line 412, in emit
    return self._emitter.emit(aliased_event_name, **kwargs)
  File "/home/rdegraaf/aws-venv/lib/python3.8/site-packages/botocore/hooks.py", line 256, in emit
    return self._emit(event_name, kwargs)
  File "/home/rdegraaf/aws-venv/lib/python3.8/site-packages/botocore/hooks.py", line 239, in _emit
    response = handler(**kwargs)
  File "/home/rdegraaf/aws-venv/lib/python3.8/site-packages/botocore/signers.py", line 105, in handler
    return self.sign(operation_name, request)
  File "/home/rdegraaf/aws-venv/lib/python3.8/site-packages/botocore/signers.py", line 189, in sign
    auth.add_auth(request)
  File "/home/rdegraaf/aws-venv/lib/python3.8/site-packages/botocore/auth.py", line 418, in add_auth
    raise NoCredentialsError()
botocore.exceptions.NoCredentialsError: Unable to locate credentials

Expected behavior A useful error message with no stack trace.