From 5e404d6939aa135d60963400e2c696dd714c1d15 Mon Sep 17 00:00:00 2001 From: Sebastian Martinka Date: Mon, 19 Sep 2016 08:48:40 +0200 Subject: [PATCH 1/3] ITO-3615: added exception handling for special characters --- .../provider/base_provider.py | 36 ++++++++++--------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/src/main/python/aws_federation_proxy/provider/base_provider.py b/src/main/python/aws_federation_proxy/provider/base_provider.py index 28cab0c..0bf1c8a 100644 --- a/src/main/python/aws_federation_proxy/provider/base_provider.py +++ b/src/main/python/aws_federation_proxy/provider/base_provider.py @@ -65,22 +65,26 @@ def get_accounts_and_roles(self): groups = self.get_group_list() accounts_and_roles = {} for group in groups: - match = re.search(self.regex, group) - if match: - account = match.group('account') - role = match.group('role') - reason = 'user is in group "%s" which matches regexp "%s"' % ( - group, self.regex) - self.logger.debug( - 'User "%s" may access account "%s", role "%s" because %s.', - self.user, role, account, reason) - if account in accounts_and_roles: - accounts_and_roles[account].add((role, reason)) - else: - accounts_and_roles[account] = set([(role, reason)]) - else: - self.logger.debug('Group "%s" did not match regex "%s"', - group, self.regex) + try: + match = re.search(self.regex, group) + if match: + account = match.group('account') + role = match.group('role') + reason = 'user is in group "%s" which matches regexp "%s"' % ( + group, self.regex) + self.logger.debug( + 'User "%s" may access account "%s", role "%s" because %s.', + self.user, role, account, reason) + if account in accounts_and_roles: + accounts_and_roles[account].add((role, reason)) + else: + accounts_and_roles[account] = set([(role, reason)]) + else: + self.logger.debug('Group "%s" did not match regex "%s"', + group, self.regex) + except Exception as exc: + logging.debug("Error base_provider.ProviderByGroups.get_accounts_and_roles.group: %r" % group) + pass return accounts_and_roles From dd718a5b2567affbe59167ea3fc1e49a15282166 Mon Sep 17 00:00:00 2001 From: Sebastian Martinka Date: Tue, 18 Apr 2017 13:38:12 +0100 Subject: [PATCH 2/3] #7: added sssd_provider --- .../aws_federation_proxy/provider/sssd_provider.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 src/main/python/aws_federation_proxy/provider/sssd_provider.py diff --git a/src/main/python/aws_federation_proxy/provider/sssd_provider.py b/src/main/python/aws_federation_proxy/provider/sssd_provider.py new file mode 100644 index 0000000..441bdaf --- /dev/null +++ b/src/main/python/aws_federation_proxy/provider/sssd_provider.py @@ -0,0 +1,12 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from aws_federation_proxy.provider import ProviderByGroups + +import pysss + +class Provider(ProviderByGroups): + """Uses the pysss module to retrieve group information from SSSD""" + + def get_group_list(self): +return pysss.getgrouplist(self.user) \ No newline at end of file From 326ce5839bacf018660cdf3151e04b16a60b54dc Mon Sep 17 00:00:00 2001 From: Sebastian Martinka Date: Wed, 19 Apr 2017 09:08:31 +0100 Subject: [PATCH 3/3] fixed new provider --- src/main/python/aws_federation_proxy/provider/sssd_provider.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/python/aws_federation_proxy/provider/sssd_provider.py b/src/main/python/aws_federation_proxy/provider/sssd_provider.py index 441bdaf..f06dc25 100644 --- a/src/main/python/aws_federation_proxy/provider/sssd_provider.py +++ b/src/main/python/aws_federation_proxy/provider/sssd_provider.py @@ -9,4 +9,4 @@ class Provider(ProviderByGroups): """Uses the pysss module to retrieve group information from SSSD""" def get_group_list(self): -return pysss.getgrouplist(self.user) \ No newline at end of file + return pysss.getgrouplist(self.user)