1. Atlassian Security Team Avatar Atlassian Security Team
  2. public tools
  3. spacecrab
  4. Issues

manager.py doesn't support root tokens

Issue #7 new
Michael LoSapio created an issue

If doing the unthinkable and using root tokens in the account, manager.py bails. 

Traceback (most recent call last):
  File "manager.py", line 588, in <module>
    main(sys.argv)
  File "manager.py", line 584, in main
    new_stack(cfn)
  File "manager.py", line 465, in new_stack
    arn = get_permission_stuff()
  File "manager.py", line 337, in get_permission_stuff
    r = get_current_userid()
  File "manager.py", line 328, in get_current_userid
    retval['name'] = name_bits[1]
IndexError: list index out of range

Will try to work through it and commit a patch back

Comments (1)

  1. Michael LoSapio reporter

    cat 0001-Simple-work-around-for-root-user.patch 

    From c3cee155ac471041d1f6138b40775142c790e8b6 Mon Sep 17 00:00:00 2001
From: "mike@losap.io" <mike@losap.io>
Date: Fri, 16 Feb 2018 13:31:55 -0500
Subject: [PATCH] Simple work-around for root user

---
 manager.py | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/manager.py b/manager.py
index 6dbbe50..f09af47 100755
--- a/manager.py
+++ b/manager.py
@@ -323,13 +323,19 @@ def get_current_userid():
     # arn:aws:sts::accountID:assumed-role/role-name/someusername
     bits = arn.split(':')[-2:]
     retval['account'] = bits[0]
-    name_bits = bits[1].split('/')
-    retval['type'] = name_bits[0]
-    retval['name'] = name_bits[1]
-    if ':' in callid['UserId']:
-        retval['id'] = callid['UserId'].split(':')[0]
+    if '/' in bits[1]:
+        name_bits = bits[1].split('/')
+        retval['type'] = name_bits[0]
+        retval['name'] = name_bits[1]
+        if ':' in callid['UserId']:
+            retval['id'] = callid['UserId'].split(':')[0]
+        else:
+            retval['id'] = callid['UserId']
+    elif bits[1] == 'root':
+        retval['name'] = 'root'
+        retval['type'] = 'root'
     else:
-        retval['id'] = callid['UserId']
+        raise ValueError('Unable to determine calling user in %s' % arn)
     return retval


-- 
2.16.0
  2. Log in to comment
Assignee
Type
bug
Priority
minor
Status
new
Votes
0
Watchers
1