From 350be6a01c8bdfbcaa21b4a55aa78633902e6c50 Mon Sep 17 00:00:00 2001 From: Arjun Naik Date: Thu, 19 Mar 2020 13:44:48 +0100 Subject: [PATCH] Better error message when EC2 instance access is not allowed Signed-off-by: Arjun Naik --- piu/cli.py | 3 ++- piu/error_handling.py | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/piu/cli.py b/piu/cli.py index 8f854f6..b07b1dc 100644 --- a/piu/cli.py +++ b/piu/cli.py @@ -420,7 +420,8 @@ def send_odd_ssh_key(ec2, odd_hostname: str, public_key: str) -> bool: try: odd_attributes = instance_attributes(ec2, "ip-address", odd_ip) except RuntimeError as e: - print("Failed to find odd host {0:s}: {1:s}".format(odd_hostname), e) + print("Failed to find odd host {0:s} in current account".format(odd_hostname)) + return False return send_ssh_key("odd", odd_attributes, public_key) diff --git a/piu/error_handling.py b/piu/error_handling.py index 9eccf26..7e0eb77 100644 --- a/piu/error_handling.py +++ b/piu/error_handling.py @@ -26,6 +26,13 @@ def is_credentials_expired_error(e: ClientError) -> bool: return e.response["Error"]["Code"] in ["ExpiredToken", "RequestExpired"] +def is_permissions_error(e: ClientError) -> bool: + return ( + e.response["Error"]["Code"] == "AccessDeniedException" + and "ec2-instance-connect" in e.response["Error"]["Message"] + ) + + def handle_exceptions(func): @functools.wraps(func) def wrapper(): @@ -47,6 +54,13 @@ def wrapper(): file=sys.stderr, ) sys.exit(1) + elif is_permissions_error(e): + print( + "Do you have permissions to use SSH in this account? If this is a Kubernetes account" + " please consider using alternate access methods as described in the documentation " + "https://cloud.docs.zalando.net/howtos/access-private-resources/" + ) + sys.exit(1) else: file_name = store_exception(e) print("Unknown Error.\n" "Please create an issue with the content of {fn}".format(fn=file_name))