Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

STS credentials reused improperly #221

Closed
dsumsky opened this issue Nov 3, 2016 · 3 comments
Closed

STS credentials reused improperly #221

dsumsky opened this issue Nov 3, 2016 · 3 comments
Assignees
Labels
Milestone

Comments

@dsumsky
Copy link

dsumsky commented Nov 3, 2016

Bug Report

STS credentials for one AWS account seem to be reused when connecting to another AWS account before they expire.

I want to write a function to check limits/thresholds in multiple AWS accounts at once. The code below returns number of S3 buckets in ACCOUNT01 account correctly but it is incorrect for ACCOUNT02 account as the STS credentials from ACCOUNT01 account are reused.

Testing code to reproduce the issue:

#!/usr/bin/env python
from awslimitchecker.checker import AwsLimitChecker

def foo(event):
    # input parameters for checker
    service = event['service']
    region = event['region']
    account_name = event['account_name']
    account_id = str(event['accounts'][account_name]['id'])
    account_role = event['account_role']

    checker = AwsLimitChecker(account_id=account_id, 
                              account_role=account_role, region=region)
    checker.check_thresholds(service)
    result = checker.get_limits(service)[service]

    for limit_name, limit in result.items():
        limitstr = str(limit.get_limit())
        usagestr = str(limit.get_current_usage_str())

        print("Service usage: account_name: {}, region: {}, service: {}, \
              limit_name: {}, limit: {}, limit_usage: {}".format(account_name, \
              region, service, limit_name, limitstr, usagestr))


if __name__ == "__main__":
    event = {
        u'service': 'S3',
        u'region': 'us-east-1',
        u'account_name': 'ACCOUNT01',
        u'account_role': 'ALC_ROLE',
        u'accounts': {
            u'ACCOUNT01': {
                u'id': XXXXXXXXXXX01
            },
            u'ACCOUNT02': {
                u'id': XXXXXXXXXXX02
            }

        }
    }

    foo(event)

    event['account_name'] = 'ACCOUNT02'

    foo(event)

Testing Assistance

So far, I haven't been able to update Test_Connectable test so tox wouldn't return any failures.

Version

Reproduced on versions 0.5.1 and 0.5.0.

Installation Method

Installed with pip.

@jantman jantman added the bug label Nov 3, 2016
@jantman jantman added this to the 0.6.0 milestone Nov 3, 2016
@jantman
Copy link
Owner

jantman commented Nov 3, 2016

@dsumsky Thanks for opening this; yeah, that's a bug and logic error on my part. I'll look at the PR later today or tomorrow, and see what I can do about tests.

@jantman jantman self-assigned this Nov 11, 2016
jantman added a commit that referenced this issue Nov 11, 2016
@jantman
Copy link
Owner

jantman commented Nov 11, 2016

This was merged to develop in #225 and will be in the next release. Thanks SO much, @dsumsky

@jantman
Copy link
Owner

jantman commented Nov 12, 2016

This has been released in 0.6.0 and is now live on PyPI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants