From 80e531f3a02308f07a4327c22223b12515ef2cc2 Mon Sep 17 00:00:00 2001
From: Tim Seagren <tim.seagren.ctr@us.af.mil>
Date: Mon, 26 Jul 2021 09:53:49 -0700
Subject: [PATCH] adding accessdeniedexception hnadling

---
 rotate-credentials/rotate-credentials.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/rotate-credentials/rotate-credentials.py b/rotate-credentials/rotate-credentials.py
index 508bc81..81fe5e2 100644
--- a/rotate-credentials/rotate-credentials.py
+++ b/rotate-credentials/rotate-credentials.py
@@ -71,10 +71,15 @@ def _store_new_password(client, secret_name, username, password, old_password):
       # We can't find the resource that you asked for.
       # Deal with the exception here, and/or rethrow at your discretion.
       raise e
+    elif e.response['Error']['Code'] == 'AccessDeniedException':
+      # We can't find the resource that you asked for.
+      # Deal with the exception here, and/or rethrow at your discretion.
+      raise e
 
 
 def _get_credential(client, secret_name):
 
+  logs.info(f"Getting credential {secret_name}")
   try:
     get_secret_value_response = client.get_secret_value(
       SecretId=secret_name
@@ -100,7 +105,12 @@ def _get_credential(client, secret_name):
       # We can't find the resource that you asked for.
       # Deal with the exception here, and/or rethrow at your discretion.
       raise e
+    elif e.response['Error']['Code'] == 'AccessDeniedException':
+      # We can't find the resource that you asked for.
+      # Deal with the exception here, and/or rethrow at your discretion.
+      raise e
   else:
+    logs.info(f"Found secret {secret_name}")
     # Decrypts secret using the associated KMS CMK.
     # Depending on whether the secret is a string or binary, one of these fields will be populated.
     if 'SecretString' in get_secret_value_response:
-- 
GitLab