From 0f61bfca5f40c8ea11a76b1771f863b562bfa0a0 Mon Sep 17 00:00:00 2001
From: Matt Daue <mattdaue@gmail.com>
Date: Thu, 2 Mar 2023 11:51:56 -0800
Subject: [PATCH 1/2] Defensive coding if boto3_session is not initialized

Signed-off-by: Matt Daue <mattdaue@gmail.com>
---
 iambic/config/wizard.py | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/iambic/config/wizard.py b/iambic/config/wizard.py
index e3da547aa..5dea65a64 100644
--- a/iambic/config/wizard.py
+++ b/iambic/config/wizard.py
@@ -196,7 +196,8 @@ def __init__(self, repo_dir: str):
         self.default_region = "us-east-1"
         try:
             self.boto3_session = boto3.Session(region_name=self.default_region)
-        except Exception:
+        except Exception as exc:
+            log.error(f"Unable to access your AWS account: {exc}")
             self.boto3_session = None
         self.autodetected_org_settings = {}
         self.existing_role_template_map = {}
@@ -331,15 +332,18 @@ async def set_config_details(self):
                 os.remove(self.config_path)
                 sys.exit(1)
 
-        with contextlib.suppress(ClientError, NoCredentialsError):
-            self.autodetected_org_settings = self.boto3_session.client(
-                "organizations"
-            ).describe_organization()["Organization"]
+        if self.boto3_session:
+            with contextlib.suppress(ClientError, NoCredentialsError):
+                self.autodetected_org_settings = self.boto3_session.client(
+                    "organizations"
+                ).describe_organization()["Organization"]
 
     def set_aws_profile_name(
         self, question_text: str = None, allow_none: bool = False
     ) -> Union[str, None]:
-        available_profiles = self.boto3_session.available_profiles
+        available_profiles = []
+        if self.boto3_session:
+            available_profiles = self.boto3_session.available_profiles
         if allow_none:
             available_profiles.insert(0, "None")
 
@@ -404,10 +408,11 @@ def set_boto3_session(self):
             self.set_boto3_session()
 
         self.profile_name = profile_name
-        with contextlib.suppress(ClientError, NoCredentialsError):
-            self.autodetected_org_settings = self.boto3_session.client(
-                "organizations"
-            ).describe_organization()["Organization"]
+        if self.boto3_session:
+            with contextlib.suppress(ClientError, NoCredentialsError):
+                self.autodetected_org_settings = self.boto3_session.client(
+                    "organizations"
+                ).describe_organization()["Organization"]
 
     def get_boto3_session_for_account(self, account_id: str):
         if account_id == self.hub_account_id:
@@ -419,7 +424,10 @@ def get_boto3_session_for_account(self, account_id: str):
                         "Please specify the profile to use to access to the AWS Account.",
                         allow_none=False,
                     )
-            return self.boto3_session, self.profile_name
+            if self.boto3_session:
+                return self.boto3_session, self.profile_name
+            else:
+                return None, self.profile_name
         else:
             profile_name = self.set_aws_profile_name(
                 "Please specify the profile to use to access to the AWS Account.\n"

From ada2baa8302e5515ee2569cadb44f214f241585e Mon Sep 17 00:00:00 2001
From: Matt Daue <mattdaue@gmail.com>
Date: Thu, 2 Mar 2023 12:14:49 -0800
Subject: [PATCH 2/2] Refactor to exit instead of defend

Signed-off-by: Matt Daue <mattdaue@gmail.com>
---
 iambic/config/wizard.py | 48 ++++++++++++++++-------------------------
 1 file changed, 19 insertions(+), 29 deletions(-)

diff --git a/iambic/config/wizard.py b/iambic/config/wizard.py
index 5dea65a64..c95df105e 100644
--- a/iambic/config/wizard.py
+++ b/iambic/config/wizard.py
@@ -198,7 +198,8 @@ def __init__(self, repo_dir: str):
             self.boto3_session = boto3.Session(region_name=self.default_region)
         except Exception as exc:
             log.error(f"Unable to access your AWS account: {exc}")
-            self.boto3_session = None
+            sys.exit(1)
+            
         self.autodetected_org_settings = {}
         self.existing_role_template_map = {}
         self.aws_account_map = {}
@@ -216,17 +217,13 @@ def __init__(self, repo_dir: str):
         else:
             self.hub_account_id = None
 
-        if self.boto3_session:
-            try:
-                default_caller_identity = self.boto3_session.client(
-                    "sts"
-                ).get_caller_identity()
-                caller_arn = get_identity_arn(default_caller_identity)
-                default_hub_account_id = caller_arn.split(":")[4]
-            except (AttributeError, IndexError, NoCredentialsError, ClientError):
-                default_hub_account_id = None
-                default_caller_identity = {}
-        else:
+        try:
+            default_caller_identity = self.boto3_session.client(
+                "sts"
+            ).get_caller_identity()
+            caller_arn = get_identity_arn(default_caller_identity)
+            default_hub_account_id = caller_arn.split(":")[4]
+        except (AttributeError, IndexError, NoCredentialsError, ClientError):
             default_hub_account_id = None
             default_caller_identity = {}
 
@@ -332,18 +329,15 @@ async def set_config_details(self):
                 os.remove(self.config_path)
                 sys.exit(1)
 
-        if self.boto3_session:
-            with contextlib.suppress(ClientError, NoCredentialsError):
-                self.autodetected_org_settings = self.boto3_session.client(
-                    "organizations"
-                ).describe_organization()["Organization"]
+        with contextlib.suppress(ClientError, NoCredentialsError):
+            self.autodetected_org_settings = self.boto3_session.client(
+                "organizations"
+            ).describe_organization()["Organization"]
 
     def set_aws_profile_name(
         self, question_text: str = None, allow_none: bool = False
     ) -> Union[str, None]:
-        available_profiles = []
-        if self.boto3_session:
-            available_profiles = self.boto3_session.available_profiles
+        available_profiles = self.boto3_session.available_profiles
         if allow_none:
             available_profiles.insert(0, "None")
 
@@ -408,11 +402,10 @@ def set_boto3_session(self):
             self.set_boto3_session()
 
         self.profile_name = profile_name
-        if self.boto3_session:
-            with contextlib.suppress(ClientError, NoCredentialsError):
-                self.autodetected_org_settings = self.boto3_session.client(
-                    "organizations"
-                ).describe_organization()["Organization"]
+        with contextlib.suppress(ClientError, NoCredentialsError):
+            self.autodetected_org_settings = self.boto3_session.client(
+                "organizations"
+            ).describe_organization()["Organization"]
 
     def get_boto3_session_for_account(self, account_id: str):
         if account_id == self.hub_account_id:
@@ -424,10 +417,7 @@ def get_boto3_session_for_account(self, account_id: str):
                         "Please specify the profile to use to access to the AWS Account.",
                         allow_none=False,
                     )
-            if self.boto3_session:
-                return self.boto3_session, self.profile_name
-            else:
-                return None, self.profile_name
+            return self.boto3_session, self.profile_name
         else:
             profile_name = self.set_aws_profile_name(
                 "Please specify the profile to use to access to the AWS Account.\n"