From 5853a66322a3a596182772f82e18e76c8f4c606c Mon Sep 17 00:00:00 2001
From: Thirumalesh Aaraveti <athiruma@redhat.com>
Date: Tue, 27 Aug 2024 09:26:16 +0530
Subject: [PATCH] catch the error on empty roles

---
 cloud_governance/policy/aws/empty_roles.py    | 46 ++++++++++---------
 .../helpers/aws/aws_policy_operations.py      |  5 +-
 2 files changed, 27 insertions(+), 24 deletions(-)

diff --git a/cloud_governance/policy/aws/empty_roles.py b/cloud_governance/policy/aws/empty_roles.py
index a92d768c..118ab4ea 100644
--- a/cloud_governance/policy/aws/empty_roles.py
+++ b/cloud_governance/policy/aws/empty_roles.py
@@ -30,26 +30,28 @@ def run_policy_operations(self):
             cleanup_days = 0
             inline_policies = self._iam_operations.list_inline_role_policies(role_name=role_name)
             attached_policies = self._iam_operations.list_attached_role_policies(role_name=role_name)
-            if not cluster_tag and len(inline_policies) == 0 and len(attached_policies) == 0 and \
-                self.get_skip_policy_value(tags=tags) not in ('NOTDELETE', 'SKIP'):
-                cleanup_days = self.get_clean_up_days_count(tags=tags)
-                cleanup_result = self.verify_and_delete_resource(resource_id=role_name, tags=tags,
-                                                                 clean_up_days=cleanup_days)
-                resource_data = self._get_es_schema(resource_id=role_name,
-                                                    user=self.get_tag_name_from_tags(tags=tags, tag_name='User'),
-                                                    skip_policy=self.get_skip_policy_value(tags=tags),
-                                                    cleanup_days=cleanup_days,
-                                                    dry_run=self._dry_run,
-                                                    name=role_name,
-                                                    region=self.IAM_GLOBAL_REGION,
-                                                    cleanup_result=str(cleanup_result),
-                                                    resource_action=self.RESOURCE_ACTION,
-                                                    cloud_name=self._cloud_name,
-                                                    resource_type='EmptyRole',
-                                                    resource_state="Empty",
-                                                    unit_price=0)
-                empty_roles.append(resource_data)
-            if not cleanup_result:
-                self.update_resource_day_count_tag(resource_id=role_name, cleanup_days=cleanup_days, tags=tags)
-
+            try:
+                if not cluster_tag and len(inline_policies) == 0 and len(attached_policies) == 0 and \
+                    self.get_skip_policy_value(tags=tags) not in ('NOTDELETE', 'SKIP'):
+                    cleanup_days = self.get_clean_up_days_count(tags=tags)
+                    cleanup_result = self.verify_and_delete_resource(resource_id=role_name, tags=tags,
+                                                                     clean_up_days=cleanup_days)
+                    resource_data = self._get_es_schema(resource_id=role_name,
+                                                        user=self.get_tag_name_from_tags(tags=tags, tag_name='User'),
+                                                        skip_policy=self.get_skip_policy_value(tags=tags),
+                                                        cleanup_days=cleanup_days,
+                                                        dry_run=self._dry_run,
+                                                        name=role_name,
+                                                        region=self.IAM_GLOBAL_REGION,
+                                                        cleanup_result=str(cleanup_result),
+                                                        resource_action=self.RESOURCE_ACTION,
+                                                        cloud_name=self._cloud_name,
+                                                        resource_type='EmptyRole',
+                                                        resource_state="Empty",
+                                                        unit_price=0)
+                    empty_roles.append(resource_data)
+                if not cleanup_result:
+                    self.update_resource_day_count_tag(resource_id=role_name, cleanup_days=cleanup_days, tags=tags)
+            except Exception as e:
+                logger.error(f'Exception raised while processing the empty roles operation on {role_name}, {e}')
         return empty_roles
diff --git a/cloud_governance/policy/helpers/aws/aws_policy_operations.py b/cloud_governance/policy/helpers/aws/aws_policy_operations.py
index a5a37361..998345b4 100644
--- a/cloud_governance/policy/helpers/aws/aws_policy_operations.py
+++ b/cloud_governance/policy/helpers/aws/aws_policy_operations.py
@@ -57,7 +57,7 @@ def _delete_resource(self, resource_id: str):
             if self._policy == 's3_inactive':
                 self._s3_client.delete_bucket(Bucket=resource_id)
             elif self._policy == 'empty_roles':
-                self._iam_operations.delete_role(role_name=resource_id)
+                response = self._iam_operations.delete_role(role_name=resource_id)
             elif self._policy == 'unattached_volume':
                 self._ec2_client.delete_volume(VolumeId=resource_id)
             elif self._policy == 'ip_unattached':
@@ -74,7 +74,8 @@ def _delete_resource(self, resource_id: str):
                 return False
             logger.info(f'{self._policy} {action}: {resource_id}')
         except Exception as err:
-            logger.info(f'Exception raised: {err}: {resource_id}')
+            logger.error(f'Exception raised: {err}: {resource_id}')
+            raise err
 
     def __remove_tag_key_aws(self, tags: list):
         """