Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

airiam recommend_groups error KeyError: 'airflow' #77

Open
ali0818 opened this issue Oct 14, 2021 · 3 comments
Open

airiam recommend_groups error KeyError: 'airflow' #77

ali0818 opened this issue Oct 14, 2021 · 3 comments
Labels
good first issue Good for newcomers hacktoberfest

Comments

@ali0818
Copy link

ali0818 commented Oct 14, 2021

running airiam recommend_groups, in MAC gives this error

INFO:botocore.credentials:Found credentials in shared credentials file: ~/.aws/credentials Reusing local data INFO:root:Analyzing data for account 051349106950 INFO:root:Using the default UserOrganizer Traceback (most recent call last): File "/usr/local/bin/airiam", line 5, in <module> run() File "/usr/local/Cellar/airiam/0.1.49/libexec/lib/python3.9/site-packages/airiam/main.py", line 36, in run report_with_recommendations = recommend_groups(logger, runtime_results, args.last_used_threshold) File "/usr/local/Cellar/airiam/0.1.49/libexec/lib/python3.9/site-packages/airiam/recommend_groups/recommend_groups.py", line 19, in recommend_groups runtime_iam_report.set_reorg(organizer.get_user_clusters(runtime_iam_report)) File "/usr/local/Cellar/airiam/0.1.49/libexec/lib/python3.9/site-packages/airiam/recommend_groups/recommend_groups.py", line 38, in get_user_clusters simple_user_clusters = self._create_simple_user_clusters(human_users, iam_data['AccountGroups'], iam_data['AccountPolicies']) File "/usr/local/Cellar/airiam/0.1.49/libexec/lib/python3.9/site-packages/airiam/recommend_groups/recommend_groups.py", line 84, in _create_simple_user_clusters if PolicyAnalyzer.policy_is_write_access(policy_document): File "/usr/local/Cellar/airiam/0.1.49/libexec/lib/python3.9/site-packages/airiam/find_unused/PolicyAnalyzer.py", line 56, in policy_is_write_access action_map[action_service]['privileges'])) KeyError: 'airflow'
@nimrodkor
Copy link
Contributor

Hey @ali0818 !

I'm guessing the action_map we have does not have that service yet. It gets updated on another cadence. We can protect from this crash by safely accessing the action_map here:

AirIAM/airiam/find_unused/PolicyAnalyzer.py

Line 55 in ec349e8

action_objs = list(filter(lambda privilege_obj: re.match(action_regex, privilege_obj['privilege']),

We need to check if the action_service is in the action_map. If it's not - just return a None inside the filter.

We're open to contributions on this!

@Arun-kc Arun-kc mentioned this issue Oct 14, 2021
Merged
@ops-hummus
Copy link

Do you have an ETA on this issue? I'm having the same

@nimrodkor
Copy link
Contributor

Hey @ops-hummus @ali0818 !

It seems airflow was added to the updating action list manage by our dependency, policy_sentry. You can see it here - https://raw.githubusercontent.com/salesforce/policy_sentry/master/policy_sentry/shared/data/iam-definition.json

Can you validate if this was solved?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers hacktoberfest
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nimrodkor @ali0818 @ops-hummus