Skip to content

Commit

Permalink
Fix bug: Return empty access_keys object when access keys do not exist (
Browse files Browse the repository at this point in the history 
#1309)

While running the AWS sync in Cartography, the following error occurs,
causing the sync process to fail:

```
ERROR:cartography.sync:Unhandled exception during sync stage 'aws'
Traceback (most recent call last):
  File "/home/REDACTED/cartography/cartography/sync.py", line 113, in run
    stage_func(neo4j_session, config)
  File "/home/REDACTED/cartography/cartography/util.py", line 197, in timed
    return method(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/REDACTED/cartography/cartography/intel/aws/__init__.py", line 298, in start_aws_ingestion
    sync_successful = _sync_multiple_accounts(
                      ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/REDACTED/cartography/cartography/intel/aws/__init__.py", line 169, in _sync_multiple_accounts
    _sync_one_account(
  File "/home/REDACTED/cartography/cartography/intel/aws/__init__.py", line 64, in _sync_one_account
    RESOURCE_FUNCTIONS[func_name](**sync_args)
  File "/home/REDACTED/cartography/cartography/util.py", line 197, in timed
    return method(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/REDACTED/cartography/cartography/intel/aws/iam.py", line 819, in sync
    sync_user_access_keys(neo4j_session, boto3_session, current_aws_account_id, update_tag, common_job_parameters)
  File "/home/REDACTED/cartography/cartography/util.py", line 197, in timed
    return method(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/REDACTED/cartography/cartography/intel/aws/iam.py", line 795, in sync_user_access_keys
    access_keys = get_account_access_key_data(boto3_session, user["name"])
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/REDACTED/cartography/cartography/util.py", line 197, in timed
    return method(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/REDACTED/cartography/cartography/intel/aws/iam.py", line 230, in get_account_access_key_data
    for access_key in access_keys['AccessKeyMetadata']:
                      ~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^
KeyError: 'AccessKeyMetadata'
ERROR:__main__:Error in AWS account sync REDACTED: 'AccessKeyMetadata'
```
The fix involves returning the access_keys object directly from the
get_account_access_key_data function. This ensures that the function
returns the correct data structure, even if the AccessKeyMetadata key is
missing.

The function was tested with various AWS accounts to ensure it correctly
handles cases where the AccessKeyMetadata key is present and when it is
missing.
Verified that the sync process was completed successfully without any
errors.

Co-authored-by: Alex Chantavy <[email protected]>
  • Loading branch information
@austincomstockzoom @achantavy
austincomstockzoom and achantavy authored Jun 17, 2024
1 parent 098d8ca commit b9116ed
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions cartography/intel/aws/iam.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,7 @@ def get_account_access_key_data(boto3_session: boto3.session.Session, username:
logger.warning(
f"Could not get access key for user {username} due to NoSuchEntityException; skipping.",
)
return access_keys
for access_key in access_keys['AccessKeyMetadata']:
access_key_id = access_key['AccessKeyId']
last_used_info = client.get_access_key_last_used(
Expand Down

0 comments on commit b9116ed

Please sign in to comment.