search

duo-labs / cloudtracker

CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
BSD 3-Clause "New" or "Revised" License
887 stars 111 forks source link

bug w/ python 3.9 #83

Open Almenon opened 1 year ago

Almenon commented 1 year ago

There appears to be a bug w/ python 3.9

Relevant info: pipx 1.1.0, python 3.9.6, mac

workaround: using python 3.7

$ cloudtracker --account legacy --list users
INFO     Source of CloudTrail logs: s3://aws-cloudtrail-logs-111111111111-test/
INFO     Using AWS identity: arn:aws:iam::111111111111:user/almenon@ispot.tv
INFO     Using output bucket: s3://aws-athena-query-results-111111111111-us-east-1
INFO     Account cloudtrail log path: s3://aws-cloudtrail-logs-111111111111-test//AWSLogs/111111111111/CloudTrail 

debug:
bucket is aws-cloudtrail-logs-111111111111-test
path is 
path is null? False

Traceback (most recent call last):
  File "/Users/almenon/.local/bin/cloudtracker", line 8, in <module>
    sys.exit(main())
  File "/Users/almenon/.local/pipx/venvs/cloudtracker/lib/python3.9/site-packages/cloudtracker/cli.py", line 104, in main
    run(args, config, args.start, args.end)
  File "/Users/almenon/.local/pipx/venvs/cloudtracker/lib/python3.9/site-packages/cloudtracker/__init__.py", line 421, in run
    datasource = Athena(config['athena'], account, start, end, args)
  File "/Users/almenon/.local/pipx/venvs/cloudtracker/lib/python3.9/site-packages/cloudtracker/datasources/athena.py", line 211, in __init__
    resp = self.s3.list_objects_v2(Bucket=config['s3_bucket'], Prefix=config['path'], MaxKeys=1)
  File "/Users/almenon/.local/pipx/venvs/cloudtracker/lib/python3.9/site-packages/botocore/client.py", line 324, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/Users/almenon/.local/pipx/venvs/cloudtracker/lib/python3.9/site-packages/botocore/client.py", line 608, in _make_api_call
    http, parsed_response = self._endpoint.make_request(
  File "/Users/almenon/.local/pipx/venvs/cloudtracker/lib/python3.9/site-packages/botocore/endpoint.py", line 143, in make_request
    return self._send_request(request_dict, operation_model)
  File "/Users/almenon/.local/pipx/venvs/cloudtracker/lib/python3.9/site-packages/botocore/endpoint.py", line 169, in _send_request
    success_response, exception = self._get_response(
  File "/Users/almenon/.local/pipx/venvs/cloudtracker/lib/python3.9/site-packages/botocore/endpoint.py", line 247, in _get_response
    parsed_response = parser.parse(
  File "/Users/almenon/.local/pipx/venvs/cloudtracker/lib/python3.9/site-packages/botocore/parsers.py", line 210, in parse
    parsed = self._do_error_parse(response, shape)
  File "/Users/almenon/.local/pipx/venvs/cloudtracker/lib/python3.9/site-packages/botocore/parsers.py", line 750, in _do_error_parse
    return self._parse_error_from_body(response)
  File "/Users/almenon/.local/pipx/venvs/cloudtracker/lib/python3.9/site-packages/botocore/parsers.py", line 774, in _parse_error_from_body
    self._replace_nodes(parsed)
  File "/Users/almenon/.local/pipx/venvs/cloudtracker/lib/python3.9/site-packages/botocore/parsers.py", line 395, in _replace_nodes
    if value.getchildren():
AttributeError: 'xml.etree.ElementTree.Element' object has no attribute 'getchildren'
Almenon commented 1 year ago

note that python 3.7 is now end of life: https://endoflife.date/python