search

noqdev / iambic

IAMbic is Version-Control for IAM. It centralizes and simplifies cloud access and permissions. It maintains an eventually consistent, human-readable, bi-directional representation of IAM in Git.
https://iambic.org
Apache License 2.0
281 stars 26 forks source link

IndexError('list index out of range') in import resources #581

Closed rodolphoescobar closed 1 year ago

rodolphoescobar commented 1 year ago

Describe the bug iambic import resources not work with AWS Organizations

To Reproduce Steps to reproduce the behavior:

  1. Run iambic import

Error

2023/08/16 18:27:54 [error ] Unhandled Exception error=IndexError('list index out of range') exception=IndexError stacktrace= File "/usr/local/lib/python3.10/runpy.py", line 196, in _run_module_as_main return _run_code(code, main_globals, None, File "/usr/local/lib/python3.10/runpy.py", line 86, in _run_code exec(code, run_globals) File "/app/iambic/main.py", line 542, in <module> cli() File "/usr/local/lib/python3.10/site-packages/click/core.py", line 1157, in __call__ return self.main(*args, **kwargs) File "/usr/local/lib/python3.10/site-packages/click/core.py", line 1078, in main rv = self.invoke(ctx) File "/usr/local/lib/python3.10/site-packages/click/core.py", line 1688, in invoke return _process_result(sub_ctx.command.invoke(sub_ctx)) File "/usr/local/lib/python3.10/site-packages/click/core.py", line 1434, in invoke return ctx.invoke(self.callback, **ctx.params) File "/usr/local/lib/python3.10/site-packages/click/core.py", line 783, in invoke return __callback(*args, **kwargs) File "/app/iambic/main.py", line 447, in import_ asyncio.run(config.run_import(exe_message, repo_dir)) File "/usr/local/lib/python3.10/asyncio/runners.py", line 44, in run return loop.run_until_complete(main) File "/usr/local/lib/python3.10/asyncio/base_events.py", line 649, in run_until_complete return future.result() File "/app/iambic/config/dynamic_config.py", line 268, in run_import await asyncio.gather(*tasks) File "/app/iambic/plugins/v0_1_0/aws/handlers.py", line 462, in import_aws_resources await asyncio.gather(*tasks) File "/app/iambic/plugins/v0_1_0/aws/handlers.py", line 339, in import_service_resources await asyncio.gather( File "/app/iambic/plugins/v0_1_0/aws/organizations/scp/template_generation.py", line 259, in generate_aws_scp_policy_templates templates: list[AwsScpPolicyTemplate] = await asyncio.gather(*tasks) File "/app/iambic/plugins/v0_1_0/aws/organizations/scp/template_generation.py", line 311, in upsert_templated_scp_policies template_params, template_properties = AwsScpPolicyTemplate.factory_template_props( File "/app/iambic/plugins/v0_1_0/aws/organizations/scp/models.py", line 488, in factory_template_props PolicyTargetProperties.parse_targets( File "/app/iambic/plugins/v0_1_0/aws/organizations/scp/models.py", line 118, in parse_targets target_id = list(

smoy commented 1 year ago

hi @rodolphoescobar, is there account in your AWS Organization in SUSPEND or PENDING_DELETE state?

it seems like this is our implementation trying to referencing a SCP target account but our model only keeps track of active account.

smoy commented 1 year ago

hi @rodolphoescobar , we have release iambic-core version 0.11.52 to address the SCP import issue. Let us know if you still face issue during import.

https://pypi.org/project/iambic-core/#history

rodolphoescobar commented 1 year ago

SCP works fine.