Error on --csv
mugzy opened this issue · comments
Exporting to JSON works fine, but when I try CSV, I get the error below.
ec2-security-groups-dumper --csv
Traceback (most recent call last):
File "/usr/local/bin/ec2-security-groups-dumper", line 9, in
load_entry_point('ec2-security-groups-dumper==1.0', 'console_scripts', 'ec2-security-groups-dumper')()
File "/usr/local/lib/python2.7/dist-packages/ec2_security_groups_dumper/main.py", line 280, in main
print firewall.csv
File "/usr/local/lib/python2.7/dist-packages/ec2_security_groups_dumper/main.py", line 213, in csv
for fr in self.rules:
File "/usr/local/lib/python2.7/dist-packages/ec2_security_groups_dumper/main.py", line 151, in rules
raise ValueError
ValueError
Any ideas?
Mmmh, you might have a config we don't.
Can you try adding more debug statements to the script and see what kind of data make it fail?
If you can't let me know, I'll add those myself.
I am not super familiar with python, so if you could give be some debug code and tell me where to add it, I can then post the results.
ok I'll take a look
i have a similar problem using --csv option. The JSON option works just fine.
ok, I'm not sure what's happening, but I pushed a new version on https://pypi.python.org/pypi/ec2-security-groups-dumper/ that should print out more information.
Can anyone try so I can see what type of grant you have?
@lra
here is what i get. again the JSON works fine, it is the CSV
[root@ip-10-0-1-32 ~]# ec2-security-groups-dumper --csv
Traceback (most recent call last):
File "/usr/local/bin/ec2-security-groups-dumper", line 9, in
load_entry_point('ec2-security-groups-dumper==1.1', 'console_scripts', 'ec2-security-groups-dumper')()
File "/usr/local/lib/python2.6/site-packages/ec2_security_groups_dumper/main.py", line 281, in main
print firewall.csv
File "/usr/local/lib/python2.6/site-packages/ec2_security_groups_dumper/main.py", line 213, in csv
writer.writeheader()
AttributeError: DictWriter instance has no attribute 'writeheader'
[root@ip-10-0-1-32 ~]#
I get a different error, also only on csv. Security group ID has been masked.
Traceback (most recent call last):
File "/usr/local/bin/ec2-security-groups-dumper", line 9, in
load_entry_point('ec2-security-groups-dumper==1.1', 'console_scripts', 'ec2-security-groups-dumper')()
File "build/bdist.linux-x86_64/egg/ec2_security_groups_dumper/main.py", line 281, in main
File "build/bdist.linux-x86_64/egg/ec2_security_groups_dumper/main.py", line 214, in csv
File "build/bdist.linux-x86_64/egg/ec2_security_groups_dumper/main.py", line 152, in rules
ValueError: ('Unsupported grant:', {'group_id': u'sg-xxxxxx'})
Ok those are 2 different errors.
@abdulirfan3 can you create a separate issue?
@mugzy you security group has no name. You can't create a security group without a name, how did you do it?
Ok, I am bringing my python skills up to date and debugging this. All of our security groups have names, but only the default groups have a names that show up in rules.grants.
I will let you know what I find out.
Happen to know how to pull info on a specific security group? I have tried using get_all_security_groups('sg-xxxxxx') but it always comes back saying the group does not exists even when I know it does.
I was thinking since the grant always has an ID, I could get the name by looking it up.
@mugzy ,
you wanna do something like below...use the filter operation in get_all_security_group()
fts = {'vpc-id': 'vpc-1895327d', 'group-name': 'wordpress-app-SG'}
sgs = boto.ec2.connect_to_region("us-east-1", aws_access_key_id='XXXXXX', aws_secret_access_key='XXXXXX).get_all_security_groups(filters=fts)
Still not sure why some grants don't have names, but I did code a work around using a lookup table. I also added code for egress rules.
I forked the repo and put my changes there.
u might want to send a ticket to AWS. Either it's a legit use case and they should fix their calls, either it's not and your data might be bugged.
I'd like to know their thoughts before making it official in the tool.
hello! thanks for this really handy tool. is there anyone figure out the --csv out put error "Unsupported grant"
Nope, I need someone to ask AWS if a security group without a name is legit, or it's a bug on their side.
If it's legit, we can add support for it.
I can ask but when I check my SG dump from JSON all SG has name, so how I can prove that, as far as I know it's impossible. which cli spit this output to ask AWS. thanks.
@elias-p can you dump here the error you get?
Traceback (most recent call last):
File "/usr/local/bin/ec2-security-groups-dumper", line 9, in
load_entry_point('ec2-security-groups-dumper==1.1', 'console_scripts', 'ec2-security-groups-dumper')()
File "build/bdist.linux-x86_64/egg/ec2_security_groups_dumper/main.py", line 281, in main
File "build/bdist.linux-x86_64/egg/ec2_security_groups_dumper/main.py", line 214, in csv
File "build/bdist.linux-x86_64/egg/ec2_security_groups_dumper/main.py", line 152, in rules
ValueError: ('Unsupported grant:', {'group_id': u'sg-927XXXXX'})
Same stuff: The AWS API is returning a security group sg-927XXXXX without either a name or a CIDR.
This should never happen.
Sadly I can't just modify the code based on suppositions.
How did you manage to create a nameless sg-927XXXXX security group?
may be some bug but all my security group has name. here is the json out put for this SG
"grants": [id": "sg-927XXXXX"
"description": "None",
"id": "sg-927XXXX",
"name": "WEBXXXXXX",
"rules": [
{
"from_port": "XXXXXXX",
"grants": [
{
"group_id": "sg-21XXXXXXXX"
}
],
"ip_protocol": "tcp",
"to_port": "XXXXXXXXXXXXXX"
},
{
"from_port": "XXXXXXX",
"grants": [
{
"group_id": "sg-89XXXXXXXX"
}
],
"ip_protocol": "tcp",
"to_port": "XXXXXX"
I think the json has been cut, can you paste a valid one?
"description": "None",
"id": "sg-927xxxx",
"name": "WEBXXXXX",
"rules": [
{
"from_port": "xxxx",
"grants": [
{
"group_id": "sg-XX"
}
],
"ip_protocol": "tcp",
"to_port": "xxxx"
},
{
"from_port": "xxxx",
"grants": [
{
"group_id": "sg-xxxx"
}
],
"ip_protocol": "tcp",
"to_port": "xxxx"
},
{
"from_port": "xxx",
"grants": [
{
"group_id": "sg-XXXX"
}
],
"ip_protocol": "tcp",
"to_port": "xxxx"
},
{
"from_port": "xxxx",
"grants": [
{
"group_id": "sg-xxxxxx"
}
],
"ip_protocol": "tcp",
"to_port": "xxxx"
},
{
"from_port": "xxx",
"grants": [
{
"group_id": "sg-xxxxx"
}
],
"ip_protocol": "tcp",
"to_port": "xxxxx"
I finally found the problem, some VPC security groups have no name, working on a fix.
fixed in 1.2
thanks, I have download 1.2 and tried but still I got error on esv.
Traceback (most recent call last):
File "/usr/local/bin/ec2-security-groups-dumper", line 9, in
load_entry_point('ec2-security-groups-dumper==1.1', 'console_scripts', 'ec2-security-groups-dumper')()
File "build/bdist.linux-x86_64/egg/ec2_security_groups_dumper/main.py", line 281, in main
File "build/bdist.linux-x86_64/egg/ec2_security_groups_dumper/main.py", line 214, in csv
File "build/bdist.linux-x86_64/egg/ec2_security_groups_dumper/main.py", line 152, in rules
ValueError: ('Unsupported grant:', {'group_id': u'sg-xxxxxxx'})
You are not running 1.2
I have download the new zip file for 1.2 file and remove the old one and unzip the new one. not sure what other step I have missed.
pip freeze|grep ec2-security-groups-dumper ?
You want to install it with pip, e.g. pip install -U ec2-security-groups-dumper
thanks Ira, please add step on git. still I got error.
1- pip freeze|grep ec2-security-groups-dumper
ec2-security-groups-dumper==1.2
2- ec2-security-groups-dumper --csv
Traceback (most recent call last):
File "/usr/local/bin/ec2-security-groups-dumper", line 9, in
load_entry_point('ec2-security-groups-dumper', 'console_scripts', 'ec2-security-groups-dumper')()
File "/usr/local/lib/python2.7/site-packages/ec2_security_groups_dumper/main.py", line 295, in main
print firewall.csv
File "/usr/local/lib/python2.7/site-packages/ec2_security_groups_dumper/main.py", line 228, in csv
for fr in self.rules:
File "/usr/local/lib/python2.7/site-packages/ec2_security_groups_dumper/main.py", line 162, in rules
rules_grants_cidr_ip=grant_row['cidr_ip'])
File "/usr/local/lib/python2.7/site-packages/ec2_security_groups_dumper/main.py", line 57, in init
assert rules_ip_protocol in (u'tcp', u'udp', u'icmp', None)
AssertionError
what's the json?
the JSON working perfectly!!
Yep, but what's in it? I need the data to know what is breaking
At the beginning I would like to thank you for a great script.
However, I have the same issue as elias-p, json output works fine, but when I'm using csv format, I'm getting the following error:
Traceback (most recent call last):
File "/usr/local/bin/ec2-security-groups-dumper", line 9, in
load_entry_point('ec2-security-groups-dumper==1.2', 'console_scripts', 'ec2-security-groups-dumper')()
File "/usr/local/lib/python2.7/dist-packages/ec2_security_groups_dumper/main.py", line 298, in main
print firewall.csv
File "/usr/local/lib/python2.7/dist-packages/ec2_security_groups_dumper/main.py", line 229, in csv
for fr in self.rules:
File "/usr/local/lib/python2.7/dist-packages/ec2_security_groups_dumper/main.py", line 163, in rules
rules_grants_cidr_ip=grant_row['cidr_ip'])
File "/usr/local/lib/python2.7/dist-packages/ec2_security_groups_dumper/main.py", line 58, in init
assert rules_ip_protocol in (u'tcp', u'udp', u'icmp', None)
AssertionError
If someone can help me in debugging this issue. I've checked that all exported SGs have a name associated with it.
Thanks in advance
you seem to be using an old version
I'm using version 1.2. Is that means that there is newer one ?
No, then it's an unhandled use case.
Can you dump the json in a gist?