[Integration][AWS] bug fix aws breaking the resync on permission issues (#1186)

shalev007 · Shalev Avhar · web-flow · commit 52c9dfb437da · 2024-11-26T19:35:18.000+02:00
- **fix: do not exit resync on permission issues**
- **docs: add version**

# Description

What - Do not stop the resync in case of permission issues

Why - It breaks the API of what we had so far

How - logging and evading permission errors thrown

## Type of change

Please leave one option from the following and delete the rest:

- [X] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] New Integration (non-breaking change which adds a new integration)
- [ ] Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [ ] Non-breaking change (fix of existing functionality that will not
change current behavior)
- [ ] Documentation (added/updated documentation)

&lt;h4&gt; All tests should be run against the port production
environment(using a testing org). &lt;/h4&gt;

### Core testing checklist

- [ ] Integration able to create all default resources from scratch
- [ ] Resync finishes successfully
- [ ] Resync able to create entities
- [ ] Resync able to update entities
- [ ] Resync able to detect and delete entities
- [ ] Scheduled resync able to abort existing resync and start a new one
- [ ] Tested with at least 2 integrations from scratch
- [ ] Tested with Kafka and Polling event listeners
- [ ] Tested deletion of entities that don't pass the selector


### Integration testing checklist

- [ ] Integration able to create all default resources from scratch
- [ ] Resync able to create entities
- [ ] Resync able to update entities
- [ ] Resync able to detect and delete entities
- [ ] Resync finishes successfully
- [ ] If new resource kind is added or updated in the integration, add
example raw data, mapping and expected result to the `examples` folder
in the integration directory.
- [ ] If resource kind is updated, run the integration with the example
data and check if the expected result is achieved
- [ ] If new resource kind is added or updated, validate that
live-events for that resource are working as expected
- [ ] Docs PR link [here](#)

### Preflight checklist

- [ ] Handled rate limiting
- [ ] Handled pagination
- [ ] Implemented the code in async
- [ ] Support Multi account

## Screenshots

Include screenshots from your environment showing how the resources of
the integration will look.

## API Documentation

Provide links to the API documentation used for this integration.

---------

Co-authored-by: Shalev Avhar &lt;shalev@getport.io&gt;
diff --git a/integrations/aws/CHANGELOG.md b/integrations/aws/CHANGELOG.md
@@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 <!-- towncrier release notes start -->
 
+## 0.2.63 (2024-11-25)
+
+
+### Bug Fixes
+
+- Do not break delete entities when a region is not accessible
+
 ## 0.2.62 (2024-11-25)
 
 
@@ -385,7 +392,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Bug Fixes
 
 - Add auto-discover for available regions in case global resources do not have permissions in default region
-- Add access denied handler to STS:AssumeRole 
+- Add access denied handler to STS:AssumeRole
 - Add access denied handler to custom kind resync
 
 
diff --git a/integrations/aws/main.py b/integrations/aws/main.py
@@ -101,6 +101,10 @@ async def resync_resources_for_account(
                 ):
                     yield batch
             except Exception as exc:
+                if is_access_denied_exception(
+                    exc
+                ):  # skip access denied errors since we do not want to skip deleting resources from port
+                    continue
                 regions.append(session.region_name)
                 errors.append(exc)
                 continue
diff --git a/integrations/aws/pyproject.toml b/integrations/aws/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "aws"
-version = "0.2.62"
+version = "0.2.63"
 description = "This integration will map all your resources in all the available accounts to your Port entities"
 authors = ["Shalev Avhar <shalev@getport.io>", "Erik Zaadi <erik@getport.io>"]
 
diff --git a/integrations/aws/utils/resources.py b/integrations/aws/utils/resources.py
@@ -255,5 +255,10 @@ async def resync_cloudcontrol(
                 if not next_token:
                     break
             except Exception as e:
-                logger.error(f"Error resyncing {kind} in region {region}, {e}")
+                if is_access_denied_exception(e):
+                    logger.warning(
+                        f"Skipping resyncing {kind} in region {region} in account {account_id} due to missing access permissions"
+                    )
+                else:
+                    logger.error(f"Error resyncing {kind} in region {region}, {e}")
                 raise e
