Record CloudMapper collect failures and provide them in exceptions

[0xdabbad00]

People are running into problems with CloudMapper because they aren't running it with all of the expected privileges. Either due to an SCP or other reason, the collect is failing for some of the things it tries to collect. See #536 and #446. This is resulting in confusing issues being filed and likely frustrations for many that ignore the collect failures and then don't understand why other commands from CloudMapper aren't working.

I need to have collect record something for whether or not it was successful. If it was not successful, I should have later commands throw an error immediately and force the use of a flag like --bad-idea or something so they hopefully realize things are going to go poorly for them. Another idea is on any later exceptions, to print information about the collect issues that had been encountered. Another idea is to have a github issue template that asks people if they encountered errors on collect when filing their issue.

[sprink]

Is there a workaround for this? We have an S3 bucket that we don't want any tools to access, not even security tools. This single s3 bucket is basically making cloudmapper non-functional for our environment. Is it possible to skip such resources we've agreed we want to ignore?

[0xdabbad00]

When CloudMapper's collect runs into errors it should continue running. It will still collect the majority of the information from an account and usually is still able to run audit and other commands, but be aware that it may miss some things. For example, if a bucket were somehow public but for some reason you received an error in collecting information about it, CloudMapper would not be able to know the bucket is public.

[sprink]

That seems to be the case as my collect finishes with a summary shown here:

Summary: 321 APIs called. 5 errors
Failures:
s3.get_bucket_acl({'Bucket': 'REDACTED'}): An error occurred (AccessDenied) when calling the GetBucketAcl operation: Access Denied
...

But report still fails:

• Getting resource counts
  Traceback (most recent call last):
  File "cloudmapper.py", line 72, in
  main()
  File "cloudmapper.py", line 66, in main
  commands[command].run(arguments)
  File "/opt/cloudmapper/commands/report.py", line 471, in run
  report(accounts, config, args)
  File "/opt/cloudmapper/commands/report.py", line 101, in report
  account, args.stats_all_resources
  File "/opt/cloudmapper/shared/common.py", line 280, in get_account_stats
  )["LocationConstraint"]
  TypeError: 'NoneType' object is not subscriptable

all 5 errors on collect are from a single s3 bucket.

Looks like we are using CloudMapper 2.8.2

[Techbrunch]

Same issue as #925 #772, it would be really nice to be able to generate the report, I ran into the exact issue as @sprink.

If you run into the same issue both have a workaround.