fix(glacier): handle no vault policy error (#1650)

Co-authored-by: sergargar <sergio@verica.io>
2026-02-10 23:05:05 +00:00 · 2023-01-04 11:41:56 +01:00
parent f0db63da35
commit 54fbaa808e
3 changed files with 14 additions and 9 deletions
--- a/prowler/providers/aws/services/glacier/glacier_service.py
+++ b/prowler/providers/aws/services/glacier/glacier_service.py
@@ -1,6 +1,7 @@
 import json
 import threading

+from botocore.client import ClientError
 from pydantic import BaseModel

 from prowler.lib.logger import logger
@@ -56,13 +57,16 @@ class Glacier:
        try:
            for vault in self.vaults.values():
                if vault.region == regional_client.region:
-                    vault_access_policy = regional_client.get_vault_access_policy(
-                        vaultName=vault.name
-                    )
-                    self.vaults[vault.name].access_policy = json.loads(
-                        vault_access_policy["policy"]["Policy"]
-                    )
-
+                    try:
+                        vault_access_policy = regional_client.get_vault_access_policy(
+                            vaultName=vault.name
+                        )
+                        self.vaults[vault.name].access_policy = json.loads(
+                            vault_access_policy["policy"]["Policy"]
+                        )
+                    except ClientError as e:
+                        if e.response["Error"]["Code"] == "ResourceNotFoundException":
+                            self.vaults[vault.name].access_policy = {}
        except Exception as error:
            logger.error(
                f"{regional_client.region} --"
--- a/prowler/providers/aws/services/glacier/glacier_vaults_policy_public_access/glacier_vaults_policy_public_access.py
+++ b/prowler/providers/aws/services/glacier/glacier_vaults_policy_public_access/glacier_vaults_policy_public_access.py
@@ -36,7 +36,8 @@ class glacier_vaults_policy_public_access(Check):
                        ):
                            public_access = True
                            break
-
+            else:
+                report.status_extended = f"Vault {vault.name} does not have a policy"
            if public_access:
                report.status = "FAIL"
                report.status_extended = (
--- a/tests/providers/aws/services/glacier/glacier_vaults_policy_public_access/glacier_vaults_policy_public_access_test.py
+++ b/tests/providers/aws/services/glacier/glacier_vaults_policy_public_access/glacier_vaults_policy_public_access_test.py
@@ -58,7 +58,7 @@ class Test_glacier_vaults_policy_public_access:
            assert result[0].status == "PASS"
            assert (
                result[0].status_extended
-                == f"Vault {vault_name} has policy which does not allow access to everyone"
+                == f"Vault {vault_name} does not have a policy"
            )

    def test_vault_policy_pricipal_aws_list_asterisk(self):