From 7f26fdf2d0cbba84e8666749ad1f4e0233c7f07d Mon Sep 17 00:00:00 2001
From: Sergio Garcia <38561120+sergargar@users.noreply.github.com>
Date: Mon, 16 Jan 2023 11:47:23 +0100
Subject: [PATCH] feat(iam): add IAM Role Class (#1709)

Co-authored-by: sergargar <sergio@verica.io>
---
 ...oudwatch_cross_account_sharing_disabled.py |  4 +--
 .../providers/aws/services/iam/iam_service.py | 30 ++++++++++++++-----
 2 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.py
index d7bd59b6..d424cf53 100644
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.py
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.py
@@ -11,8 +11,8 @@ class cloudwatch_cross_account_sharing_disabled(Check):
         report.resource_id = "CloudWatch-CrossAccountSharingRole"
         report.region = iam_client.region
         for role in iam_client.roles:
-            if role["RoleName"] == "CloudWatch-CrossAccountSharingRole":
-                report.resource_arn = role["Arn"]
+            if role.name == "CloudWatch-CrossAccountSharingRole":
+                report.resource_arn = role.arn
                 report.status = "FAIL"
                 report.status_extended = "CloudWatch has allowed cross-account sharing."
         findings.append(report)
diff --git a/prowler/providers/aws/services/iam/iam_service.py b/prowler/providers/aws/services/iam/iam_service.py
index c26a0b34..54b9c418 100644
--- a/prowler/providers/aws/services/iam/iam_service.py
+++ b/prowler/providers/aws/services/iam/iam_service.py
@@ -50,17 +50,21 @@ class IAM:
     def __get_roles__(self):
         try:
             get_roles_paginator = self.client.get_paginator("list_roles")
+            roles = []
+            for page in get_roles_paginator.paginate():
+                for role in page["Roles"]:
+                    roles.append(
+                        Role(
+                            name=role["RoleName"],
+                            arn=role["Arn"],
+                            assume_role_policy=role["AssumeRolePolicyDocument"],
+                        )
+                    )
+            return roles
         except Exception as error:
             logger.error(
                 f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
             )
-        else:
-            roles = []
-            for page in get_roles_paginator.paginate():
-                for role in page["Roles"]:
-                    roles.append(role)
-
-            return roles
 
     def __get_credential_report__(self):
         report_is_completed = False
@@ -427,6 +431,18 @@ class User:
         self.inline_policies = []
 
 
+@dataclass
+class Role:
+    name: str
+    arn: str
+    assume_role_policy: dict
+
+    def __init__(self, name, arn, assume_role_policy):
+        self.name = name
+        self.arn = arn
+        self.assume_role_policy = assume_role_policy
+
+
 @dataclass
 class Group:
     name: str