ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(organizations): Handle non existent policy (#3319)

Browse Source
This commit is contained in:
Pepe Fagoaga
2024-02-05 12:37:08 +01:00
committed by GitHub
parent b23be4164f
commit c6e8a0b6d3
1 changed files with 17 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
prowler/providers/aws/services/organizations/organizations_service.py
View File

@@ -102,14 +102,13 @@ class Organizations(AWSService):
) )
for page in list_policies_paginator.paginate(Filter=policy_type): for page in list_policies_paginator.paginate(Filter=policy_type):
for policy in page["Policies"]: for policy in page["Policies"]:
policy_content = self.__describe_policy__(policy.get("Id")) policy_id = policy.get("Id")
policy_targets = self.__list_targets_for_policy__( policy_content = self.__describe_policy__(policy_id)
policy.get("Id") policy_targets = self.__list_targets_for_policy__(policy_id)
)
self.policies.append( self.policies.append(
Policy( Policy(
arn=policy.get("Arn"), arn=policy.get("Arn"),
id=policy.get("Id"), id=policy_id,
type=policy.get("Type"), type=policy.get("Type"),
aws_managed=policy.get("AwsManaged"), aws_managed=policy.get("AwsManaged"),
content=policy_content, content=policy_content,
@@ -134,23 +133,29 @@ class Organizations(AWSService):
# This operation can be called only from the organizations management account or by a member account that is a delegated administrator for an Amazon Web Services service. # This operation can be called only from the organizations management account or by a member account that is a delegated administrator for an Amazon Web Services service.
try: try:
policy_desc = self.client.describe_policy(PolicyId=policy_id)["Policy"] policy_content = {}
policy_content = policy_desc["Content"] if policy_id:
policy_content_json = json.loads(policy_content) policy_content = (
self.client.describe_policy(PolicyId=policy_id)
.get("Policy", {})
.get("Content", "")
)
except Exception as error: except Exception as error:
logger.error( logger.error(
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
) )
finally: finally:
return policy_content_json return json.loads(policy_content)
def __list_targets_for_policy__(self, policy_id): def __list_targets_for_policy__(self, policy_id):
logger.info("Organizations - List Targets for policy: %s ...", policy_id) logger.info("Organizations - List Targets for policy: %s ...", policy_id)
try: try:
targets_for_policy = self.client.list_targets_for_policy( targets_for_policy = []
PolicyId=policy_id if policy_id:
)["Targets"] targets_for_policy = self.client.list_targets_for_policy(
PolicyId=policy_id
)["Targets"]
except Exception as error: except Exception as error:
logger.error( logger.error(
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"