#26 - Fix IAM sync crash due to "Action" not being defined on a polic…

…y Statement (#27) * #26 - Fix IAM sync crash due to "Action" not being defined on a policy Statement * Pre-release version to 0.2.2rc1
cartography-cncf · Mar 28, 2019 · a4e8a61 · a4e8a61
1 parent 3ba71b0
commit a4e8a61
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 18 deletions.
diff --git a/cartography/intel/aws/iam.py b/cartography/intel/aws/iam.py
@@ -275,29 +275,30 @@ def load_group_policies(session, group_policies, aws_update_tag):
     for group_name, policies in group_policies.items():
         for policy_name, policy_data in policies.items():
             for statement in policy_data["PolicyDocument"]["Statement"]:
-                action = statement["Action"]
-
-                # TODO improve this
-                if action == "sts:AssumeRole":
-                    if statement["Effect"] == "Allow":
-                        roles_arn = statement["Resource"]
-
-                        if type(roles_arn) == str:
-                            session.run(
-                                ingest_policies_assume_role,
-                                GroupName=group_name,
-                                RoleArn=roles_arn,
-                                aws_update_tag=aws_update_tag
-                            )
-                        else:
-                            # TODO the code below probably contains a bug -- why is role_arn not used in the loop?
-                            for role_arn in roles_arn:
+                if "Action" in statement:
+                    action = statement["Action"]
+
+                    # TODO improve this
+                    if action == "sts:AssumeRole":
+                        if statement["Effect"] == "Allow":
+                            roles_arn = statement["Resource"]
+
+                            if type(roles_arn) == str:
                                 session.run(
                                     ingest_policies_assume_role,
                                     GroupName=group_name,
                                     RoleArn=roles_arn,
                                     aws_update_tag=aws_update_tag
                                 )
+                            else:
+                                # TODO the code below probably contains a bug -- why is role_arn not used in the loop?
+                                for role_arn in roles_arn:
+                                    session.run(
+                                        ingest_policies_assume_role,
+                                        GroupName=group_name,
+                                        RoleArn=roles_arn,
+                                        aws_update_tag=aws_update_tag
+                                    )
 
 
 def load_user_access_keys(session, user_access_keys, aws_update_tag):

diff --git a/setup.py b/setup.py
@@ -1,6 +1,6 @@
 from setuptools import setup, find_packages
 
-__version__ = '0.2.1'
+__version__ = '0.2.2rc1'
 
 
 setup(