cloud-governance 1.1.387__py3-none-any.whl → 1.1.388__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. cloud_governance/common/clouds/aws/cloudtrail/cloudtrail_operations.py +46 -12
  2. {cloud_governance-1.1.387.dist-info → cloud_governance-1.1.388.dist-info}/METADATA +1 -1
  3. {cloud_governance-1.1.387.dist-info → cloud_governance-1.1.388.dist-info}/RECORD +6 -6
  4. {cloud_governance-1.1.387.dist-info → cloud_governance-1.1.388.dist-info}/WHEEL +0 -0
  5. {cloud_governance-1.1.387.dist-info → cloud_governance-1.1.388.dist-info}/licenses/LICENSE +0 -0
  6. {cloud_governance-1.1.387.dist-info → cloud_governance-1.1.388.dist-info}/top_level.txt +0 -0
cloud_governance/common/clouds/aws/cloudtrail/cloudtrail_operations.py CHANGED
@@ -116,21 +116,55 @@ class CloudTrailOperations:
116
116
  return [event.get('Username'), event]
117
117
  return ['', '']
118
118
 
119
- def __check_event_is_assumed_role(self, cloudtrail_event: str):
119
+ def __extract_username_from_arn(self, arn: str, user_type: str):
120
120
  """
121
- This method checks if it assumed_role, if it is return the username and its event from role.
122
- @param cloudtrail_event:
123
- @return:
121
+ Extract username from ARN based on userIdentity type.
122
+ @param arn: The ARN from userIdentity
123
+ @param user_type: The userIdentity type (IAMUser, AssumedRole, FederatedUser, etc.)
124
+ @return: username or empty string
125
+ """
126
+ if not arn or '/' not in arn:
127
+ return ''
128
+
129
+ # ARN formats:
130
+ # IAMUser: arn:aws:iam::account:user/[path/]username
131
+ # AssumedRole: arn:aws:sts::account:assumed-role/role-name/session-name
132
+ # FederatedUser: arn:aws:sts::account:federated-user/username
133
+ # Root: arn:aws:iam::account:root (no slash, return 'root')
134
+
135
+ parts = arn.split('/')
136
+ if len(parts) < 2:
137
+ # No username in ARN (e.g., root user)
138
+ return parts[-1] if parts else ''
139
+
140
+ # Last part is always the username/session-name
141
+ return parts[-1]
142
+
143
+ def __check_event_is_assumed_role(self, cloudtrail_event_str: str):
144
+ """
145
+ This method extracts username from userIdentity ARN for IAM users and AssumedRole users.
146
+ For SAML SSO (AssumedRole), it extracts the username from the session name in the ARN.
147
+ For IAM users, it extracts the username from the ARN path.
148
+ @param cloudtrail_event_str: JSON string of CloudTrailEvent
149
+ @return: [username, parsed_event] or [False, '']
124
150
  """
125
151
  try:
126
- cloudtrail_event = json.loads(cloudtrail_event)
127
- if cloudtrail_event.get('userIdentity').get('type') == "AssumedRole":
128
- role_name = cloudtrail_event.get('userIdentity').get('sessionContext').get('sessionIssuer').get('arn')
129
- assumerole_username, event = self.__get_username_by_role(role_name, "CreateRole", "AWS::IAM::Role")
130
- if not assumerole_username:
131
- arn = cloudtrail_event.get('userIdentity').get('arn')
132
- assumerole_username, event = self.__ger_username_from_arn(resource_arn=arn)
133
- return [assumerole_username, event]
152
+ cloudtrail_event = json.loads(cloudtrail_event_str)
153
+ user_identity = cloudtrail_event.get('userIdentity', {})
154
+ user_type = user_identity.get('type')
155
+ arn = user_identity.get('arn')
156
+
157
+ # Handle supported user types by extracting from ARN
158
+ if user_type in ('AssumedRole', 'IAMUser', 'FederatedUser'):
159
+ username = self.__extract_username_from_arn(arn, user_type)
160
+ if username:
161
+ # Return parsed event wrapped in a dict with CloudTrailEvent key for consistency
162
+ return [username, {'CloudTrailEvent': cloudtrail_event_str}]
163
+
164
+ # For Root or other types without proper ARN
165
+ if user_type == 'Root':
166
+ return ['root', {'CloudTrailEvent': cloudtrail_event_str}]
167
+
134
168
  return [False, '']
135
169
  except Exception as err:
136
170
  return [False, '']
{cloud_governance-1.1.387.dist-info → cloud_governance-1.1.388.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: cloud-governance
3
- Version: 1.1.387
3
+ Version: 1.1.388
4
4
  Summary: Cloud Governance Tool
5
5
  Home-page: https://github.com/redhat-performance/cloud-governance
6
6
  Author: Red Hat
{cloud_governance-1.1.387.dist-info → cloud_governance-1.1.388.dist-info}/RECORD RENAMED
@@ -41,7 +41,7 @@ cloud_governance/common/clouds/aws/athena/abstract_athena_operations.py,sha256=m
41
41
  cloud_governance/common/clouds/aws/athena/boto3_client_athena_operations.py,sha256=h4hdpC1YvvivJTH7_Ld4dfY9SHoj1mWbtCiABkpJrXk,1845
42
42
  cloud_governance/common/clouds/aws/athena/pyathena_operations.py,sha256=V_fBGTTd42V1PW1WABptZU32zXW4ZWqxCgVH9CmXnJw,1392
43
43
  cloud_governance/common/clouds/aws/cloudtrail/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
44
- cloud_governance/common/clouds/aws/cloudtrail/cloudtrail_operations.py,sha256=vTWgSXMPTK_HQ8YjGq7i383Jnn-TonEEilehLIBuBK8,13450
44
+ cloud_governance/common/clouds/aws/cloudtrail/cloudtrail_operations.py,sha256=571z6AIuOyGqBRXzfW1UUDMxhfZd8jmPajY74-jTopw,14803
45
45
  cloud_governance/common/clouds/aws/cloudwatch/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
46
46
  cloud_governance/common/clouds/aws/cloudwatch/cloudwatch_operations.py,sha256=ICfEx_T1whDJhadVwD75zawhLHhkjqeyDjUr5Ao613A,2377
47
47
  cloud_governance/common/clouds/aws/cost_explorer/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -265,8 +265,8 @@ cloud_governance/policy/policy_runners/elasticsearch/__init__.py,sha256=47DEQpj8
265
265
  cloud_governance/policy/policy_runners/elasticsearch/upload_elastic_search.py,sha256=pOwUJWXjJbyTy8iv3Ap8xJGnqQe-5lZgoR8-vGfAVos,1881
266
266
  cloud_governance/policy/policy_runners/ibm/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
267
267
  cloud_governance/policy/policy_runners/ibm/policy_runner.py,sha256=V0E_f7F3hXit0aSq4BlfX1Jd4vjR2NEvOWsJ5upvZ4o,1302
268
- cloud_governance-1.1.387.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
269
- cloud_governance-1.1.387.dist-info/METADATA,sha256=ZyNs1j_P8ChFY6ewF3zZRTJkscP2gMTQSuNoE1vWJ_E,11384
270
- cloud_governance-1.1.387.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
271
- cloud_governance-1.1.387.dist-info/top_level.txt,sha256=jfB1fgj7jvx3YZkZA4G6hFeS1RHO7J7XtnbjuMNMRww,17
272
- cloud_governance-1.1.387.dist-info/RECORD,,
268
+ cloud_governance-1.1.388.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
269
+ cloud_governance-1.1.388.dist-info/METADATA,sha256=Er-ssQwLZ6ydQj_IHhly7w7ce70uqKg_laHz0hAikqM,11384
270
+ cloud_governance-1.1.388.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
271
+ cloud_governance-1.1.388.dist-info/top_level.txt,sha256=jfB1fgj7jvx3YZkZA4G6hFeS1RHO7J7XtnbjuMNMRww,17
272
+ cloud_governance-1.1.388.dist-info/RECORD,,