PyPI - cloud-governance - Versions diffs - 1.1.387__py3-none-any.whl → 1.1.389__py3-none-any.whl - Mend

cloud-governance 1.1.387py3-none-any.whl → 1.1.389py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

cloud_governance/common/clouds/aws/cloudtrail/cloudtrail_operations.py CHANGED Viewed

@@ -116,21 +116,55 @@ class CloudTrailOperations:
                         return [event.get('Username'), event]
         return ['', '']
-    def __check_event_is_assumed_role(self, cloudtrail_event: str):
+    def __extract_username_from_arn(self, arn: str, user_type: str):
         """
-        This method checks if it assumed_role, if it is return the username and its event from role.
-        @param cloudtrail_event:
-        @return:
+        Extract username from ARN based on userIdentity type.
+        @param arn: The ARN from userIdentity
+        @param user_type: The userIdentity type (IAMUser, AssumedRole, FederatedUser, etc.)
+        @return: username or empty string
+        """
+        if not arn or '/' not in arn:
+            return ''
+        # ARN formats:
+        # IAMUser: arn:aws:iam::account:user/[path/]username
+        # AssumedRole: arn:aws:sts::account:assumed-role/role-name/session-name
+        # FederatedUser: arn:aws:sts::account:federated-user/username
+        # Root: arn:aws:iam::account:root (no slash, return 'root')
+        parts = arn.split('/')
+        if len(parts) < 2:
+            # No username in ARN (e.g., root user)
+            return parts[-1] if parts else ''
+        # Last part is always the username/session-name
+        return parts[-1]
+    def __check_event_is_assumed_role(self, cloudtrail_event_str: str):
+        """
+        This method extracts username from userIdentity ARN for IAM users and AssumedRole users.
+        For SAML SSO (AssumedRole), it extracts the username from the session name in the ARN.
+        For IAM users, it extracts the username from the ARN path.
+        @param cloudtrail_event_str: JSON string of CloudTrailEvent
+        @return: [username, parsed_event] or [False, '']
         """
         try:
-            cloudtrail_event = json.loads(cloudtrail_event)
-            if cloudtrail_event.get('userIdentity').get('type') == "AssumedRole":
-                role_name = cloudtrail_event.get('userIdentity').get('sessionContext').get('sessionIssuer').get('arn')
-                assumerole_username, event = self.__get_username_by_role(role_name, "CreateRole", "AWS::IAM::Role")
-                if not assumerole_username:
-                    arn = cloudtrail_event.get('userIdentity').get('arn')
-                    assumerole_username, event = self.__ger_username_from_arn(resource_arn=arn)
-                return [assumerole_username, event]
+            cloudtrail_event = json.loads(cloudtrail_event_str)
+            user_identity = cloudtrail_event.get('userIdentity', {})
+            user_type = user_identity.get('type')
+            arn = user_identity.get('arn')
+            # Handle supported user types by extracting from ARN
+            if user_type in ('AssumedRole', 'IAMUser', 'FederatedUser'):
+                username = self.__extract_username_from_arn(arn, user_type)
+                if username:
+                    # Return parsed event wrapped in a dict with CloudTrailEvent key for consistency
+                    return [username, {'CloudTrailEvent': cloudtrail_event_str}]
+            # For Root or other types without proper ARN
+            if user_type == 'Root':
+                return ['root', {'CloudTrailEvent': cloudtrail_event_str}]
             return [False, '']
         except Exception as err:
             return [False, '']

{cloud_governance-1.1.387.dist-info → cloud_governance-1.1.389.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cloud-governance
-Version: 1.1.387
+Version: 1.1.389
 Summary: Cloud Governance Tool
 Home-page: https://github.com/redhat-performance/cloud-governance
 Author: Red Hat

{cloud_governance-1.1.387.dist-info → cloud_governance-1.1.389.dist-info}/RECORD RENAMED Viewed

@@ -41,7 +41,7 @@ cloud_governance/common/clouds/aws/athena/abstract_athena_operations.py,sha256=m
 cloud_governance/common/clouds/aws/athena/boto3_client_athena_operations.py,sha256=h4hdpC1YvvivJTH7_Ld4dfY9SHoj1mWbtCiABkpJrXk,1845
 cloud_governance/common/clouds/aws/athena/pyathena_operations.py,sha256=V_fBGTTd42V1PW1WABptZU32zXW4ZWqxCgVH9CmXnJw,1392
 cloud_governance/common/clouds/aws/cloudtrail/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cloud_governance/common/clouds/aws/cloudtrail/cloudtrail_operations.py,sha256=vTWgSXMPTK_HQ8YjGq7i383Jnn-TonEEilehLIBuBK8,13450
+cloud_governance/common/clouds/aws/cloudtrail/cloudtrail_operations.py,sha256=571z6AIuOyGqBRXzfW1UUDMxhfZd8jmPajY74-jTopw,14803
 cloud_governance/common/clouds/aws/cloudwatch/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cloud_governance/common/clouds/aws/cloudwatch/cloudwatch_operations.py,sha256=ICfEx_T1whDJhadVwD75zawhLHhkjqeyDjUr5Ao613A,2377
 cloud_governance/common/clouds/aws/cost_explorer/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -265,8 +265,8 @@ cloud_governance/policy/policy_runners/elasticsearch/__init__.py,sha256=47DEQpj8
 cloud_governance/policy/policy_runners/elasticsearch/upload_elastic_search.py,sha256=pOwUJWXjJbyTy8iv3Ap8xJGnqQe-5lZgoR8-vGfAVos,1881
 cloud_governance/policy/policy_runners/ibm/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cloud_governance/policy/policy_runners/ibm/policy_runner.py,sha256=V0E_f7F3hXit0aSq4BlfX1Jd4vjR2NEvOWsJ5upvZ4o,1302
-cloud_governance-1.1.387.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-cloud_governance-1.1.387.dist-info/METADATA,sha256=ZyNs1j_P8ChFY6ewF3zZRTJkscP2gMTQSuNoE1vWJ_E,11384
-cloud_governance-1.1.387.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-cloud_governance-1.1.387.dist-info/top_level.txt,sha256=jfB1fgj7jvx3YZkZA4G6hFeS1RHO7J7XtnbjuMNMRww,17
-cloud_governance-1.1.387.dist-info/RECORD,,
+cloud_governance-1.1.389.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+cloud_governance-1.1.389.dist-info/METADATA,sha256=VAMZ4oVE8jWRMIijCUQ_Z-ELk-0DQ0BVivKPpOypVRo,11384
+cloud_governance-1.1.389.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+cloud_governance-1.1.389.dist-info/top_level.txt,sha256=jfB1fgj7jvx3YZkZA4G6hFeS1RHO7J7XtnbjuMNMRww,17
+cloud_governance-1.1.389.dist-info/RECORD,,

{cloud_governance-1.1.387.dist-info → cloud_governance-1.1.389.dist-info}/WHEEL RENAMED Viewed

File without changes

{cloud_governance-1.1.387.dist-info → cloud_governance-1.1.389.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

{cloud_governance-1.1.387.dist-info → cloud_governance-1.1.389.dist-info}/top_level.txt RENAMED Viewed

File without changes

cloud-governance 1.1.387__py3-none-any.whl → 1.1.389__py3-none-any.whl

cloud-governance 1.1.387py3-none-any.whl → 1.1.389py3-none-any.whl