change the way cloudAccountId is parsed from Job Paramaters (#9)

Co-authored-by: Mohammad Zuber Khan <[email protected]>
vmware-samples · Sep 1, 2020 · dfbd7ce · dfbd7ce
1 parent afd8f07
commit dfbd7ce
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 11 deletions.
diff --git a/remediation_worker/jobs/s3_enable_access_logging/s3_enable_access_logging.py b/remediation_worker/jobs/s3_enable_access_logging/s3_enable_access_logging.py
@@ -44,9 +44,11 @@ def parse(self, payload):
         finding_info = notification_info.get("FindingInfo", None)
         source_bucket = finding_info.get("ObjectId", None)
 
-        cloud_account = remediation_entry.get("cloudAccount")
-        role_arn = cloud_account.get("roleArn")
-        cloud_account_id = role_arn.split(":")[4]
+        object_chain = remediation_entry["notificationInfo"]["FindingInfo"][
+            "ObjectChain"
+        ]
+        object_chain_dict = json.loads(object_chain)
+        cloud_account_id = object_chain_dict["cloudAccountId"]
         region = finding_info.get("Region")
 
         logging.info(f"cloud_account_id: {cloud_account_id}")

diff --git a/test/unit/test_s3_enable_access_logging.py b/test/unit/test_s3_enable_access_logging.py
@@ -37,10 +37,6 @@ def invalid_payload():
 def full_payload():
     return json.dumps(
         {
-            "cloudAccount": {
-                "provider": "",
-                "roleArn": "arn:aws:iam::530342348278:role/SecureStateRemediation",
-            },
             "notificationInfo": {
                 "RuleId": "5c6cc5cc03dcc90f3631468d",
                 "RuleName": "",
@@ -117,10 +113,6 @@ def full_payload():
 def self_payload():
     return json.dumps(
         {
-            "cloudAccount": {
-                "provider": "",
-                "roleArn": "arn:aws:iam::530342348278:role/SecureStateRemediation",
-            },
             "notificationInfo": {
                 "RuleId": "5c6cc5cc03dcc90f3631468d",
                 "RuleName": "",