chore: revision

prowler-cloud · Nov 6, 2024 · 53c8938 · 53c8938
1 parent 5814fbd
commit 53c8938
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 28 deletions.
diff --git a/...ared_within_organization_only/servicecatalog_portfolio_shared_within_organization_only.py b/...ared_within_organization_only/servicecatalog_portfolio_shared_within_organization_only.py
@@ -13,18 +13,20 @@ def execute(self):
         for org in organizations_client.organizations:
             if org.status == "ACTIVE":
                 for portfolio in servicecatalog_client.portfolios.values():
-                    report = Check_Report_AWS(self.metadata())
-                    report.region = portfolio.region
-                    report.resource_id = portfolio.id
-                    report.resource_arn = portfolio.arn
-                    report.resource_tags = portfolio.tags
-                    report.status = "PASS"
-                    report.status_extended = f"ServiceCatalog Portfolio {portfolio.name} is shared within your AWS Organization."
-                    for portfolio_share in portfolio.shares:
-                        if portfolio_share.type == "ACCOUNT":
-                            report.status = "FAIL"
-                            report.status_extended = f"ServiceCatalog Portfolio {portfolio.name} is shared with an account."
+                    if portfolio.shares is not None:
+                        report = Check_Report_AWS(self.metadata())
+                        report.region = portfolio.region
+                        report.resource_id = portfolio.id
+                        report.resource_arn = portfolio.arn
+                        report.resource_tags = portfolio.tags
+                        report.status = "PASS"
+                        report.status_extended = f"ServiceCatalog Portfolio {portfolio.name} is shared within your AWS Organization."
+                        for portfolio_share in portfolio.shares:
+                            if portfolio_share.type == "ACCOUNT":
+                                report.status = "FAIL"
+                                report.status_extended = f"ServiceCatalog Portfolio {portfolio.name} is shared with an account."
+                                break
 
-                    findings.append(report)
+                        findings.append(report)
 
         return findings
diff --git a/prowler/providers/aws/services/servicecatalog/servicecatalog_service.py b/prowler/providers/aws/services/servicecatalog/servicecatalog_service.py
@@ -9,7 +9,7 @@
 PORTFOLIO_SHARE_TYPES = [
     "ACCOUNT",
     "ORGANIZATION",
-    "ORGANIZATION_UNIT",
+    "ORGANIZATIONAL_UNIT",
     "ORGANIZATION_MEMBER_ACCOUNT",
 ]
 
@@ -50,20 +50,26 @@ def _describe_portfolio_shares(self, portfolio):
             logger.info("ServiceCatalog - describing portfolios shares...")
             regional_client = self.regional_clients[portfolio.region]
             for portfolio_type in PORTFOLIO_SHARE_TYPES:
-              try:
-                  for share in regional_client.describe_portfolio_shares(
-                      PortfolioId=portfolio.id,
-                      Type=portfolio_type,
-                  ).get("PortfolioShareDetails", []):
-                      portfolio_share = PortfolioShare(
-                          type=portfolio_type,
-                          accepted=share["Accepted"],
-                      )
-                      portfolio.shares.append(portfolio_share)
-              except Exception as error:
-                  logger.error(
-                      f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                  )
+                try:
+                    for share in regional_client.describe_portfolio_shares(
+                        PortfolioId=portfolio.id,
+                        Type=portfolio_type,
+                    ).get("PortfolioShareDetails", []):
+                        portfolio_share = PortfolioShare(
+                            type=portfolio_type,
+                            accepted=share["Accepted"],
+                        )
+                        portfolio.shares.append(portfolio_share)
+                except Exception as error:
+                    if error.response["Error"]["Code"] == "AccessDeniedException":
+                        logger.error(
+                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                        )
+                        portfolio.shares = None
+                    else:
+                        logger.error(
+                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                        )
         except Exception as error:
             logger.error(
                 f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
@@ -75,7 +81,7 @@ def _describe_portfolio(self, portfolio):
             try:
                 regional_client = self.regional_clients[portfolio.region]
                 portfolio.tags = regional_client.describe_portfolio(
-                    PortfolioId=portfolio.id,
+                    Id=portfolio.id,
                 )["Tags"]
             except Exception as error:
                 logger.error(