🐛 Bug Report: AttributeError: 'list' object has no attribute 'items' (both for recommend_groups and terraform )

[iamkcsekhar]

👟 Reproduction steps

First time user, when I hit find unused it is working perfectly. However the other options recommend_groups and terraform are throwing errors

$ sudo airiam recommend_groups -p Account1

 ____      __           _____      ____     __        __
/ __ \    |__|  _  ____|_   _|    / __ \   |   \    /   |

/ / \ \ | |/ _| | | / / \ \ | |\ \ / /| | / /\ \ | | | / | | / /\ \ | | \ \/ / | | / __ _| || | | |_ / __ \ | \ / | | // _\|_| |____|// __| \/ || v0.1.83

AirIAM - Least privilege AWS IAM Terraformer

To continuously scan configurations, try the Bridgecrew free community plan. https://www.bridgecrew.io

INFO:botocore.credentials:Found credentials in shared credentials file: ~/.aws/credentials Reusing local data INFO:root:Analyzing data for account xxxxxxxxx(masked) INFO:root:Using the default UserOrganizer Traceback (most recent call last): File "/usr/bin/airiam", line 5, in run() File "/home/cspm/.local/lib/python3.7/site-packages/airiam/main.py", line 36, in run report_with_recommendations = recommend_groups(logger, runtime_results, args.last_used_threshold) File "/home/cspm/.local/lib/python3.7/site-packages/airiam/recommend_groups/recommend_groups.py", line 19, in recommend_groups runtime_iam_report.set_reorg(organizer.get_user_clusters(runtime_iam_report)) File "/home/cspm/.local/lib/python3.7/site-packages/airiam/recommend_groups/recommend_groups.py", line 38, in get_user_clusters simple_user_clusters = self._create_simple_user_clusters(human_users, iam_data['AccountGroups'], iam_data['AccountPolicies']) File "/home/cspm/.local/lib/python3.7/site-packages/airiam/recommend_groups/recommend_groups.py", line 84, in _create_simple_user_clusters if PolicyAnalyzer.policy_is_write_access(policy_document): File "/home/cspm/.local/lib/python3.7/site-packages/airiam/find_unused/PolicyAnalyzer.py", line 62, in policy_is_write_access for priv, priv_obj in action_map.get(action_service, {}).get('privileges', []).items(): AttributeError: 'list' object has no attribute 'items'

👍 Expected behavior

It should show recommendations

👎 Actual Behavior

$ sudo airiam recommend_groups -p Account1

 ____      __           _____      ____     __        __
/ __ \    |__|  _  ____|_   _|    / __ \   |   \    /   |

/ / \ \ | |/ _| | | / / \ \ | |\ \ / /| | / /\ \ | | | / | | / /\ \ | | \ \/ / | | / __ _| || | | |_ / __ \ | \ / | | // _\|_| |____|// __| \/ || v0.1.83

AirIAM - Least privilege AWS IAM Terraformer

To continuously scan configurations, try the Bridgecrew free community plan. https://www.bridgecrew.io

INFO:botocore.credentials:Found credentials in shared credentials file: ~/.aws/credentials Reusing local data INFO:root:Analyzing data for account xxxxxxxxx(masked) INFO:root:Using the default UserOrganizer Traceback (most recent call last): File "/usr/bin/airiam", line 5, in run() File "/home/cspm/.local/lib/python3.7/site-packages/airiam/main.py", line 36, in run report_with_recommendations = recommend_groups(logger, runtime_results, args.last_used_threshold) File "/home/cspm/.local/lib/python3.7/site-packages/airiam/recommend_groups/recommend_groups.py", line 19, in recommend_groups runtime_iam_report.set_reorg(organizer.get_user_clusters(runtime_iam_report)) File "/home/cspm/.local/lib/python3.7/site-packages/airiam/recommend_groups/recommend_groups.py", line 38, in get_user_clusters simple_user_clusters = self._create_simple_user_clusters(human_users, iam_data['AccountGroups'], iam_data['AccountPolicies']) File "/home/cspm/.local/lib/python3.7/site-packages/airiam/recommend_groups/recommend_groups.py", line 84, in _create_simple_user_clusters if PolicyAnalyzer.policy_is_write_access(policy_document): File "/home/cspm/.local/lib/python3.7/site-packages/airiam/find_unused/PolicyAnalyzer.py", line 62, in policy_is_write_access for priv, priv_obj in action_map.get(action_service, {}).get('privileges', []).items(): AttributeError: 'list' object has no attribute 'items'

💻 Operating system

Linux

🧱 Your Environment

No response

Python Version

python3 --version Python 3.7.5

checkov-version

not using it

Share output with the environment variable LOG_LEVEL set to DEBUG

Traceback (most recent call last): File "/usr/bin/airiam", line 5, in run() File "/home/cspm/.local/lib/python3.7/site-packages/airiam/main.py", line 36, in run report_with_recommendations = recommend_groups(logger, runtime_results, args.last_used_threshold) File "/home/cspm/.local/lib/python3.7/site-packages/airiam/recommend_groups/recommend_groups.py", line 19, in recommend_groups runtime_iam_report.set_reorg(organizer.get_user_clusters(runtime_iam_report)) File "/home/cspm/.local/lib/python3.7/site-packages/airiam/recommend_groups/recommend_groups.py", line 38, in get_user_clusters simple_user_clusters = self._create_simple_user_clusters(human_users, iam_data['AccountGroups'], iam_data['AccountPolicies']) File "/home/cspm/.local/lib/python3.7/site-packages/airiam/recommend_groups/recommend_groups.py", line 84, in _create_simple_user_clusters if PolicyAnalyzer.policy_is_write_access(policy_document): File "/home/cspm/.local/lib/python3.7/site-packages/airiam/find_unused/PolicyAnalyzer.py", line 62, in policy_is_write_access for priv, priv_obj in action_map.get(action_service, {}).get('privileges', []).items(): AttributeError: 'list' object has no attribute 'items'

👀 Have you spent some time to check if this issue has been raised before?

• [X] I checked and didn't find similar issue

[nimrodkor]

Fixing this seems like a pretty straightforward task. The bad line:

for priv, priv_obj in action_map.get(action_service, {}).get('privileges', []).items():

The error: AttributeError: 'list' object has no attribute 'items' So what we need is to replace the default result of .get('privileges', []) to be {}. Cool, short OSS contribution if anyone is up for it!