Merge pull request #659 from bridgecrewio/do_not_fail_on_oidc

Do not fail on openID connector
duo-labs · Feb 10, 2020 · 348675c · 348675c
2 parents 90eb27f + 7c5e2f2
commit 348675c
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/commands/weboftrust.py b/commands/weboftrust.py
@@ -264,6 +264,10 @@ def get_iam_trusts(account, nodes, connections, connections_to_get):
                         if "cognito-identity.amazonaws.com" in federated_principal.lower():
                             # TODO: Should show this somehow
                             continue
+                        elif ":oidc-provider/" in federated_principal.lower():
+                            # TODO: handle OpenID Connect identity providers
+                            # https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html
+                            continue
                         raise Exception('Principal {} is not a configured SAML provider'.format(federated_principal))
             if principal.get("AWS", None):
                 principal = principal["AWS"]