[resotocore][fix] Lambda policy mapping (#1850)

someengineering · Dec 6, 2023 · 1525f81 · 1525f81
1 parent dcbb5d6
commit 1525f81
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 10 deletions.
diff --git a/plugins/aws/resoto_plugin_aws/aws_client.py b/plugins/aws/resoto_plugin_aws/aws_client.py
@@ -256,8 +256,10 @@ def get_with_retry(
             log.debug(f"The Aws endpoint does not exist in this region. Skipping. {e}")
             return None
         except Exception as e:
-            log.error(f"[Aws] called service={aws_service} action={action}: hit unexpected error: {e}")
-            raise
+            log.error(f"[Aws] called service={aws_service} action={action}: hit unexpected error: {e}", exc_info=e)
+            if self.config.discard_account_on_resource_error:
+                raise
+            return None
 
     @log_runtime
     def call(
@@ -348,7 +350,8 @@ def accumulate(error_kind: str, message: str, as_info: bool = False) -> None:
         elif code in RetryableErrors:
             log.warning(f"Call to {aws_service} action {action} failed and will be retried eventually. Error: {e}")
             accumulate("FailedAndRetried", f"Retryable call has failed: {code}.")
-            raise e  # already have been retried, give up here
+            if self.config.discard_account_on_resource_error:
+                raise e  # already have been retried, give up here
         else:
             log.error(
                 f"An AWS API error {code} occurred during resource collection of {aws_service} action {action} in "  # noqa: E501

diff --git a/plugins/aws/resoto_plugin_aws/resource/lambda_.py b/plugins/aws/resoto_plugin_aws/resource/lambda_.py
@@ -1,10 +1,9 @@
 import json as json_p
 import logging
 import re
-from typing import ClassVar, Dict, Optional, List, Type
+from typing import ClassVar, Dict, Optional, List, Type, Any
 
 from attrs import define, field
-
 from resoto_plugin_aws.aws_client import AwsClient
 from resoto_plugin_aws.resource.apigateway import AwsApiGatewayRestApi, AwsApiGatewayResource
 from resoto_plugin_aws.resource.base import AwsResource, GraphBuilder, AwsApiSpec, parse_json
@@ -41,10 +40,10 @@ class AwsLambdaPolicyStatement:
     }
     sid: Optional[str] = field(default=None)
     effect: Optional[str] = field(default=None)
-    principal: Optional[Dict[str, str]] = field(default=None)
-    action: Optional[str] = field(default=None)
-    resource: Optional[str] = field(default=None)
-    condition: Optional[Json] = field(default=None)
+    principal: Optional[Any] = field(default=None)
+    action: Optional[Any] = field(default=None)
+    resource: Optional[Any] = field(default=None)
+    condition: Optional[Any] = field(default=None)
 
 
 @define(eq=False, slots=False)
@@ -352,7 +351,8 @@ def get_policy(function: AwsLambdaFunction) -> None:
                         if (
                             statement.principal
                             and statement.condition
-                            and statement.principal["Service"] == "apigateway.amazonaws.com"
+                            and isinstance(statement.principal, dict)
+                            and statement.principal.get("Service") == "apigateway.amazonaws.com"
                             and (arn_like := statement.condition.get("ArnLike")) is not None
                             and (source := arn_like.get("AWS:SourceArn")) is not None
                         ):