Crash when creating an access request if the approver policy references a deleted group

Question

Crash when creating an access request if the approver policy references a deleted group

Syriiin opened this issue 5 months ago · 4 comments

Describe the bug

When creating an access request, if the relevant approver policy includes a deleted group, the teamListGroups-main throws an error and the UI hangs for the requester.

To Reproduce

Steps to reproduce the behavior:

Navigate to IAM Identity Center
Delete a group used in an approver policy
Navigate to TEAM as a requester
Request access to an account covered by the approver policy
Click submit and see UI hang
Open browser devtools to see the graphql response from teamListGroups-main includes an error

Expected behavior

The missing group is ignored and the request is simply sent to the remaining groups.
OR
An error is shown to the requester indicating an invalid approver policy.

Additional context

teamListGroups-main lambda error log:

START RequestId: 0d569b1a-7162-4632-b4ec-9dc9d74c013c Version: $LATEST
GROUP not found.
LAMBDA_WARNING: Unhandled exception. The most likely cause is an issue in the function code. However, in rare cases, a Lambda runtime update can cause unexpected function behavior. For functions using managed runtimes, runtime updates can be triggered by a function change, or can be applied automatically. To determine if the runtime has been updated, check the runtime version in the INIT_START log entry. If this error correlates with a change in the runtime version, you may be able to mitigate this error by temporarily rolling back to the previous runtime version. For more information, see https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html
[ERROR] TypeError: 'NoneType' object is not iterable
Traceback (most recent call last):
  File "/var/task/index.py", line 41, in handler
    members.extend(list_idc_group_membership(groupId))
END RequestId: 0d569b1a-7162-4632-b4ec-9dc9d74c013c

Answer 1 · 2024-08-11T06:08:10.000Z

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 7 days it will automatically be closed.

Answer 2 · 2024-08-11T08:31:16.000Z

Crash still exists

Answer 3 · 2024-10-10T09:06:30.000Z

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 7 days it will automatically be closed.

Answer 4 · 2024-10-12T03:23:53.000Z

Crash still exists

♻️