def get_exceptions()

in UpdateMembers/src/UpdateMember/index.py [0:0]

• 37 lines of code
• 13 McCabe index (conditional complexity)

def get_exceptions(event):
    """
    extract exceptions related to the processed account from event. Return dictionary.
    """
    exceptions_dict = event["exceptions"]
    account_id = event["account"]
    exceptions = dict()
    exceptions["Disabled"] = []
    exceptions["Enabled"] = []
    exceptions["DisabledReason"] = dict()

    # Identify exceptions for this account
    for control in exceptions_dict.keys():
        disabled = False
        enabled = False

        try:
            if account_id in exceptions_dict[control]["Disabled"]:
                disabled = True
        except KeyError:
            logger.info('%s: No "Disabled" exceptions.', control)

        try:
            if account_id in exceptions_dict[control]["Enabled"]:
                enabled = True
        except KeyError:
            logger.info('%s: No "Enabled" exceptions.', control)

        try:
            exceptions["DisabledReason"][control] = exceptions_dict[control][
                "DisabledReason"
            ]
        except KeyError as error:
            logger.error('%s: No "DisabledReason".', control)
            raise error

        if enabled and disabled:
            # Conflict - you cannot enable and disable a control at the same time - fallback to default settin in administrator account
            logger.warning(
                "%s: Conflict - exception states that this control should be enabled AND disabled. Fallback to SecurityHub Administrator configuration.",
                control,
            )
        elif disabled:
            exceptions["Disabled"].append(control)
        elif enabled:
            exceptions["Enabled"].append(control)

    return exceptions