Merge pull request #61 from dwc0011/fix-add-is-debug-to-dict

Fix add is debug to dict

Author: dwc0011

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 3.0.0
+current_version = 3.0.1
 commit = True
 message = Bumps version to {new_version}
 tag = False

CHANGELOG.md

@@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
 
+### [3.0.1](https://github.com/plus3it/terraform-aws-tardigrade-iam-key-enforcer/releases/tag/3.0.1)
+
+**Released**: 2026.03.26
+
+**Summary**:
+
+*   Fix defect where if is_debug is not passed in the lambda will fail to run email
+*   Add user emails for warning actions
+
 ### [3.0.0](https://github.com/plus3it/terraform-aws-tardigrade-iam-key-enforcer/releases/tag/3.0.0)
 
 **Released**: 2026.01.20

src/python/iam_key_enforcer_reporter.py

@@ -61,6 +61,7 @@ def __init__(self, client_iam, event: dict):
         """Create IAM Key Enforcer Reporter."""
         self.client_iam = client_iam
         self.enforce_details = event
+        self.enforce_details["is_debug"] = event.get("is_debug") or False
         self.has_errors = False
         self.log_prefix = ARMED_PREFIX if event["armed"] else NOT_ARMED_PREFIX
 
@@ -178,7 +179,7 @@ def process_user_access_key(self, key_user):
         )
 
         # Send emails to user if an action was taken that requires notification
-        if action in (DELETE_ACTION, DISABLE_ACTION):
+        if action in (DELETE_ACTION, DISABLE_ACTION, WARN_ACTION):
             self.mail_user_key_report(action, key_user)
 
         return enforcement_report_row

src/python/mailers.py

@@ -125,9 +125,7 @@ def log_invalid_email(email_type, email):
 
 def validate_email(email):
     """Validate email provided matches regex."""
-    if not email or not re.fullmatch(EMAIL_REGEX, email):
-        return False
-    return True
+    return bool(email and re.fullmatch(EMAIL_REGEX, email))
 
 
 def send_email(ses_client, template, template_data, email_targets):

src/python/utils.py

@@ -9,8 +9,11 @@
     DELETE_ACTION,
     DISABLE_ACTION,
     EMAIL_ADMIN_TEMPLATE,
+    KEY_AGE_INACTIVE,
+    KEY_AGE_WARNING,
     LOG,
     S3_BUCKET,
+    WARN_ACTION,
 )
 from errors import TemplateDataError
 
@@ -98,12 +101,18 @@ def root_user(user) -> bool:
 
 def action_armed_state_message(action, is_armed) -> str | None:
     """Return message based on action and armed state."""
+    armed_msg = "has been" if is_armed else "would be"
     if action == DELETE_ACTION:
-        return "has been deleted" if is_armed else "would be marked for deletion"
+        return f"{armed_msg} deleted"
 
     if action == DISABLE_ACTION:
+        return f"{armed_msg} marked 'Inactive'"
+
+    if action == WARN_ACTION:
+        armed_msg = "will be" if is_armed else "would be"
         return (
-            "has been marked 'Inactive'" if is_armed else "would be marked 'Inactive'"
+            f"is older than {KEY_AGE_WARNING} days and {armed_msg} "
+            f"disabled at {KEY_AGE_INACTIVE} days"
         )
 
     return None

tests/python/test_iam_key_enforcer_reporter.py

@@ -524,6 +524,7 @@ def test_enforce_with_report_rows(self, mock_iam_client, mocker):
             "account_number": "123456789012",
             "exempt_groups": None,
             "email_targets": ["admin@example.com"],
+            "email_user_enabled": False,
             "is_debug": False,
         }
         reporter = IamKeyEnforcerReporter(mock_iam_client, event)
@@ -605,6 +606,7 @@ def test_mail_admin_report_success(self, mock_iam_client, mocker):
             "account_name": "test",
             "account_number": "123",
             "email_targets": ["admin@test.com"],
+            "email_user_enabled": False,
             "is_debug": False,
         }
         reporter = IamKeyEnforcerReporter(mock_iam_client, event)
@@ -627,6 +629,7 @@ def test_mail_admin_report_handles_error(self, mock_iam_client, mocker):
             "account_name": "test",
             "account_number": "123",
             "email_targets": ["admin@test.com"],
+            "email_user_enabled": False,
             "is_debug": False,
         }
         reporter = IamKeyEnforcerReporter(mock_iam_client, event)
@@ -796,6 +799,7 @@ def test_enforce_multiple_users_error_in_middle_continues_and_raises(
             "account_number": "123456789012",
             "exempt_groups": None,
             "email_targets": ["admin@example.com"],
+            "email_user_enabled": False,
             "is_debug": False,
         }
         reporter = IamKeyEnforcerReporter(mock_iam_client, event)
@@ -869,6 +873,7 @@ def test_enforce_and_report_continues_after_user_error(
             "armed": True,
             "account_name": "test-account",
             "account_number": "123456789012",
+            "email_user_enabled": False,
             "exempt_groups": None,
         }
         reporter = IamKeyEnforcerReporter(mock_iam_client, event)
@@ -935,6 +940,7 @@ def test_enforce_processes_all_users_and_keys_before_raising(
             "account_number": "123456789012",
             "exempt_groups": None,
             "email_targets": ["admin@example.com"],
+            "email_user_enabled": False,
             "is_debug": True,
         }
         reporter = IamKeyEnforcerReporter(mock_iam_client, event)

tests/python/test_utils.py

@@ -10,6 +10,7 @@
 from datetime import UTC, datetime, timedelta
 
 import pytest
+from constants import KEY_AGE_INACTIVE, KEY_AGE_WARNING
 from errors import TemplateDataError
 from utils import (
     action_armed_state_message,
@@ -427,7 +428,7 @@ def test_delete_action_not_armed(self, mocker):
 
         result = action_armed_state_message("Delete", is_armed=False)
 
-        assert result == "would be marked for deletion"
+        assert result == "would be deleted"
 
     def test_disable_action_armed(self, mocker):
         """Test disable action when armed."""
@@ -445,14 +446,29 @@ def test_disable_action_not_armed(self, mocker):
 
         assert result == "would be marked 'Inactive'"
 
-    def test_other_action_returns_none(self, mocker):
+    def test_warn_action_returns_armed_message(self, mocker):
         """Test other actions return None."""
         mocker.patch("utils.DELETE_ACTION", "Delete")
         mocker.patch("utils.DISABLE_ACTION", "Disable")
 
         result = action_armed_state_message("Warning", is_armed=True)
 
-        assert result is None
+        assert result == (
+            f"is older than {KEY_AGE_WARNING} days and will be "
+            f"disabled at {KEY_AGE_INACTIVE} days"
+        )
+
+    def test_warn_action_returns_unarmed_message(self, mocker):
+        """Test other actions return None."""
+        mocker.patch("utils.DELETE_ACTION", "Delete")
+        mocker.patch("utils.DISABLE_ACTION", "Disable")
+
+        result = action_armed_state_message("Warning", is_armed=False)
+
+        assert result == (
+            f"is older than {KEY_AGE_WARNING} days and would be "
+            f"disabled at {KEY_AGE_INACTIVE} days"
+        )
 
     def test_exempt_action_returns_none(self, mocker):
         """Test exempt action returns None."""