Two-step verification for admins policy reduction throws exeption

[ebarti]

🐛 Summary

When evaluating the following policy in my environment, scubagoggles throws an uncaught exception as there is no group named WORKSPACE_ALL_ADMIN_GROUP. The org unit listed is root.

{
  "name" : "policies/awz2frpjeslov265asjnvrfpueffg",
  "customer" : "customers/C03krtfe4",
  "policyQuery" : {
    "query" : "entity.groups.exists(group, group.group_id == groupId('WORKSPACE_ALL_ADMIN_GROUP')) && entity.org_units.exists(org_unit, org_unit.org_unit_id == orgUnitId('04jha4ab0pkg0mx'))",
    "orgUnit" : "orgUnits/04jha4ab0pkg0mx",
    "group" : "WORKSPACE_ALL_ADMIN_GROUP",
    "sortOrder" : 399.00055
  },
  "setting" : {
    "type" : "settings/security.two_step_verification_enforcement",
    "value" : {
      "enforcedFrom" : "2024-01-30T05:30:00Z"
    }
  },
  "type" : "SYSTEM"
}

Exception:

To reproduce

Steps to reproduce the behavior:

1. Do this
2. Then this

Expected behavior

What did you expect to happen that didn't?

Any helpful log output or screenshots

Paste the results here:

File "/Users/XX/Github/ScubaGoggles/scubagoggles/policy_api.py", line 596, in _reduce
    group_name = self._group_id_map[group_id]
KeyError: 'WORKSPACE_ALL_ADMIN_GROUP'

Add any screenshots of the problem here.