You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When testing the new aws.elasticsearch resources cross account filter and remove-statement action that elasticsearch errors out if after removing the bad policy statement, the policy is then blank as blank policies are not allowed.
To Reproduce
If the elasticsearch domain's policy only has 1 statement which is bad and you run a cross-account filter and remove-statement action it will error out.
Expected behavior
The remove-statements action would need to populate something for the policy if it is left blank after removing the matched/bad statements. Not sure what this would look like though.
Background (please complete the following information):
OS: Ubuntu V20
Python Version: [e.g. python 3.8.1] 3.8.5
Custodian Version: [e.g. 0.8.46.1] Main branch (non-release)
Tool Version: [if applicable] 0.9.8
Cloud Provider: [e.g. gcp, aws, azure] aws
Policy: [please exclude any account/sensitive information]
Describe the bug
When testing the new aws.elasticsearch resources cross account filter and remove-statement action that elasticsearch errors out if after removing the bad policy statement, the policy is then blank as blank policies are not allowed.
To Reproduce
If the elasticsearch domain's policy only has 1 statement which is bad and you run a cross-account filter and remove-statement action it will error out.
Expected behavior
The remove-statements action would need to populate something for the policy if it is left blank after removing the matched/bad statements. Not sure what this would look like though.
Background (please complete the following information):
custodian version --debug
outputAdditional context
Related to PR - ##6225
The text was updated successfully, but these errors were encountered: