Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No resources match for lambda:AddLayerVersionPermission #11

Closed
asantos-fuze opened this issue Nov 26, 2019 · 2 comments
Closed

No resources match for lambda:AddLayerVersionPermission #11

asantos-fuze opened this issue Nov 26, 2019 · 2 comments
Labels
bug Something isn't working

Comments

@asantos-fuze
Copy link

Hi,

I've been testing parliament and I've found what I believe is an issue.
I was not expecting it to fail agains this policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "TestPol",
            "Effect": "Allow",
            "Action": "lambda:AddLayerVersionPermission",
            "Resource": "arn:aws:lambda:*:123456789012:layer:sol-*:*"
        }
    ]
}
# parliament --file policy3.json
INVALID - No resources match for lambda:AddLayerVersionPermission which requires a resource format of arn:*:lambda:*:*:layer:*:* for the resource layerVersion* - {'filepath': None}

On the DOCs we have

arn:${Partition}:lambda:${Region}:${Account}:layer:${LayerName}:${LayerVersion}

Do I have to have explicit * instead of a account if and layer name?
@0xdabbad00
Copy link
Collaborator

0xdabbad00 commented Nov 26, 2019
edited
Loading

This looks like a bug in parliament. I'm guessing it doesn't it doesn't like that sol-* allows it to match until the end, but then there is a :* at the end. Your policy looks correct to me so I'll look into fixing this.

@0xdabbad00 0xdabbad00 added the bug Something isn't working label Nov 26, 2019
@0xdabbad00 0xdabbad00 mentioned this issue Jan 7, 2020
Closed
0xdabbad00 added a commit to 0xdabbad00/parliament that referenced this issue Jan 7, 2020
@0xdabbad00
Hack to fix new glob intersection test cases; Resolves duo-labs#32 and
525d936 
…duo-labs#11
@0xdabbad00 0xdabbad00 mentioned this issue Jan 7, 2020
Closed
0xdabbad00 added a commit that referenced this issue Jan 7, 2020
@0xdabbad00
Merge pull request #37 from 0xdabbad00/fix_32
fdacbf6 
Hack to fix new glob intersection test cases; Resolves #32 and #11
@0xdabbad00
Copy link
Collaborator

Should be resolved in #37

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@0xdabbad00 @asantos-fuze