Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test is not correct #1

Open
EduardSchwarzkopf opened this issue Nov 16, 2023 · 6 comments
Open

Test is not correct #1

EduardSchwarzkopf opened this issue Nov 16, 2023 · 6 comments

Comments

@EduardSchwarzkopf
Copy link

I've executed the code with all defaults inside the root, but the result for the provided test seems to be wrong:

➜  terraform-policymaker git:(master) ✗ ./terraform-policymaker                              
Getting plan as JSON
######### New Policy
######### Policy created: aws_policy.json
➜  terraform-policymaker git:(master) ✗ cat aws_policy.json                                  

        {
                "Version": "2012-10-17",
                "Statement": [
                        {
                                "Effect": "Allow",
                                "Action": [],
                                "Resource": "*"
                        }
                ]
        }
        %

Am I doing something wrong here?
@andreburto
Copy link

I'm getting the same when I try it with my configuration files.

@andrewlod
Copy link

Hello! I found out that the newer versions of the terraform-provider-aws are not compatible with this project. There is a workaround:

  • Make sure you have run the executable at least once. There should be a terraform-provider-aws directory.
cd terraform-provider-aws
git checkout e7cd260316a08a7e071e65f8b4a326d8f452a88f # This is a commit from Jan 3, 2020
cd ..
rm aws_resource_mapping.json
go build
./terraform-policymaker

@EduardSchwarzkopf
Copy link
Author

  • Make sure you have run the executable at least once

Which executable exactly?

@andrewlod
Copy link

Which executable exactly?

The one that is generated after running go build: ./terraform-policymaker

@sparr
Copy link

sparr commented Apr 26, 2024

The newer terraform-provider-aws no longer has data_source and resource prefixes on the file names that this program is looking for.

@sparr
Copy link

sparr commented Apr 26, 2024

Unfortunately the older provider repo is only mostly compatible. It produces some mappings with nonsense in them, like this:

"resource_aws_opsworks_stack":["opsworks:Config.Region); err != nil {\n\t\t\t\tlog.Printf","opsworks:CreateStack","opsworks:UpdateStack","opsworks:DeleteStack","opsworks:DescribeStacks","opsworks:Config.Region != nil \u0026\u0026 *client.Config.Region != \"\" {\n\t\t\tlog.Printf","opsworks:Config.Region)\n\t\t\tif err := d.Set"],

And it also produces a lot of actions that seem to exist but the IAM linter says they don't.

Invalid Action: The action s3:DeleteBucketEncryption does not exist.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sparr @andreburto @andrewlod @EduardSchwarzkopf