Skip to content

🐛 IAM user rules remain InProgress when service control policies are not used #502

New issue
New issue
Closed
#503
Closed
🐛 IAM user rules remain InProgress when service control policies are not used#502
#503
Labels
bugSomething isn't working
@mattwelke

Description

@mattwelke
mattwelke
opened on Nov 13, 2024

Description

When using an IAM user rule to check whether a user has expected permissions, if service control policies are not used, the ValidationResult remains in the InProgress state and the controller logs will show a panic.

Reproduction steps

1. Create a new AWS account and create a user for it.

2. Create and apply a rule like this:


apiVersion: validation.spectrocloud.labs/v1alpha1
kind: AwsValidator
metadata:
  name: awsvalidator-sample-iam-user
  namespace: validator
spec:
  auth:
    implicit: false
    secretName: <secret_name>
  defaultRegion: ca-central-1
  iamUserRules:
  - iamPolicies:
    - name: User Policy
      statements:
      - actions:
        - "s3:CreateBucket"
        effect: Allow
        resources:
        - "*"
      version: "2012-10-17"
    # to keep sample simple, validating ourself
    iamUserName: validator-user

Environment

n/a

Screenshots

No response

Logs

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions