Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing details for iam_role and iam_policy #551

Open
glasswalk3r opened this issue Oct 28, 2021 · 0 comments
Open

Missing details for iam_role and iam_policy #551

glasswalk3r opened this issue Oct 28, 2021 · 0 comments

Comments

@glasswalk3r
Copy link
Contributor

In both cases, when testing description and tags, the data is not available even though both resources do have such attributes with defined values.

Here is an example:

describe iam_policy('sdp_ses_smtp') do
  it { should exist }
  it { should be_attachable }
  its(:description) { should_not be_nil }
end

The description validation will fail.

By just printing the subject with puts, I got this:

{:policy_name=>"foobar", :policy_id=>"ANPAQS7BASQSDUI4JLH7I", :arn=>"arn:aws:iam::012345678910:policy/foobar", :path=>"/", :default_version_id=>"v1", :attachment_count=>1, :permissions_boundary_usage_count=>0, :is_attachable=>true, :description=>nil, :create_date=>2021-07-08 21:18:21 UTC, :update_date=>2021-07-08 21:18:21 UTC, :tags=>[]}

But if I go with the same SDK client and use get_policy to retrieve the IAM policy, both description and flags values are available.

Looking at the implementation of awspec, this seems to be related to the use of list_policies within the related finder instead of get_policy. Here is an sample from a pry session:

  [1] pry(main)> require 'aws-sdk-iam'
  => true
  [2] pry(main)> c = Aws::IAM::Client.new
  => #<Aws::IAM::Client>
  [3] pry(main)> c.list_policies
  => #<struct Aws::IAM::Types::ListPoliciesResponse
   policies=
    [#<struct Aws::IAM::Types::Policy
      policy_name="AmazonEKSClusterAutoscalerPolicy",
      policy_id="ANPAQS7BASQSOXYGXTSBV",
      arn="arn:aws:iam::012345678910:policy/AmazonEKSClusterAutoscalerPolicy",
      path="/",
      default_version_id="v1",
      attachment_count=1,
      permissions_boundary_usage_count=0,
      is_attachable=true,
      description=nil,
      create_date=2021-06-09 15:48:34 UTC,
      update_date=2021-06-09 15:48:34 UTC,
      tags=[]>,
     #<struct Aws::IAM::Types::Policy
      policy_name="AWS-Chatbot-NotificationsOnly-Policy-187002e4-219e-4f83-a096-d8397602699f",
      policy_id="ANPAQS7BASQSLTESXTREA",
      arn="arn:aws:iam::012345678910:policy/service-role/AWS-Chatbot-NotificationsOnly-Policy-187002e4-219e-4f83-a096-d8397602699f",
      path="/service-role/",
      default_version_id="v1",
      attachment_count=1,
      permissions_boundary_usage_count=0,
      is_attachable=true,
      description=nil,
      create_date=2021-04-29 19:09:00 UTC,
      update_date=2021-04-29 19:09:00 UTC,
      tags=[]>,

The example same thing happens with iam_role.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@glasswalk3r