VPC-SC module does not enforce service filtering on ingress policies while using factories #2250

karpok78 · 2024-05-01T16:09:59Z

There seems to be a typo in the factory.tf file of the vpc-sc module.

Starting line 67 :

   ingress_policies = {
      for k, v in local._data.ingress_policies : k => {
        from = merge({
          access_levels = []
          identity_type = null
          identities    = null
          resources     = []
        }, try(v.from, {}))
        to = {
          operations = [
            for o in try(v.operations, []) : merge({
              method_selectors     = []
              permission_selectors = []
              service_name         = null
            }, o)
          ]
          resources = try(v.to.resources, [])
        }
      }
    }

The operations parameter is looping on v.operations instead of v.to.operations
This results in the service filters not to be applied on the policies.

The text was updated successfully, but these errors were encountered:

ludoo · 2024-05-01T16:25:21Z

Great find, I had fixed it at a customer and forgot to bring back the change here. Will send a PR shortly, thanks for flagging.

ludoo mentioned this issue May 1, 2024

Fix factory ingress policy services in vpc-sc module #2251

Merged

ludoo self-assigned this May 1, 2024

ludoo closed this as completed in #2251 May 1, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

VPC-SC module does not enforce service filtering on ingress policies while using factories #2250

VPC-SC module does not enforce service filtering on ingress policies while using factories #2250

karpok78 commented May 1, 2024

ludoo commented May 1, 2024

VPC-SC module does not enforce service filtering on ingress policies while using factories #2250

VPC-SC module does not enforce service filtering on ingress policies while using factories #2250

Comments

karpok78 commented May 1, 2024

ludoo commented May 1, 2024