Fix IAM policy naming for inline policies with empty string Sid field. #1389
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
achantavy
approved these changes
Nov 23, 2024
chandanchowdhury
pushed a commit
to chandanchowdhury/cartography
that referenced
this pull request
Nov 27, 2024
cartography-cncf#1389) ### Summary > AWS is breaking its own rules for some roles it has created in IdentityCenter. IdentityCenter created roles with inline policies that can have multiple statements, all with the Sid of an empty string. This means cartography will only load the last statement as they will all have the same AWSPolicyStatement.id. This change checks if the Sid is an empty string and uses the index numbering if it is encountered. ### Related issues or links > Include links to relevant issues or other pages. - https://github.com/lyft/cartography/issues/... ### Checklist Provide proof that this works (this makes reviews move faster). Please perform one or more of the following: - [ ] Update/add unit or integration tests. - [ ] Include a screenshot showing what the graph looked like before and after your changes. - [ ] Include console log trace showing what happened before and after your changes. If you are changing a node or relationship: - [ ] Update the [schema](https://github.com/lyft/cartography/tree/master/docs/root/modules) and [readme](https://github.com/lyft/cartography/blob/master/docs/schema/README.md). If you are implementing a new intel module: - [ ] Use the NodeSchema [data model](https://cartography-cncf.github.io/cartography/dev/writing-intel-modules.html#defining-a-node). Co-authored-by: = <=> Co-authored-by: Alex Chantavy <[email protected]> Signed-off-by: chandanchowdhury <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Related issues or links
Checklist
Provide proof that this works (this makes reviews move faster). Please perform one or more of the following:
If you are changing a node or relationship:
If you are implementing a new intel module: