Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot use skip-resource-constraints: with --minimize #405

Open
jtdoepke opened this issue May 5, 2022 · 0 comments
Open

Cannot use skip-resource-constraints: with --minimize #405

jtdoepke opened this issue May 5, 2022 · 0 comments

Comments

@jtdoepke
Copy link

jtdoepke commented May 5, 2022

Evaluating a CRUD policy template with the skip-resource-constraints: key and the --minimize flag set results in an error. For example:

mode: crud
name: 'Example'

wildcard-only:
  service-read: ['s3']
  service-list: ['s3']

skip-resource-constraints:
 - 's3:GetBucketVersioning'

results in

$ policy_sentry --version
policy_sentry, version 0.12.3

$ policy_sentry write-policy --input-file example.yaml --minimize=0

Traceback (most recent call last):
  File "/home/jdoepke/.local/pipx/venvs/policy-sentry/lib/python3.8/site-packages/policy_sentry/util/arns.py", line 165, in parse_arn
    "partition": elements[1],
IndexError: list index out of range

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/jdoepke/.local/bin/policy_sentry", line 8, in <module>
    sys.exit(main())
  File "/home/jdoepke/.local/pipx/venvs/policy-sentry/lib/python3.8/site-packages/policy_sentry/bin/cli.py", line 26, in main
    policy_sentry()
  File "/home/jdoepke/.local/pipx/venvs/policy-sentry/lib/python3.8/site-packages/click/core.py", line 1137, in __call__
    return self.main(*args, **kwargs)
  File "/home/jdoepke/.local/pipx/venvs/policy-sentry/lib/python3.8/site-packages/click/core.py", line 1062, in main
    rv = self.invoke(ctx)
  File "/home/jdoepke/.local/pipx/venvs/policy-sentry/lib/python3.8/site-packages/click/core.py", line 1668, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/jdoepke/.local/pipx/venvs/policy-sentry/lib/python3.8/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/jdoepke/.local/pipx/venvs/policy-sentry/lib/python3.8/site-packages/click/core.py", line 763, in invoke
    return __callback(*args, **kwargs)
  File "/home/jdoepke/.local/pipx/venvs/policy-sentry/lib/python3.8/site-packages/policy_sentry/command/write_policy.py", line 111, in write_policy
    policy = write_policy_with_template(cfg, min_length)
  File "/home/jdoepke/.local/pipx/venvs/policy-sentry/lib/python3.8/site-packages/policy_sentry/command/write_policy.py", line 135, in write_policy_with_template
    policy = sid_group.process_template(cfg, minimize)
  File "/home/jdoepke/.local/pipx/venvs/policy-sentry/lib/python3.8/site-packages/policy_sentry/writing/sid_group.py", line 560, in process_template
    rendered_policy = self.get_rendered_policy(minimize)
  File "/home/jdoepke/.local/pipx/venvs/policy-sentry/lib/python3.8/site-packages/policy_sentry/writing/sid_group.py", line 262, in get_rendered_policy
    arn_details = parse_arn(stmt['Resource'][0])
  File "/home/jdoepke/.local/pipx/venvs/policy-sentry/lib/python3.8/site-packages/policy_sentry/util/arns.py", line 173, in parse_arn
    raise Exception("IndexError: The provided ARN '%s' is invalid. Please provide a valid ARN." % arn)
Exception: IndexError: The provided ARN '*' is invalid. Please provide a valid ARN.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jtdoepke