Potential Failed-by-Default ECR policy test case for resource-based policy scan

[GohEeEn]

Describe the bug The provided mock_data provides a failed-by-default test cases for _tests/test_resource_based_policy/test_ecr_policy_for_organizationsdependency.py, due to the limitation of ECR repository name, that are not supposed to contain any capital letter. The following mock data is the cause of this bug on file ./source/lambda/tests/test_resource_based_policy/mock_data.py:189-191 :

    {
        "MockResourceName": "ResourceWithNoPolicy",
    }

To Reproduce Run the ./source/run-all-tests.sh for custom-build of this solution, without an change to the repository code after exporting a valid AWS_REGION environment value (eg. us-west-1).

Expected behavior There should not have a false-by-default test case from the given mock_data, but fail by misconfiguration or wrongly modified IaC code.

Example Patch Add the .lower() function on the following code block to make the resource name into non-capital letter.

# ./source/lambda/tests/test_resource_based_policy/test_ecr_policy_for_organizations_dependency.py:35-37
ecr_client.create_repository(
    repositoryName=policy_object.get('MockResourceName').lower()
)

Please complete the following information about the solution:

• [x] Version: v1.0.4 [e.g. v1.0.0]

To get the version of the solution, you can look at the description of the created CloudFormation stack.

For example, "(SO0217) - The AWS CloudFormation hub template for deployment of the Account Assessment for AWS Organisations, Version: v1.0.0".

• [ ] Region: us-west-1 [e.g. us-east-1]
• [ ] Was the solution modified from the version published on this repository? No
• [ ] If the answer to the previous question was yes, are the changes available on GitHub? NA
• [ ] Have you checked your service quotas for the sevices this solution uses? NA
• [ ] Were there any errors in the CloudWatch Logs? NA

Screenshots

Additional context

• https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-create.html

[gockle]

Hi @GohEeEn Thanks for reporting the issue, we were able to replicate this issue, and we will push a fix in the in the next release.

[gockle]

This issue has been resolved in v1.0.5, closing this issue.