metahertz
commented
3 years ago As per discussion in slack, this seems like an issue with timezone boundaries based on the local user, looking into this, think it's potentially that a date in the future (future, being from a viewpoint of UTC) will end up as a negative number of days in the code, and we're using -1 as "never".
Need to make sure we're normalising all dates to UTC to match AWS's API's. This wouldn't have mattered < 0.1.42 as we weren't using a negative to mean anything, and -0.3 is still < 90 days
I get different results between version 0.1.41 and 0.1.42 with the same cache and default day detection settings.
The following 132 roles are unused: (0.1.42) The following 69 roles are unused: (0.1.41)
Altering the cache for each item that was access today (12-03) to yesterday (12-02) shows parity to 0.1.41.
The following 69 roles are unused:
See also this discussion in slack : https://codifiedsecurity.slack.com/archives/C01A47BRV50/p1607037078001600