Open andrewhibbert opened 1 month ago
I assumed filters were ANDed but it looks to return the right information with these filters:
filters:
- and:
- type: bucket-encryption
bucket_key_enabled: False
- type: bucket-encryption
crypto: aws:kms
state: True
discussed in cncf c7n slack room https://cloud-native.slack.com/archives/C0280ENLPT7/p1717075826061559
effectively multiple attributes on this particular filter behave as "or"
at the moment the work around is to use to separate filters, I'm a little concerned about changing the implementation logic wrt to compatibility.
leaving this open as a reminder so we can add some documentation to the bucket-encryption filter docs.
Describe the bug
With the following policy:
I am seeing AES256 encrupted buckets
What did you expect to happen?
Not to see AES256 encrypted buckets
Cloud Provider
Amazon Web Services (AWS)
Cloud Custodian version and dependency information
Policy
Relevant log/traceback output
No response
Extra information or context
No response