search

k1LoW / awspec

RSpec tests for your AWS resources.
MIT License
1.17k stars 194 forks source link

Missing details for iam_role and iam_policy #551

Open glasswalk3r opened 2 years ago

glasswalk3r commented 2 years ago

In both cases, when testing description and tags, the data is not available even though both resources do have such attributes with defined values.

Here is an example:

describe iam_policy('sdp_ses_smtp') do
  it { should exist }
  it { should be_attachable }
  its(:description) { should_not be_nil }
end

The description validation will fail.

By just printing the subject with puts, I got this:

{:policy_name=>"foobar", :policy_id=>"ANPAQS7BASQSDUI4JLH7I", :arn=>"arn:aws:iam::012345678910:policy/foobar", :path=>"/", :default_version_id=>"v1", :attachment_count=>1, :permissions_boundary_usage_count=>0, :is_attachable=>true, :description=>nil, :create_date=>2021-07-08 21:18:21 UTC, :update_date=>2021-07-08 21:18:21 UTC, :tags=>[]}

But if I go with the same SDK client and use get_policy to retrieve the IAM policy, both description and flags values are available.

Looking at the implementation of awspec, this seems to be related to the use of list_policies within the related finder instead of get_policy. Here is an sample from a pry session:

  [1] pry(main)> require 'aws-sdk-iam'
  => true
  [2] pry(main)> c = Aws::IAM::Client.new
  => #<Aws::IAM::Client>
  [3] pry(main)> c.list_policies
  => #<struct Aws::IAM::Types::ListPoliciesResponse
   policies=
    [#<struct Aws::IAM::Types::Policy
      policy_name="AmazonEKSClusterAutoscalerPolicy",
      policy_id="ANPAQS7BASQSOXYGXTSBV",
      arn="arn:aws:iam::012345678910:policy/AmazonEKSClusterAutoscalerPolicy",
      path="/",
      default_version_id="v1",
      attachment_count=1,
      permissions_boundary_usage_count=0,
      is_attachable=true,
      description=nil,
      create_date=2021-06-09 15:48:34 UTC,
      update_date=2021-06-09 15:48:34 UTC,
      tags=[]>,
     #<struct Aws::IAM::Types::Policy
      policy_name="AWS-Chatbot-NotificationsOnly-Policy-187002e4-219e-4f83-a096-d8397602699f",
      policy_id="ANPAQS7BASQSLTESXTREA",
      arn="arn:aws:iam::012345678910:policy/service-role/AWS-Chatbot-NotificationsOnly-Policy-187002e4-219e-4f83-a096-d8397602699f",
      path="/service-role/",
      default_version_id="v1",
      attachment_count=1,
      permissions_boundary_usage_count=0,
      is_attachable=true,
      description=nil,
      create_date=2021-04-29 19:09:00 UTC,
      update_date=2021-04-29 19:09:00 UTC,
      tags=[]>,

The example same thing happens with iam_role.