iasql icon indicating copy to clipboard operation
iasql copied to clipboard
verified publisher icon alantech

Research How Terraform is Handling JSON Policies

Open mtp1376 opened this issue 3 years ago • 1 comments

We can check how Terraform or other IaC apps are detecting the changes in JSON Policies and how are they checking if two policies are the same thing. We can read their codes to gain an understanding of their logic.

mtp1376 avatar Aug 20 '22 14:08 mtp1376

OK seems this issue with the AWS API has been known. Terraform has these checks for it:

The overall logic can be translated to TypeScript and I think this can help us find a way to handle it properly. I'll put the steps it's taking here.

mtp1376 avatar Aug 21 '22 16:08 mtp1376

Examples of our current ad-hoc handling of this issue are:

  • ECR
  • IAM
  • RDS (sort of, not a policy doc per se, but a similar issue)
  • S3 (not actually dealing with the issue, the module and its tests are just too simple to run into problems, yet)
  • VPC (also just haven't run into the issues, yet, because we're not stretching this in the test suite for this module)

dfellis avatar Aug 29 '22 17:08 dfellis