terraform-policymaker
terraform-policymaker copied to clipboard
scottwinkler
Test is not correct
I've executed the code with all defaults inside the root, but the result for the provided test seems to be wrong:
➜ terraform-policymaker git:(master) ✗ ./terraform-policymaker
Getting plan as JSON
######### New Policy
######### Policy created: aws_policy.json
➜ terraform-policymaker git:(master) ✗ cat aws_policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [],
"Resource": "*"
}
]
}
%
Am I doing something wrong here?
Hello! I found out that the newer versions of the terraform-provider-aws are not compatible with this project. There is a workaround:
- Make sure you have run the executable at least once. There should be a
terraform-provider-awsdirectory.
cd terraform-provider-aws
git checkout e7cd260316a08a7e071e65f8b4a326d8f452a88f # This is a commit from Jan 3, 2020
cd ..
rm aws_resource_mapping.json
go build
./terraform-policymaker
- Make sure you have run the executable at least once
Which executable exactly?
Which executable exactly?
The one that is generated after running go build: ./terraform-policymaker
The newer terraform-provider-aws no longer has data_source and resource prefixes on the file names that this program is looking for.
Unfortunately the older provider repo is only mostly compatible. It produces some mappings with nonsense in them, like this:
"resource_aws_opsworks_stack":["opsworks:Config.Region); err != nil {\n\t\t\t\tlog.Printf","opsworks:CreateStack","opsworks:UpdateStack","opsworks:DeleteStack","opsworks:DescribeStacks","opsworks:Config.Region != nil \u0026\u0026 *client.Config.Region != \"\" {\n\t\t\tlog.Printf","opsworks:Config.Region)\n\t\t\tif err := d.Set"],
And it also produces a lot of actions that seem to exist but the IAM linter says they don't.
Invalid Action: The action s3:DeleteBucketEncryption does not exist.