It appears that the platform you run wonk may impact how case sensitive resources get deduped. #9
Description
I've been scratching my head to find out why my policies on AWS seem to not work but when I build the policies locally they all check out.
There's been a secondary problem I added some diffs, and I get wierd diffs if I push the policies from my mac workstation, vs let them get built and deployed by CI. (I've built a script to push the combined policies into IAM and I use a call to pull down the version already in IAM and diff them to make a decision if I need to kill a version to make room and replace it.)
I finally found some fire for my smoke:
On my local workstation doing a find all case sensitive to the arn I seem to keep missing in my deployed policy.
When I download of all the assets my CI built and deployed, and searched against it case sensitive.
None of the lower case versions of "arn:aws:s3:::sagemaker/*" are to be found in the CI built wonk policies.
Of these resources
"Resource": [
"arn:aws:s3:::*SageMaker*/*",
"arn:aws:s3:::*Sagemaker*/*",
"arn:aws:s3:::*sagemaker*/*"
]
The resulting policies when deployed by my CI only the following version survives,
"Resource": [
"arn:aws:s3:::*SageMaker*/*"
]
when I build the policies locally I can find all of the entries in my combined policies.
"Resource": [
"arn:aws:s3:::*SageMaker*/*",
"arn:aws:s3:::*Sagemaker*/*",
"arn:aws:s3:::*sagemaker*/*"
]
So I'm assuming there is something environment influencing whether the deduping is happening in a case insensitive fashion. Either linux level, or perhaps python level. I need to find the way to force it to be case sensitive.