bug: kms/customer_policy_blocked_kms_actions.sql needs to use lowercased 'Resource', 'Action' for at where statement #13770
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
KMS.1 control.
Like inline_policy_blocked_kms_actions.sql, that sql should use 'lowercase'.
Expected Behavior
Patch it works:
diff --git a/plugins/source/aws/policies/queries/kms/customer_policy_blocked_kms_actions.sql b/plugins/source/aws/policies/queries/kms/customer_policy_blocked_kms_actions.sql
index d8cdde51a..5a9681a75 100644
--- a/plugins/source/aws/policies/queries/kms/customer_policy_blocked_kms_actions.sql
+++ b/plugins/source/aws/policies/queries/kms/customer_policy_blocked_kms_actions.sql
@@ -23,8 +23,8 @@ violations as (
arn like 'arn:aws:iam::aws:policy%' or arn like 'arn:aws-us-gov:iam::aws:policy%'
)
and statement ->> 'Effect' = 'Allow'
- AND statement -> 'Resource'?| array['*', 'arn:aws:kms:*:' || account_id || ':key/*', 'arn:aws:kms:*:' || account_id || ':alias/*'] -- noqa
- AND statement -> 'Action' ?| array['*', 'kms:*', 'kms:decrypt', 'kms:reencryptfrom', 'kms:reencrypt*'] -- noqa
+ AND lower(statement::TEXT)::JSONB -> 'resource'?| array['*', 'arn:aws:kms:*:' || account_id || ':key/*', 'arn:aws:kms:*:' || account_id || ':alias/*'] -- noqa
+ AND lower(statement::TEXT)::JSONB -> 'action' ?| array['*', 'kms:*', 'kms:decrypt', 'kms:reencryptfrom', 'kms:reencrypt*'] -- noqa
)
select
CloudQuery (redacted) config
N/A
Steps To Reproduce
No response
CloudQuery (redacted) logs
N/A
CloudQuery version
main
Additional Context
No response
Pull request (optional)
- I can submit a pull request
Metadata
Metadata
Assignees
Labels
No labels