Blatantly wrong implementation of iam::simulate_principal_policy #12427
Comments
|
Welcome to LocalStack! Thanks for reporting your first issue and our team will be working towards fixing the issue for you or reach out for more background information. We recommend joining our Slack Community for real-time help and drop a message to LocalStack Pro Support if you are a Pro user! If you are willing to contribute towards fixing this issue, please have a look at our contributing guidelines and our contributing guide. |
|
Thanks for reporting this parity gap. We appreciate that you're making good use of LocalStack, and that you've been able to identify a gap in our implementation. Given that we support a large number of AWS services, and each service has numerous features, we find it very helpful when the community sends in these bug reports. It helps us know which fixes to treat as a high priority. Thanks 👍 |
|
The solution of this issue has been merged. Please download the latest version of the image. |
The
policy_source_arnparameter passed tosimulate_principal_policyin the LocalStack IAM provider is being erroneously assumed to be a policy URN (refer to:localstack/localstack-core/localstack/services/iam/provider.py
Line 171 in 0618277
This is blatantly incorrect and hasn't been fixed for many years. As per AWS, this parameter refers to a user, group, or role whose policies you want to include in the simulation. (refer to: AWS documentation https://docs.aws.amazon.com/cli/latest/reference/iam/simulate-principal-policy.html).
Because of this mistake, all correct calls to
simulate_principal_policy(where this parameter is a user, group or role ARN) fail on LocalStack.This is a big embarrassment to the entire LocalStack team and should be resolved ASAP.
The text was updated successfully, but these errors were encountered: