You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
FG_R00252 incorrectly identifies KMS keys as publicly accessible. Specifically, key_not_public.rego does not appear to distinguish between an Allow and a Deny statement.
How you're running Regula
% regula version ✘ 1
v2.10.0, build fd60949, built with OPA v0.43.1
% terraform version
Terraform v1.3.7
on darwin_arm64
Terraform JSON plan output using version above (de-identified plan here)
Operating System
macOS Monterey (12.6.3) Darwin MHQYFNHR7K 21.6.0 Darwin Kernel Version 21.6.0: Mon Dec 19 20:43:09 PST 2022; root:xnu-8020.240.18~2/RELEASE_ARM64_T6000 arm64
Steps to reproduce
Copy key_not_public.rego from GitHub: regula run --no-built-ins test.json --include key_not_public.rego
Additional context
Looking through key_not_public.rego at least one problem seems to be all_principals doesn't distinguish whether the policy rule is Effect: deny
The text was updated successfully, but these errors were encountered:
Describe the bug
FG_R00252 incorrectly identifies KMS keys as publicly accessible. Specifically,
key_not_public.regodoes not appear to distinguish between an Allow and a Deny statement.How you're running Regula
Terraform JSON plan output using version above (de-identified plan here)
Operating System
macOS Monterey (12.6.3)
Darwin MHQYFNHR7K 21.6.0 Darwin Kernel Version 21.6.0: Mon Dec 19 20:43:09 PST 2022; root:xnu-8020.240.18~2/RELEASE_ARM64_T6000 arm64Steps to reproduce
Copy
key_not_public.regofrom GitHub:regula run --no-built-ins test.json --include key_not_public.regoAdditional context
Looking through
key_not_public.regoat least one problem seems to beall_principalsdoesn't distinguish whether the policy rule isEffect: denyThe text was updated successfully, but these errors were encountered: