aws - cross-account filter - use case-insensitive checks for allowed …

…condition keys (cloud-custodian#7889)
newscorp-ghfb · Nov 21, 2022 · e941054 · e941054
1 parent 3e5992c
commit e941054
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/c7n/filters/iamaccess.py b/c7n/filters/iamaccess.py
@@ -72,7 +72,7 @@ def check_actions(self):
 
     @property
     def whitelist_conditions(self):
-        return self.checker_config.get('whitelist_conditions', ())
+        return set(v.lower() for v in self.checker_config.get('whitelist_conditions', ()))
 
     @property
     def allowed_vpce(self):

diff --git a/tests/test_iam.py b/tests/test_iam.py
@@ -1950,6 +1950,7 @@ def test_sns_cross_account_endpoint_condition(self):
                     {
                         "type": "cross-account",
                         "whitelist_endpoints": ["@whitelist.com"],
+                        "whitelist_conditions": ["aws:UserName"]
                     },
                 ],
             },
-Original file line number
+Diff line change
@@ Expand Up / @@ -1950,6 +1950,7 @@ def test_sns_cross_account_endpoint_condition(self): @@
                         {
                             "type": "cross-account",
                             "whitelist_endpoints": ["@whitelist.com"],
+                            "whitelist_conditions": ["aws:UserName"]
                         },
                     ],
                 },
@@ Expand Down @@