Skip to content

🐛 Fix S3 bucket ARN validation for GovCloud and China partitions#6921

Merged
tas50 merged 1 commit intomainfrom
tsmith/fix-s3-arn-validation
Mar 16, 2026
Merged

🐛 Fix S3 bucket ARN validation for GovCloud and China partitions#6921
tas50 merged 1 commit intomainfrom
tsmith/fix-s3-arn-validation

Conversation

@tas50
Copy link
Copy Markdown
Member

@tas50 tas50 commented Mar 16, 2026

Summary

  • Replace hardcoded arn:aws:s3: prefix check in initAwsS3Bucket with proper arn.Parse() + service validation
  • This fixes S3 bucket ARN validation rejecting valid GovCloud (arn:aws-us-gov:s3:::bucket) and China (arn:aws-cn:s3:::bucket) partition ARNs
  • Rename local arn variable to arnVal to avoid conflict with the arn package import

Test plan

  • Added unit test TestS3BucketArnValidation covering standard, GovCloud, China, wrong-service, non-ARN, and empty-string cases
  • Verify go build ./providers/aws/... compiles cleanly
  • Verify go test ./providers/aws/resources/ -run TestS3BucketArnValidation passes
  • Interactive test with GovCloud account: mql run aws -c "aws.s3.buckets { arn }"

🤖 Generated with Claude Code

@tas50 @claude
🐛 Fix S3 bucket ARN validation to support GovCloud and China partitions
6191ddf 
The ARN validation in initAwsS3Bucket used a hardcoded "arn:aws:s3:"
prefix check which rejected valid ARNs from aws-us-gov and aws-cn
partitions. Replace with proper arn.Parse() + service check.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
mondoo-code-review[bot]
mondoo-code-review bot approved these changes Mar 16, 2026
View reviewed changes
Copy link
Copy Markdown

@mondoo-code-review mondoo-code-review bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixes S3 bucket ARN validation to support GovCloud and China partitions.

@tas50 tas50 changed the title Fix S3 bucket ARN validation for GovCloud and China partitions ⭐ Fix S3 bucket ARN validation for GovCloud and China partitions Mar 16, 2026
@tas50 tas50 changed the title ⭐ Fix S3 bucket ARN validation for GovCloud and China partitions 🐛 Fix S3 bucket ARN validation for GovCloud and China partitions Mar 16, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 16, 2026

Test Results

5 459 tests   5 455 ✅  2m 0s ⏱️
  412 suites      4 💤
   31 files        0 ❌

Results for commit 6191ddf.

@tas50 tas50 merged commit 33afbff into main Mar 16, 2026
22 checks passed
@tas50 tas50 deleted the tsmith/fix-s3-arn-validation branch March 16, 2026 05:29
@github-actions github-actions bot locked and limited conversation to collaborators Mar 16, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@mondoo-code-review mondoo-code-review[bot] mondoo-code-review[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tas50