It appears that the platform you run wonk may impact how case sensitive resources get deduped.

[donnoman]

I've been scratching my head to find out why my policies on AWS seem to not work but when I build the policies locally they all check out.

There's been a secondary problem I added some diffs, and I get wierd diffs if I push the policies from my mac workstation, vs let them get built and deployed by CI. (I've built a script to push the combined policies into IAM and I use a call to pull down the version already in IAM and diff them to make a decision if I need to kill a version to make room and replace it.)

I finally found some fire for my smoke:

On my local workstation doing a find all case sensitive to the arn I seem to keep missing in my deployed policy.

When I download of all the assets my CI built and deployed, and searched against it case sensitive.

None of the lower case versions of "arn:aws:s3:::sagemaker/*" are to be found in the CI built wonk policies.

Of these resources

        "Resource": [
            "arn:aws:s3:::*SageMaker*/*",
            "arn:aws:s3:::*Sagemaker*/*",
            "arn:aws:s3:::*sagemaker*/*"
        ]

The resulting policies when deployed by my CI only the following version survives,

        "Resource": [
            "arn:aws:s3:::*SageMaker*/*"
        ]

when I build the policies locally I can find all of the entries in my combined policies.

        "Resource": [
            "arn:aws:s3:::*SageMaker*/*",
            "arn:aws:s3:::*Sagemaker*/*",
            "arn:aws:s3:::*sagemaker*/*"
        ]

So I'm assuming there is something environment influencing whether the deduping is happening in a case insensitive fashion. Either linux level, or perhaps python level. I need to find the way to force it to be case sensitive.