Skip to content

Commit

Permalink
fix(iam): Decode policy document before parsing
Browse files Browse the repository at this point in the history
Signed-off-by: Maximilian Blatt (external expert on behalf of DB Netz) <[email protected]>
  • Loading branch information
MisterMX committed Jun 22, 2023
1 parent 6325483 commit 58341a0
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 2 deletions.
7 changes: 6 additions & 1 deletion pkg/clients/iam/policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package iam

import (
"context"
"net/url"

"github.com/crossplane-contrib/provider-aws/apis/iam/v1beta1"

Expand Down Expand Up @@ -49,7 +50,11 @@ func IsPolicyUpToDate(in v1beta1.PolicyParameters, policy iamtypes.PolicyVersion
return false, "", nil
}

externpolicy, err := policyutils.ParsePolicyString(externalPolicyRaw)
unescapedPolicy, err := url.QueryUnescape(aws.ToString(policy.Document))
if err != nil {
return false, "", err
}
externpolicy, err := policyutils.ParsePolicyString(unescapedPolicy)
if err != nil {
return false, "", err
}
Expand Down
37 changes: 36 additions & 1 deletion pkg/controller/iam/policy/controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package policy

import (
"context"
"net/url"

"testing"

Expand Down Expand Up @@ -61,7 +62,8 @@ var (
}
]
}`
boolFalse = false
documentURLEscaped = url.QueryEscape(document)
boolFalse = false

errBoom = errors.New("boom")

Expand Down Expand Up @@ -209,6 +211,39 @@ func TestObserve(t *testing.T) {
},
},
},
"SuccessfulURLEscapedPolicy": {
args: args{
iam: &fake.MockPolicyClient{
MockGetPolicy: func(ctx context.Context, input *awsiam.GetPolicyInput, opts []func(*awsiam.Options)) (*awsiam.GetPolicyOutput, error) {
return &awsiam.GetPolicyOutput{
Policy: &awsiamtypes.Policy{},
}, nil
},
MockGetPolicyVersion: func(ctx context.Context, input *awsiam.GetPolicyVersionInput, opts []func(*awsiam.Options)) (*awsiam.GetPolicyVersionOutput, error) {
return &awsiam.GetPolicyVersionOutput{
PolicyVersion: &awsiamtypes.PolicyVersion{
Document: &documentURLEscaped,
},
}, nil
},
},
cr: policy(withSpec(v1beta1.PolicyParameters{
Document: document,
Name: name,
}), withExternalName(policyArn)),
},
want: want{
cr: policy(withSpec(v1beta1.PolicyParameters{
Document: document,
Name: name,
}), withExternalName(policyArn),
withConditions(xpv1.Available())),
result: managed.ExternalObservation{
ResourceExists: true,
ResourceUpToDate: true,
},
},
},
"InValidInput": {
args: args{
cr: unexpectedItem,
Expand Down

0 comments on commit 58341a0

Please sign in to comment.