-
Notifications
You must be signed in to change notification settings - Fork 363
/
policy.go
79 lines (66 loc) · 3.36 KB
/
policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package iam
import (
"context"
"net/url"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/iam"
iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types"
"github.com/aws/aws-sdk-go-v2/service/sts"
"github.com/crossplane-contrib/provider-aws/apis/iam/v1beta1"
"github.com/crossplane-contrib/provider-aws/pkg/utils/pointer"
policyutils "github.com/crossplane-contrib/provider-aws/pkg/utils/policy"
)
// PolicyClient is the external client used for Policy Custom Resource
type PolicyClient interface {
GetPolicy(ctx context.Context, input *iam.GetPolicyInput, opts ...func(*iam.Options)) (*iam.GetPolicyOutput, error)
CreatePolicy(ctx context.Context, input *iam.CreatePolicyInput, opts ...func(*iam.Options)) (*iam.CreatePolicyOutput, error)
DeletePolicy(ctx context.Context, input *iam.DeletePolicyInput, opts ...func(*iam.Options)) (*iam.DeletePolicyOutput, error)
GetPolicyVersion(ctx context.Context, input *iam.GetPolicyVersionInput, opts ...func(*iam.Options)) (*iam.GetPolicyVersionOutput, error)
CreatePolicyVersion(ctx context.Context, input *iam.CreatePolicyVersionInput, opts ...func(*iam.Options)) (*iam.CreatePolicyVersionOutput, error)
ListPolicyVersions(ctx context.Context, input *iam.ListPolicyVersionsInput, opts ...func(*iam.Options)) (*iam.ListPolicyVersionsOutput, error)
DeletePolicyVersion(ctx context.Context, input *iam.DeletePolicyVersionInput, opts ...func(*iam.Options)) (*iam.DeletePolicyVersionOutput, error)
TagPolicy(ctx context.Context, input *iam.TagPolicyInput, opts ...func(*iam.Options)) (*iam.TagPolicyOutput, error)
UntagPolicy(ctx context.Context, input *iam.UntagPolicyInput, opts ...func(*iam.Options)) (*iam.UntagPolicyOutput, error)
}
// STSClient is the external client used for STS
type STSClient interface {
GetCallerIdentity(ctx context.Context, input *sts.GetCallerIdentityInput, opts ...func(*sts.Options)) (*sts.GetCallerIdentityOutput, error)
}
// NewPolicyClient returns a new client using AWS credentials as JSON encoded data.
func NewPolicyClient(cfg aws.Config) PolicyClient {
return iam.NewFromConfig(cfg)
}
// NewSTSClient creates a new STS Client.
func NewSTSClient(cfg aws.Config) STSClient {
return sts.NewFromConfig(cfg)
}
// IsPolicyUpToDate checks whether there is a change in any of the modifiable fields in policy.
func IsPolicyUpToDate(in v1beta1.PolicyParameters, policy iamtypes.PolicyVersion) (bool, string, error) {
externalPolicyRaw := pointer.StringValue(policy.Document)
if externalPolicyRaw == "" || in.Document == "" {
return false, "", nil
}
return IsPolicyDocumentUpToDate(in.Document, policy.Document)
}
// IsPolicyDocumentUpToDate checks whether there is a change in any of the modifiable fields in policy.
func IsPolicyDocumentUpToDate(in string, policy *string) (bool, string, error) {
unescapedPolicy, err := url.QueryUnescape(aws.ToString(policy))
if err != nil {
return false, "", err
}
externpolicy, err := policyutils.ParsePolicyString(unescapedPolicy)
if err != nil {
return false, "", err
}
specPolicy, err := policyutils.ParsePolicyString(in)
if err != nil {
return false, "", err
}
areEqual, diff := policyutils.ArePoliciesEqal(&specPolicy, &externpolicy)
return areEqual, diff, nil
}
// ValidatePolicyObject tries to parse the raw policy into a Policy object.
func ValidatePolicyObject(policy string) error {
_, err := policyutils.ParsePolicyString(policy)
return err
}