Merge pull request #1790 from MisterMX/backport-1789-to-release-0.41

crossplane-contrib · Jun 23, 2023 · ad01095 · ad01095
2 parents 6a78699 + 6d34a80
commit ad01095
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 2 deletions.
diff --git a/pkg/clients/iam/policy.go b/pkg/clients/iam/policy.go
@@ -2,6 +2,7 @@ package iam
 
 import (
 	"context"
+	"net/url"
 
 	"github.com/crossplane-contrib/provider-aws/apis/iam/v1beta1"
 
@@ -49,7 +50,11 @@ func IsPolicyUpToDate(in v1beta1.PolicyParameters, policy iamtypes.PolicyVersion
 		return false, "", nil
 	}
 
-	externpolicy, err := policyutils.ParsePolicyString(externalPolicyRaw)
+	unescapedPolicy, err := url.QueryUnescape(aws.ToString(policy.Document))
+	if err != nil {
+		return false, "", err
+	}
+	externpolicy, err := policyutils.ParsePolicyString(unescapedPolicy)
 	if err != nil {
 		return false, "", err
 	}

diff --git a/pkg/controller/iam/policy/controller_test.go b/pkg/controller/iam/policy/controller_test.go
@@ -18,6 +18,7 @@ package policy
 
 import (
 	"context"
+	"net/url"
 
 	"testing"
 
@@ -61,7 +62,8 @@ var (
 		  }
 		]
 	  }`
-	boolFalse = false
+	documentURLEscaped = url.QueryEscape(document)
+	boolFalse          = false
 
 	errBoom = errors.New("boom")
 
@@ -209,6 +211,39 @@ func TestObserve(t *testing.T) {
 				},
 			},
 		},
+		"SuccessfulURLEscapedPolicy": {
+			args: args{
+				iam: &fake.MockPolicyClient{
+					MockGetPolicy: func(ctx context.Context, input *awsiam.GetPolicyInput, opts []func(*awsiam.Options)) (*awsiam.GetPolicyOutput, error) {
+						return &awsiam.GetPolicyOutput{
+							Policy: &awsiamtypes.Policy{},
+						}, nil
+					},
+					MockGetPolicyVersion: func(ctx context.Context, input *awsiam.GetPolicyVersionInput, opts []func(*awsiam.Options)) (*awsiam.GetPolicyVersionOutput, error) {
+						return &awsiam.GetPolicyVersionOutput{
+							PolicyVersion: &awsiamtypes.PolicyVersion{
+								Document: &documentURLEscaped,
+							},
+						}, nil
+					},
+				},
+				cr: policy(withSpec(v1beta1.PolicyParameters{
+					Document: document,
+					Name:     name,
+				}), withExternalName(policyArn)),
+			},
+			want: want{
+				cr: policy(withSpec(v1beta1.PolicyParameters{
+					Document: document,
+					Name:     name,
+				}), withExternalName(policyArn),
+					withConditions(xpv1.Available())),
+				result: managed.ExternalObservation{
+					ResourceExists:   true,
+					ResourceUpToDate: true,
+				},
+			},
+		},
 		"InValidInput": {
 			args: args{
 				cr: unexpectedItem,