/
policies.go
98 lines (79 loc) · 2.17 KB
/
policies.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package restapi
import (
"encoding/json"
"regexp"
"strconv"
"github.com/crossplane/crossplane-runtime/pkg/errors"
"github.com/google/go-cmp/cmp"
aws "github.com/crossplane/provider-aws/pkg/clients"
apigwclient "github.com/crossplane/provider-aws/pkg/clients/apigateway"
)
func normalizePolicy(p *string) (*string, error) {
if p == nil {
return p, nil
}
mappedPol, err := policyStringToMap(p)
if err != nil {
return nil, errors.Wrap(err, "cannot conv to normalize")
}
return policyMapToString(mappedPol)
}
type wrapper struct {
Data string
}
func policyEscapedStringToMap(p *string) (map[string]interface{}, error) {
if p == nil {
return nil, nil
}
var wrapper wrapper
val := []byte("{\"data\":" + `"` + *p + `"` + "}")
if err := json.Unmarshal(val, &wrapper); err != nil {
return nil, errors.Wrap(err, "cannot unmarshal policy")
}
var pol map[string]interface{}
if err := json.Unmarshal([]byte(wrapper.Data), &pol); err != nil {
return nil, errors.Wrap(err, "cannot unmarshal policy")
}
return pol, nil
}
func policyStringToMap(p *string) (map[string]interface{}, error) {
if p == nil {
return nil, nil
}
var pol map[string]interface{}
err := json.Unmarshal([]byte(*p), &pol)
if err != nil {
return nil, err
}
return pol, nil
}
func policyMapToString(p map[string]interface{}) (*string, error) {
if p == nil {
return nil, nil
}
parsed, err := json.Marshal(p)
if err != nil {
return nil, errors.Wrap(err, "cannot marshal policy")
}
return aws.String(string(parsed)), nil
}
func policiesAreKindOfTheSame(a map[string]interface{}, b map[string]interface{}) (bool, error) {
if a != nil && b != nil {
polPatch, err := apigwclient.GetJSONPatch(a, b)
if err != nil {
return false, errors.Wrap(err, "cannot compute jsonpatch")
}
for _, p := range polPatch {
re := regexp.MustCompile(`/Statement/(\d+)/Resource`)
if p.Operation != "replace" || !re.MatchString(p.Path) {
return false, nil
}
index, _ := strconv.Atoi(re.FindString(p.Path))
if a["Statement"].([]interface{})[index].(map[string]interface{})["Resource"] != "execute-api:/*/*/*" {
return false, nil
}
}
return true, nil
}
return cmp.Equal(a, b), nil
}