Merge pull request #2160 from crossplane-contrib/backport-2153-to-rel…

…ease-0.51
crossplane-contrib · Feb 3, 2025 · 7982740 · 7982740
2 parents f6c4d7b + f3b9667
commit 7982740
Show file tree

Hide file tree

Showing 2 changed files with 68 additions and 0 deletions.
diff --git a/pkg/controller/lambda/permission/policy.go b/pkg/controller/lambda/permission/policy.go
@@ -35,6 +35,7 @@ func (p *policyPrincipal) UnmarshalJSON(data []byte) error {
 	}
 
 	p.Service = pp.Service
+	p.AWS = pp.AWS
 	return nil
 }
 
@@ -45,6 +46,7 @@ type policyCondition struct {
 
 type policyPrincipal struct {
 	Service *string `json:"Service,omitempty"`
+	AWS     *string `json:"AWS,omitempty"`
 }
 
 type _policyPrincipal policyPrincipal
@@ -62,6 +64,9 @@ func (p *policyStatement) GetPrincipal() string {
 	if p.Principal.Service != nil {
 		return *p.Principal.Service
 	}
+	if p.Principal.AWS != nil {
+		return *p.Principal.AWS
+	}
 	return ""
 }
 

diff --git a/pkg/controller/lambda/permission/policy_test.go b/pkg/controller/lambda/permission/policy_test.go
@@ -58,6 +58,17 @@ func TestUnmarshalPolicyPrincipal(t *testing.T) {
 				err: nil,
 			},
 		},
+		"PrincipalObjectAWS": {
+			args: args{
+				rawPolicy: `{"AWS":"aws:arn:iam:::role/test"}`,
+			},
+			want: want{
+				result: policyPrincipal{
+					AWS: stringPtr("aws:arn:iam:::role/test"),
+				},
+				err: nil,
+			},
+		},
 	}
 	for name, tc := range cases {
 		t.Run(name, func(t *testing.T) {
@@ -225,6 +236,58 @@ func TestUnmarshalPolicy(t *testing.T) {
 				err: nil,
 			},
 		},
+		"UnmarshalPolicyWithAWSObjectAsPrincipal": {
+			args: args{
+				rawPolicy: `{
+					"Version":"version",
+					"Id":"default",
+					"Statement":[
+						{
+							"Sid": "sid",
+							"Effect": "effect",
+							"Principal": {
+								"AWS": "arn"
+							},
+							"Action": "action",
+							"Resource": "resource",
+							"Condition": {
+								"StringEquals": {
+									"equals1": "foo"
+								},
+								"ArnLike": {
+									"like2": "bar"
+								}
+							}
+						}
+					]
+				}`,
+			},
+			want: want{
+				result: &policyDocument{
+					Version: "version",
+					Statement: []policyStatement{
+						{
+							Sid:      "sid",
+							Effect:   "effect",
+							Action:   "action",
+							Resource: "resource",
+							Principal: policyPrincipal{
+								AWS: stringPtr("arn"),
+							},
+							Condition: policyCondition{
+								ArnLike: map[string]string{
+									"like2": "bar",
+								},
+								StringEquals: map[string]string{
+									"equals1": "foo",
+								},
+							},
+						},
+					},
+				},
+				err: nil,
+			},
+		},
 	}
 
 	for name, tc := range cases {