Skip to content

Commit

Permalink
feat: extend AWS policy
Browse files Browse the repository at this point in the history
  • Loading branch information
adam.gloyne committed Jul 1, 2024
1 parent b586dd0 commit eef9cb9
Show file tree
Hide file tree
Showing 7 changed files with 144 additions and 41 deletions.
4 changes: 3 additions & 1 deletion src/LEGO.AsyncAPI.Bindings/Sns/SnsChannelBinding.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,10 @@ public class SnsChannelBinding : ChannelBinding<SnsChannelBinding>
private static FixedFieldMap<Statement> statementFixedFields = new()
{
{ "effect", (a, n) => { a.Effect = n.GetScalarValue().GetEnumFromDisplayName<Effect>(); } },
{ "principal", (a, n) => { a.Principal = StringOrStringList.Parse(n); } },
{ "principal", (a, n) => { a.Principal = n.CreateAny(); } },
{ "action", (a, n) => { a.Action = StringOrStringList.Parse(n); } },
{ "resource", (a, n) => { a.Resource = StringOrStringList.Parse(n); } },
{ "condition", (a, n) => { a.Condition = n.CreateAny(); } },
};

/// <inheritdoc/>
Expand Down
24 changes: 19 additions & 5 deletions src/LEGO.AsyncAPI.Bindings/Sns/Statement.cs
View file
Original file line number Diff line number Diff line change
@@ -1,28 +1,40 @@
// Copyright (c) The LEGO Group. All rights reserved.

namespace LEGO.AsyncAPI.Bindings.Sns
{
using System;
using System.Collections.Generic;
using LEGO.AsyncAPI.Attributes;
using LEGO.AsyncAPI.Models;
using LEGO.AsyncAPI.Models.Interfaces;
using LEGO.AsyncAPI.Writers;

public class Statement : IAsyncApiExtensible
{
/// <summary>
/// Indicates whether the policy allows or denies access.
/// </summary>
public Effect Effect { get; set; }

/// <summary>
/// The AWS account or resource ARN that this statement applies to.
/// The AWS account(s) or resource ARN(s) that this statement applies to.
/// </summary>
// public StringOrStringList Principal { get; set; }
public StringOrStringList Principal { get; set; }
public AsyncApiAny Principal { get; set; }

/// <summary>
/// The SNS permission being allowed or denied e.g. sns:Publish
/// </summary>
public StringOrStringList Action { get; set; }

/// <summary>
/// The resource(s) that this policy applies to.
/// </summary>
public StringOrStringList? Resource { get; set; }

/// <summary>
/// Specific circumstances under which the policy grants permission.
/// </summary>
public AsyncApiAny? Condition { get; set; }

public IDictionary<string, IAsyncApiExtension> Extensions { get; set; } = new Dictionary<string, IAsyncApiExtension>();

public void Serialize(IAsyncApiWriter writer)
Expand All @@ -34,8 +46,10 @@ public void Serialize(IAsyncApiWriter writer)

writer.WriteStartObject();
writer.WriteRequiredProperty("effect", this.Effect.GetDisplayName());
writer.WriteRequiredObject("principal", this.Principal, (w, t) => t.Value.Write(w));
writer.WriteRequiredObject("principal", this.Principal, (w, t) => t.Write(w));
writer.WriteRequiredObject("action", this.Action, (w, t) => t.Value.Write(w));
writer.WriteOptionalObject("resource", this.Resource, (w, t) => t?.Value.Write(w));
writer.WriteOptionalObject("condition", this.Condition, (w, t) => t?.Write(w));
writer.WriteExtensions(this.Extensions);
writer.WriteEndObject();
}
Expand Down
4 changes: 3 additions & 1 deletion src/LEGO.AsyncAPI.Bindings/Sqs/SqsChannelBinding.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,8 +64,10 @@ public class SqsChannelBinding : ChannelBinding<SqsChannelBinding>
private static FixedFieldMap<Statement> statementFixedFields = new()
{
{ "effect", (a, n) => { a.Effect = n.GetScalarValue().GetEnumFromDisplayName<Effect>(); } },
{ "principal", (a, n) => { a.Principal = StringOrStringList.Parse(n); } },
{ "principal", (a, n) => { a.Principal = n.CreateAny(); } },
{ "action", (a, n) => { a.Action = StringOrStringList.Parse(n); } },
{ "resource", (a, n) => { a.Resource = StringOrStringList.Parse(n); } },
{ "condition", (a, n) => { a.Condition = n.CreateAny(); } },
};

public override void SerializeProperties(IAsyncApiWriter writer)
Expand Down
4 changes: 3 additions & 1 deletion src/LEGO.AsyncAPI.Bindings/Sqs/SqsOperationBinding.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,10 @@ public class SqsOperationBinding : OperationBinding<SqsOperationBinding>
private static FixedFieldMap<Statement> statementFixedFields = new()
{
{ "effect", (a, n) => { a.Effect = n.GetScalarValue().GetEnumFromDisplayName<Effect>(); } },
{ "principal", (a, n) => { a.Principal = StringOrStringList.Parse(n); } },
{ "principal", (a, n) => { a.Principal = n.CreateAny(); } },
{ "action", (a, n) => { a.Action = StringOrStringList.Parse(n); } },
{ "resource", (a, n) => { a.Resource = StringOrStringList.Parse(n); } },
{ "condition", (a, n) => { a.Condition = n.CreateAny(); } },
};

public override void SerializeProperties(IAsyncApiWriter writer)
Expand Down
25 changes: 20 additions & 5 deletions src/LEGO.AsyncAPI.Bindings/Sqs/Statement.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,24 +5,37 @@ namespace LEGO.AsyncAPI.Bindings.Sqs
using System;
using System.Collections.Generic;
using LEGO.AsyncAPI.Attributes;
using LEGO.AsyncAPI.Models;
using LEGO.AsyncAPI.Models.Interfaces;
using LEGO.AsyncAPI.Writers;

public class Statement : IAsyncApiExtensible
{
/// <summary>
/// Indicates whether the policy allows or denies access.
/// </summary>
public Effect Effect { get; set; }

/// <summary>
/// The AWS account or resource ARN that this statement applies to.
/// The AWS account(s) or resource ARN(s) that this statement applies to.
/// </summary>
// public StringOrStringList Principal { get; set; }
public StringOrStringList Principal { get; set; }
public AsyncApiAny Principal { get; set; }

/// <summary>
/// The SNS permission being allowed or denied e.g. sns:Publish
/// The SNS permission being allowed or denied e.g. sns:Publish.
/// </summary>
public StringOrStringList Action { get; set; }

/// <summary>
/// The resource(s) that this policy applies to.
/// </summary>
public StringOrStringList? Resource { get; set; }

/// <summary>
/// Specific circumstances under which the policy grants permission.
/// </summary>
public AsyncApiAny? Condition { get; set; }

public IDictionary<string, IAsyncApiExtension> Extensions { get; set; } = new Dictionary<string, IAsyncApiExtension>();

public void Serialize(IAsyncApiWriter writer)
Expand All @@ -34,8 +47,10 @@ public void Serialize(IAsyncApiWriter writer)

writer.WriteStartObject();
writer.WriteRequiredProperty("effect", this.Effect.GetDisplayName());
writer.WriteRequiredObject("principal", this.Principal, (w, t) => t.Value.Write(w));
writer.WriteRequiredObject("principal", this.Principal, (w, t) => t.Write(w));
writer.WriteRequiredObject("action", this.Action, (w, t) => t.Value.Write(w));
writer.WriteOptionalObject("resource", this.Resource, (w, t) => t?.Value.Write(w));
writer.WriteOptionalObject("condition", this.Condition, (w, t) => t?.Write(w));
writer.WriteExtensions(this.Extensions);
writer.WriteEndObject();
}
Expand Down
42 changes: 34 additions & 8 deletions test/LEGO.AsyncAPI.Tests/Bindings/Sns/SnsBindings_Should.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,15 +31,24 @@ public void SnsChannelBinding_WithFilledObject_SerializesAndDeserializes()
policy:
statements:
- effect: Deny
principal: arn:aws:iam::123456789012:user/alex.wichmann
principal: '*'
action:
- sns:Publish
- sns:Delete
condition:
StringEquals:
aws:username:
- johndoe
- mrsmith
- effect: Allow
principal:
- arn:aws:iam::123456789012:user/alex.wichmann
- arn:aws:iam::123456789012:user/dec.kolakowski
AWS:
- arn:aws:iam::123456789012:user/alex.wichmann
- arn:aws:iam::123456789012:user/dec.kolakowski
action: sns:Create
condition:
NumericLessThanEquals:
aws:MultiFactorAuthAge: '3600'
x-statementExtension:
statementXPropertyName: statementXPropertyValue
x-policyExtension:
Expand Down Expand Up @@ -77,22 +86,39 @@ public void SnsChannelBinding_WithFilledObject_SerializesAndDeserializes()
new Statement()
{
Effect = Effect.Deny,
Principal = new StringOrStringList(new AsyncApiAny("arn:aws:iam::123456789012:user/alex.wichmann")),
Principal = new AsyncApiAny("*"),
Action = new StringOrStringList(new AsyncApiAny(new List<string>()
{
"sns:Publish",
"sns:Delete",
})),
Condition = new AsyncApiAny(new Dictionary<string, object>()
{
{
"StringEquals", new Dictionary<string, List<string>>()
{
{ "aws:username", new List<string>() { "johndoe", "mrsmith" } },
}
},
}),
},
new Statement()
{
Effect = Effect.Allow,
Principal = new StringOrStringList(new AsyncApiAny(new List<string>()
Principal = new AsyncApiAny(new Dictionary<string, List<string>>()
{
"arn:aws:iam::123456789012:user/alex.wichmann",
"arn:aws:iam::123456789012:user/dec.kolakowski",
})),
{ "AWS", new List<string>() { "arn:aws:iam::123456789012:user/alex.wichmann", "arn:aws:iam::123456789012:user/dec.kolakowski" } },
}),
Action = new StringOrStringList(new AsyncApiAny("sns:Create")),
Condition = new AsyncApiAny(new Dictionary<string, object>()
{
{
"NumericLessThanEquals", new Dictionary<string, string>()
{
{ "aws:MultiFactorAuthAge", "3600" },
}
},
}),
Extensions = new Dictionary<string, IAsyncApiExtension>()
{
{
Expand Down
Loading

0 comments on commit eef9cb9

Please sign in to comment.