Reorder Hash keys for trust policy comparison

cookpad · Jun 8, 2023 · ba0f7a6 · ba0f7a6
1 parent a433377
commit ba0f7a6
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 2 deletions.
diff --git a/lib/miam/ext/hash_ext.rb b/lib/miam/ext/hash_ext.rb
@@ -15,8 +15,8 @@ def sort_array0(value)
     when Hash
       new_value = {}
 
-      value.each do |k, v|
-        new_value[k] = sort_array0(v)
+      value.keys.sort.each do |k|
+        new_value[k] = sort_array0(value.fetch(k))
       end
 
       new_value

diff --git a/spec/miam/hash_ext_spec.rb b/spec/miam/hash_ext_spec.rb
@@ -36,4 +36,71 @@
   subject { hash.sort_array! }
 
   it { is_expected.to eq expected_hash }
+
+  context 'on trust policy' do
+    let(:expected_trust_policy) do
+      {
+	'Version' => '2012-10-17',
+	'Statement' => [
+          {
+            'Action' => 'sts:AssumeRole',
+            'Effect' => 'Allow',
+            'Principal' => {
+              'AWS' => 'arn:aws:iam::111122223333:role/Role1',
+            },
+            'Sid' => 'sid1',
+          },
+          {
+            'Effect' => 'Allow',
+            'Principal' => {
+              'Federated' => 'arn:aws:iam::111122223333:oidc-provider/oidc.eks.ap-northeast-1.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE',
+            },
+            'Action' => 'sts:AssumeRoleWithWebIdentity',
+            'Condition' => {
+              'StringEquals' => {
+                'oidc.eks.ap-northeast-1.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:sub' => 'system:serviceaccount:default:miam',
+                'oidc.eks.ap-northeast-1.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:aud' => 'sts.amazonaws.com',
+              },
+            },
+          },
+        ],
+      }
+    end
+
+    let(:actual_trust_policy) do
+      {
+        'Version' => '2012-10-17',
+        'Statement' => [
+          {
+            # Only the order of key-value pairs below are different
+            'Sid' => 'sid1',
+            'Effect' => 'Allow',
+            'Principal' => {
+              'AWS' => 'arn:aws:iam::111122223333:role/Role1',
+            },
+            'Action' => 'sts:AssumeRole',
+          },
+          {
+            'Effect' => 'Allow',
+            'Principal' => {
+              'Federated' => 'arn:aws:iam::111122223333:oidc-provider/oidc.eks.ap-northeast-1.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE',
+            },
+            'Action' => 'sts:AssumeRoleWithWebIdentity',
+            'Condition' => {
+              'StringEquals' => {
+                'oidc.eks.ap-northeast-1.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:sub' => 'system:serviceaccount:default:miam',
+                'oidc.eks.ap-northeast-1.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:aud' => 'sts.amazonaws.com',
+              },
+            },
+          },
+        ],
+      }
+    end
+
+    it 'ignores the order of Hash entries' do
+      expected_trust_policy.sort_array!
+      actual_trust_policy.sort_array!
+      expect(expected_trust_policy).to eq(actual_trust_policy)
+    end
+  end
 end