This repository has been archived by the owner on Jan 3, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 28
/
Copy pathiam_policy.go
119 lines (100 loc) · 3.32 KB
/
iam_policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package cloudformation
import "encoding/json"
// IAMPolicyDocument represents an IAM policy document
type IAMPolicyDocument struct {
Version string `json:",omitempty"`
Statement []IAMPolicyStatement
}
// Avoid infinite loops when we just want to unmarshal the struct normally.
type iamPolicyDocumentCopy IAMPolicyDocument
// iamPolicyDocumentSingleStatement is used for parsing policy documents with a
// single statement.
type iamPolicyDocumentSingleStatement struct {
Version string `json:",omitempty"`
Statement IAMPolicyStatement
}
// ToJSON returns the JSON representation of the policy document or
// panics if the object cannot be marshaled.
func (i IAMPolicyDocument) ToJSON() string {
buf, err := json.Marshal(i)
if err != nil {
panic(err)
}
return string(buf)
}
// UnmarshalJSON sets the object from the provided JSON representation. This has
// been added to handle the special case of a single statement versus an array.
func (i *IAMPolicyDocument) UnmarshalJSON(data []byte) error {
// Handle single statement policy documents
var v iamPolicyDocumentSingleStatement
err := json.Unmarshal(data, &v)
if err == nil {
i.Version = v.Version
i.Statement = []IAMPolicyStatement{v.Statement}
return nil
}
// Handle multiple statements
var v2 iamPolicyDocumentCopy
err = json.Unmarshal(data, &v2)
if err != nil {
return err
}
i.Version = v2.Version
i.Statement = v2.Statement
return nil
}
// IAMPrincipal represents a principal in an IAM policy
type IAMPrincipal struct {
AWS *StringListExpr `json:",omitempty"`
CanonicalUser *StringListExpr `json:",omitempty"`
Federated *StringListExpr `json:",omitempty"`
Service *StringListExpr `json:",omitempty"`
}
// IAMPolicyStatement represents an IAM policy statement
type IAMPolicyStatement struct {
Sid string `json:",omitempty"`
Effect string `json:",omitempty"`
Principal *IAMPrincipal `json:",omitempty"`
NotPrincipal *IAMPrincipal `json:",omitempty"`
Action *StringListExpr `json:",omitempty"`
NotAction *StringListExpr `json:",omitempty"`
Resource *StringListExpr `json:",omitempty"`
Condition interface{} `json:",omitempty"`
}
// Avoid infinite loops when we just want to marshal the struct normally.
type iamPrincipalCopy IAMPrincipal
// MarshalJSON returns a JSON representation of the object. This has been added
// to handle the special case of "*" as the Principal value.
func (i IAMPrincipal) MarshalJSON() ([]byte, error) {
// Special case for "*"
if i.AWS != nil && len(i.AWS.Literal) == 1 && i.AWS.Literal[0].Literal == "*" {
return json.Marshal(i.AWS.Literal[0].Literal)
}
c := iamPrincipalCopy(i)
return json.Marshal(c)
}
// UnmarshalJSON sets the object from the provided JSON representation. This has
// been added to handle the special case of "*" as the Principal value.
func (i *IAMPrincipal) UnmarshalJSON(data []byte) error {
// Handle single string values like "*"
var v string
err := json.Unmarshal(data, &v)
if err == nil {
i.AWS = StringList(String(v))
i.CanonicalUser = nil
i.Federated = nil
i.Service = nil
return nil
}
// Handle all other values
var v2 iamPrincipalCopy
err = json.Unmarshal(data, &v2)
if err != nil {
return err
}
i.AWS = v2.AWS
i.CanonicalUser = v2.CanonicalUser
i.Federated = v2.Federated
i.Service = v2.Service
return nil
}