Merge pull request #1220 from justeattakeaway/revert-1144-gh-1139-rem…

…ove-sqs-policy Revert switch to AWSSDK Policy Creation
justeattakeaway · Jul 28, 2023 · 03484e6 · 03484e6
2 parents aa6b03f + 2a1fadd
commit 03484e6
Show file tree

Hide file tree

Showing 10 changed files with 166 additions and 77 deletions.
diff --git a/src/JustSaying/AwsTools/MessageHandling/SqsPolicy.cs b/src/JustSaying/AwsTools/MessageHandling/SqsPolicy.cs
@@ -0,0 +1,23 @@
+using Amazon.SQS;
+using Amazon.SQS.Model;
+
+namespace JustSaying.AwsTools.MessageHandling;
+
+internal static class SqsPolicy
+{
+    internal static async Task SaveAsync(SqsPolicyDetails policyDetails, IAmazonSQS client)
+    {
+        var policyJson = SqsPolicyBuilder.BuildPolicyJson(policyDetails);
+
+        var setQueueAttributesRequest = new SetQueueAttributesRequest
+        {
+            QueueUrl = policyDetails.QueueUri.AbsoluteUri,
+            Attributes =
+            {
+                ["Policy"] = policyJson
+            }
+        };
+
+        await client.SetQueueAttributesAsync(setQueueAttributesRequest).ConfigureAwait(false);
+    }
+}
diff --git a/src/JustSaying/AwsTools/MessageHandling/SqsPolicyBuilder.cs b/src/JustSaying/AwsTools/MessageHandling/SqsPolicyBuilder.cs
@@ -0,0 +1,45 @@
+using Amazon;
+
+namespace JustSaying.AwsTools.MessageHandling;
+
+internal static class SqsPolicyBuilder{
+
+    public static string BuildPolicyJson(SqsPolicyDetails policyDetails)
+    {
+        var sid = Guid.NewGuid().ToString().Replace("-", "");
+
+        var resource = policyDetails.QueueArn;
+
+        var topicArnWildcard = string.IsNullOrWhiteSpace(policyDetails.SourceArn)
+            ? "*"
+            : CreateTopicArnWildcard(policyDetails.SourceArn);
+
+        var policyJson = $@"{{
+    ""Version"" : ""2012-10-17"",
+    ""Statement"" : [
+        {{
+            ""Sid"" : ""{sid}"",
+            ""Effect"" : ""Allow"",
+            ""Principal"" : {{
+                ""AWS"" : ""*""
+            }},
+            ""Action""    : ""sqs:SendMessage"",
+            ""Resource""  : ""{resource}"",
+            ""Condition"" : {{
+                ""ArnLike"" : {{
+                    ""aws:SourceArn"" : ""{topicArnWildcard}""
+                }}
+            }}
+        }}
+    ]
+}}";
+        return policyJson;
+    }
+
+    private static string CreateTopicArnWildcard(string topicArn)
+    {
+        var arn = Arn.Parse(topicArn);
+        arn.Resource = "*";
+        return arn.ToString();
+    }
+}
diff --git a/src/JustSaying/AwsTools/MessageHandling/SqsPolicyDetails.cs b/src/JustSaying/AwsTools/MessageHandling/SqsPolicyDetails.cs
@@ -0,0 +1,8 @@
+namespace JustSaying.AwsTools.MessageHandling;
+
+internal class SqsPolicyDetails
+{
+    public string SourceArn { get; set; }
+    public string QueueArn { get; set; }
+    public Uri QueueUri { get; set; }
+}
diff --git a/src/JustSaying/AwsTools/QueueCreation/AmazonQueueCreator.cs b/src/JustSaying/AwsTools/QueueCreation/AmazonQueueCreator.cs
@@ -58,6 +58,16 @@ await SubscribeQueueAndApplyFilterPolicyAsync(snsClient,
                     sqsClient,
                     queue.Uri,
                     queueConfig.FilterPolicy).ConfigureAwait(false);
+
+                var sqsDetails = new SqsPolicyDetails
+                {
+                    SourceArn = eventTopic.Arn,
+                    QueueArn = queue.Arn,
+                    QueueUri = queue.Uri
+                };
+                await SqsPolicy
+                    .SaveAsync(sqsDetails, sqsClient)
+                    .ConfigureAwait(false);
             }
         }
 
@@ -112,4 +122,4 @@ await amazonSimpleNotificationService
             .SetSubscriptionAttributesAsync(subscriptionArn, "FilterPolicy", actualFilterPolicy)
             .ConfigureAwait(false);
     }
-}
+}
diff --git a/tests/JustSaying.IntegrationTests/Fluent/AwsTools/WhenEnsuringATopicExistsPolicyIsCreated.cs b/tests/JustSaying.IntegrationTests/Fluent/AwsTools/WhenEnsuringATopicExistsPolicyIsCreated.cs
diff --git a/tests/JustSaying.IntegrationTests/JustSaying.IntegrationTests.csproj b/tests/JustSaying.IntegrationTests/JustSaying.IntegrationTests.csproj
@@ -29,7 +29,6 @@
     <Using Include="Xunit.Abstractions" />
   </ItemGroup>
   <ItemGroup>
-    <Folder Include="Fluent\AwsTools\Approvals" />
     <Folder Include="Fluent\Publishing\Approvals" />
   </ItemGroup>
 </Project>
diff --git a/...en_The_Iam_Policy_Is_Created.approved.txt → ...uldGenerateApprovedIamPolicy.approved.txt b/...en_The_Iam_Policy_Is_Created.approved.txt → ...uldGenerateApprovedIamPolicy.approved.txt
@@ -8,10 +8,10 @@
                 "AWS" : "*"
             },
             "Action"    : "sqs:SendMessage",
-            "Resource"  : "arn:aws:sqs:us-east-1:000000000000:<unique-name>",
+            "Resource"  : "",
             "Condition" : {
                 "ArnLike" : {
-                    "aws:SourceArn" : "arn:aws:sns:us-east-1:000000000000:<unique-name>-topic"
+                    "aws:SourceArn" : "arn:aws:sqs:ap-southeast-2:123456789012:*"
                 }
             }
         }

diff --git a/...cyBuilderTests.ShouldGenerateApprovedIamPolicyWithWildcardFromEmptySourceArn.approved.txt b/...cyBuilderTests.ShouldGenerateApprovedIamPolicyWithWildcardFromEmptySourceArn.approved.txt
@@ -0,0 +1,19 @@
+{
+    "Version" : "2012-10-17",
+    "Statement" : [
+        {
+            "Sid" : "<sid>",
+            "Effect" : "Allow",
+            "Principal" : {
+                "AWS" : "*"
+            },
+            "Action"    : "sqs:SendMessage",
+            "Resource"  : "",
+            "Condition" : {
+                "ArnLike" : {
+                    "aws:SourceArn" : "*"
+                }
+            }
+        }
+    ]
+}
diff --git a/tests/JustSaying.UnitTests/AwsTools/MessageHandling/Sqs/Policy/SqsPolicyBuilderTests.cs b/tests/JustSaying.UnitTests/AwsTools/MessageHandling/Sqs/Policy/SqsPolicyBuilderTests.cs
@@ -0,0 +1,58 @@
+using JustSaying.AwsTools.MessageHandling;
+using Newtonsoft.Json.Linq;
+
+namespace JustSaying.UnitTests.AwsTools.MessageHandling.Sqs.Policy;
+
+public class SqsPolicyBuilderTests
+{
+    [Fact]
+    public void ShouldGenerateApprovedIamPolicy()
+    {
+        // arrange
+        var sqsPolicyDetails = new SqsPolicyDetails
+        {
+            SourceArn = "arn:aws:sqs:ap-southeast-2:123456789012:topic",
+        };
+
+        // act
+        var policy = SqsPolicyBuilder.BuildPolicyJson(sqsPolicyDetails);
+
+        // assert
+        policy.ShouldMatchApproved(c =>
+        {
+            c.SubFolder("Approvals");
+            // Sids are generated from guids on each invocation so must be ignored
+            // when performing approval tests
+            c.WithScrubber(ScrubSids);
+        });
+    }
+
+    [Fact]
+    public void ShouldGenerateApprovedIamPolicyWithWildcardFromEmptySourceArn()
+    {
+        // arrange
+        var sqsPolicyDetails = new SqsPolicyDetails
+        {
+            SourceArn = "",
+        };
+
+        // act
+        var policy = SqsPolicyBuilder.BuildPolicyJson(sqsPolicyDetails);
+
+        // assert
+        policy.ShouldMatchApproved(c =>
+        {
+            c.SubFolder("Approvals");
+            // Sids are generated from guids on each invocation so must be ignored
+            // when performing approval tests
+            c.WithScrubber(ScrubSids);
+        });
+    }
+
+    private static string ScrubSids(string iamPolicy)
+    {
+        var json = JObject.Parse(iamPolicy);
+        return iamPolicy
+            .Replace(json["Statement"]![0]!["Sid"]!.ToString(), "<sid>");
+    }
+}
diff --git a/tests/JustSaying.UnitTests/JustSaying.UnitTests.csproj b/tests/JustSaying.UnitTests/JustSaying.UnitTests.csproj
@@ -26,7 +26,4 @@
     <Using Include="Xunit" />
     <Using Include="Xunit.Abstractions" />
   </ItemGroup>
-  <ItemGroup>
-    <Folder Include="AwsTools\MessageHandling\Sqs\Policy" />
-  </ItemGroup>
 </Project>