* fix policy resource (#336)

* * fix policy resource

* * fix policy resource

Author: Dosexe

packages/sqs/lib/utils/sqsAttributeUtils.spec.ts

@@ -36,7 +36,7 @@ describe('sqsAttributeUtils', () => {
       const result = generateQueuePolicyFromPolicyConfig(testQueueArn, policyConfig)
 
       expect(result).toMatchInlineSnapshot(
-        `"{"Version":"2012-10-17","Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"]}]}"`,
+        `"{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"}]}"`,
       )
     })
 
@@ -53,7 +53,7 @@ describe('sqsAttributeUtils', () => {
       const result = generateQueuePolicyFromPolicyConfig(testQueueArn, policyConfig)
 
       expect(result).toMatchInlineSnapshot(
-        `"{"Version":"2012-10-17","Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue","Statement":[{"Effect":"Deny","Principal":{"AWS":"arn:aws:iam::123456789012:user/test-user"},"Action":["sqs:SendMessage"]}]}"`,
+        `"{"Version":"2012-10-17","Statement":[{"Effect":"Deny","Principal":{"AWS":"arn:aws:iam::123456789012:user/test-user"},"Action":["sqs:SendMessage"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"}]}"`,
       )
     })
 
@@ -77,7 +77,7 @@ describe('sqsAttributeUtils', () => {
       const result = generateQueuePolicyFromPolicyConfig(testQueueArn, policyConfig)
 
       expect(result).toMatchInlineSnapshot(
-        `"{"Version":"2012-10-17","Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:user/user1"},"Action":["sqs:SendMessage"]},{"Effect":"Deny","Principal":{"AWS":"arn:aws:iam::123456789012:user/user2"},"Action":["sqs:ReceiveMessage"]}]}"`,
+        `"{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:user/user1"},"Action":["sqs:SendMessage"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"},{"Effect":"Deny","Principal":{"AWS":"arn:aws:iam::123456789012:user/user2"},"Action":["sqs:ReceiveMessage"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"}]}"`,
       )
     })
 
@@ -89,7 +89,7 @@ describe('sqsAttributeUtils', () => {
       const result = generateQueuePolicyFromPolicyConfig(testQueueArn, policyConfig)
 
       expect(result).toMatchInlineSnapshot(
-        `"{"Version":"2012-10-17","Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"]}]}"`,
+        `"{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"}]}"`,
       )
     })
 
@@ -101,7 +101,7 @@ describe('sqsAttributeUtils', () => {
       const result = generateQueuePolicyFromPolicyConfig(testQueueArn, policyConfig)
 
       expect(result).toMatchInlineSnapshot(
-        `"{"Version":"2012-10-17","Resource":"arn:aws:sqs:*:*:*","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"]}]}"`,
+        `"{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"],"Resource":"arn:aws:sqs:*:*:*"}]}"`,
       )
     })
 
@@ -114,7 +114,7 @@ describe('sqsAttributeUtils', () => {
       const result = generateQueuePolicyFromPolicyConfig(testQueueArn, policyConfig)
 
       expect(result).toMatchInlineSnapshot(
-        `"{"Version":"2012-10-17","Resource":"arn:aws:sqs:us-east-1:123456789012:custom-queue","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"]}]}"`,
+        `"{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"],"Resource":"arn:aws:sqs:us-east-1:123456789012:custom-queue"}]}"`,
       )
     })
 
@@ -142,7 +142,7 @@ describe('sqsAttributeUtils', () => {
       const result = generateQueuePolicyFromPolicyConfig(testQueueArn, policyConfig)
 
       expect(result).toMatchInlineSnapshot(
-        `"{"Version":"2012-10-17","Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:user/user1"},"Action":["sqs:SendMessage"]},{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:ReceiveMessage"]},{"Effect":"Deny","Principal":{"AWS":"*"},"Action":["sqs:DeleteMessage"]}]}"`,
+        `"{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:user/user1"},"Action":["sqs:SendMessage"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"},{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:ReceiveMessage"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"},{"Effect":"Deny","Principal":{"AWS":"*"},"Action":["sqs:DeleteMessage"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"}]}"`,
       )
     })
 
@@ -155,7 +155,7 @@ describe('sqsAttributeUtils', () => {
       const result = generateQueuePolicyFromPolicyConfig(testQueueArn, policyConfig)
 
       expect(result).toMatchInlineSnapshot(
-        `"{"Version":"2012-10-17","Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"]}]}"`,
+        `"{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"}]}"`,
       )
     })
   })

packages/sqs/lib/utils/sqsAttributeUtils.ts

@@ -18,24 +18,23 @@ export function generateQueuePolicyFromPolicyConfig(
   queueArn: string,
   policyConfig: SQSPolicyConfig,
 ): string {
+  const resource =
+    policyConfig.resource === SQS_RESOURCE_CURRENT_QUEUE
+      ? queueArn
+      : policyConfig.resource === SQS_RESOURCE_ANY
+        ? `arn:aws:sqs:*:*:*`
+        : policyConfig.resource
   const statements = (
     Array.isArray(policyConfig.statements) ? policyConfig.statements : [policyConfig.statements]
   ).map((statement) => ({
     Effect: statement?.Effect ?? 'Allow',
     Principal: { AWS: statement?.Principal ?? '*' },
     Action: statement?.Action ?? ['sqs:SendMessage', 'sqs:GetQueueAttributes', 'sqs:GetQueueUrl'],
+    Resource: resource,
   }))
 
-  const resource =
-    policyConfig.resource === SQS_RESOURCE_CURRENT_QUEUE
-      ? queueArn
-      : policyConfig.resource === SQS_RESOURCE_ANY
-        ? `arn:aws:sqs:*:*:*`
-        : policyConfig.resource
-
   return JSON.stringify({
     Version: POLICY_VERSION,
-    Resource: resource,
     Statement: statements,
   })
 }

packages/sqs/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@message-queue-toolkit/sqs",
-    "version": "22.2.0",
+    "version": "22.2.1",
     "private": false,
     "license": "MIT",
     "description": "SQS adapter for message-queue-toolkit",

packages/sqs/test/consumers/SqsPermissionConsumer.spec.ts

@@ -334,7 +334,6 @@ describe('SqsPermissionConsumer', () => {
           const policy = JSON.parse(attributes.result?.attributes?.Policy || '{}')
           expect(policy).toMatchInlineSnapshot(`
             {
-              "Resource": "arn:aws:sqs:eu-west-1:000000000000:myTestQueue",
               "Statement": [
                 {
                   "Action": [
@@ -345,6 +344,7 @@ describe('SqsPermissionConsumer', () => {
                   "Principal": {
                     "AWS": "arn:aws:iam::123456789012:user/test-user",
                   },
+                  "Resource": "arn:aws:sqs:eu-west-1:000000000000:myTestQueue",
                 },
               ],
               "Version": "2012-10-17",
@@ -398,7 +398,7 @@ describe('SqsPermissionConsumer', () => {
           // Verify updated policy was applied
           const attributes = await getQueueAttributes(sqsClient, updatedConsumer.queueProps.url)
           const policy = JSON.parse(attributes.result?.attributes?.Policy || '{}')
-          expect(policy.Resource).toBe('*')
+          expect(policy.Statement[0].Resource).toBe('*')
 
           await updatedConsumer.close()
         })

packages/sqs/test/publishers/SqsPermissionPublisher.spec.ts

@@ -316,10 +316,9 @@ describe('SqsPermissionPublisher', () => {
           const policy = JSON.parse(attributes.result?.attributes?.Policy || '{}')
 
           expect(policy.Version).toBe('2012-10-17')
-          expect(policy.Resource).toBe(newPublisher.queueProps.arn)
+          expect(policy.Statement[0].Resource).toBe(newPublisher.queueProps.arn)
           expect(policy).toMatchInlineSnapshot(`
             {
-              "Resource": "arn:aws:sqs:eu-west-1:000000000000:someQueue",
               "Statement": [
                 {
                   "Action": [
@@ -330,6 +329,7 @@ describe('SqsPermissionPublisher', () => {
                   "Principal": {
                     "AWS": "arn:aws:iam::123456789012:user/test-user",
                   },
+                  "Resource": "arn:aws:sqs:eu-west-1:000000000000:someQueue",
                 },
               ],
               "Version": "2012-10-17",
@@ -380,7 +380,7 @@ describe('SqsPermissionPublisher', () => {
           // Verify updated policy was applied
           const attributes = await getQueueAttributes(sqsClient, updatedPublisher.queueProps.url)
           const policy = JSON.parse(attributes.result?.attributes?.Policy || '{}')
-          expect(policy.Resource).toBe('*')
+          expect(policy.Statement[0].Resource).toBe('*')
         })
       })
     })