diff --git a/packages/sqs/lib/utils/sqsAttributeUtils.spec.ts b/packages/sqs/lib/utils/sqsAttributeUtils.spec.ts index 80827f61..e16e7d60 100644 --- a/packages/sqs/lib/utils/sqsAttributeUtils.spec.ts +++ b/packages/sqs/lib/utils/sqsAttributeUtils.spec.ts @@ -36,7 +36,7 @@ describe('sqsAttributeUtils', () => { const result = generateQueuePolicyFromPolicyConfig(testQueueArn, policyConfig) expect(result).toMatchInlineSnapshot( - `"{"Version":"2012-10-17","Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"]}]}"`, + `"{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"}]}"`, ) }) @@ -53,7 +53,7 @@ describe('sqsAttributeUtils', () => { const result = generateQueuePolicyFromPolicyConfig(testQueueArn, policyConfig) expect(result).toMatchInlineSnapshot( - `"{"Version":"2012-10-17","Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue","Statement":[{"Effect":"Deny","Principal":{"AWS":"arn:aws:iam::123456789012:user/test-user"},"Action":["sqs:SendMessage"]}]}"`, + `"{"Version":"2012-10-17","Statement":[{"Effect":"Deny","Principal":{"AWS":"arn:aws:iam::123456789012:user/test-user"},"Action":["sqs:SendMessage"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"}]}"`, ) }) @@ -77,7 +77,7 @@ describe('sqsAttributeUtils', () => { const result = generateQueuePolicyFromPolicyConfig(testQueueArn, policyConfig) expect(result).toMatchInlineSnapshot( - `"{"Version":"2012-10-17","Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:user/user1"},"Action":["sqs:SendMessage"]},{"Effect":"Deny","Principal":{"AWS":"arn:aws:iam::123456789012:user/user2"},"Action":["sqs:ReceiveMessage"]}]}"`, + `"{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:user/user1"},"Action":["sqs:SendMessage"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"},{"Effect":"Deny","Principal":{"AWS":"arn:aws:iam::123456789012:user/user2"},"Action":["sqs:ReceiveMessage"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"}]}"`, ) }) @@ -89,7 +89,7 @@ describe('sqsAttributeUtils', () => { const result = generateQueuePolicyFromPolicyConfig(testQueueArn, policyConfig) expect(result).toMatchInlineSnapshot( - `"{"Version":"2012-10-17","Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"]}]}"`, + `"{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"}]}"`, ) }) @@ -101,7 +101,7 @@ describe('sqsAttributeUtils', () => { const result = generateQueuePolicyFromPolicyConfig(testQueueArn, policyConfig) expect(result).toMatchInlineSnapshot( - `"{"Version":"2012-10-17","Resource":"arn:aws:sqs:*:*:*","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"]}]}"`, + `"{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"],"Resource":"arn:aws:sqs:*:*:*"}]}"`, ) }) @@ -114,7 +114,7 @@ describe('sqsAttributeUtils', () => { const result = generateQueuePolicyFromPolicyConfig(testQueueArn, policyConfig) expect(result).toMatchInlineSnapshot( - `"{"Version":"2012-10-17","Resource":"arn:aws:sqs:us-east-1:123456789012:custom-queue","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"]}]}"`, + `"{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"],"Resource":"arn:aws:sqs:us-east-1:123456789012:custom-queue"}]}"`, ) }) @@ -142,7 +142,7 @@ describe('sqsAttributeUtils', () => { const result = generateQueuePolicyFromPolicyConfig(testQueueArn, policyConfig) expect(result).toMatchInlineSnapshot( - `"{"Version":"2012-10-17","Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:user/user1"},"Action":["sqs:SendMessage"]},{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:ReceiveMessage"]},{"Effect":"Deny","Principal":{"AWS":"*"},"Action":["sqs:DeleteMessage"]}]}"`, + `"{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:user/user1"},"Action":["sqs:SendMessage"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"},{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:ReceiveMessage"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"},{"Effect":"Deny","Principal":{"AWS":"*"},"Action":["sqs:DeleteMessage"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"}]}"`, ) }) @@ -155,7 +155,7 @@ describe('sqsAttributeUtils', () => { const result = generateQueuePolicyFromPolicyConfig(testQueueArn, policyConfig) expect(result).toMatchInlineSnapshot( - `"{"Version":"2012-10-17","Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"]}]}"`, + `"{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":["sqs:SendMessage","sqs:GetQueueAttributes","sqs:GetQueueUrl"],"Resource":"arn:aws:sqs:eu-central-1:632374391739:test-queue"}]}"`, ) }) }) diff --git a/packages/sqs/lib/utils/sqsAttributeUtils.ts b/packages/sqs/lib/utils/sqsAttributeUtils.ts index 9497d2da..92c56868 100644 --- a/packages/sqs/lib/utils/sqsAttributeUtils.ts +++ b/packages/sqs/lib/utils/sqsAttributeUtils.ts @@ -18,24 +18,23 @@ export function generateQueuePolicyFromPolicyConfig( queueArn: string, policyConfig: SQSPolicyConfig, ): string { + const resource = + policyConfig.resource === SQS_RESOURCE_CURRENT_QUEUE + ? queueArn + : policyConfig.resource === SQS_RESOURCE_ANY + ? `arn:aws:sqs:*:*:*` + : policyConfig.resource const statements = ( Array.isArray(policyConfig.statements) ? policyConfig.statements : [policyConfig.statements] ).map((statement) => ({ Effect: statement?.Effect ?? 'Allow', Principal: { AWS: statement?.Principal ?? '*' }, Action: statement?.Action ?? ['sqs:SendMessage', 'sqs:GetQueueAttributes', 'sqs:GetQueueUrl'], + Resource: resource, })) - const resource = - policyConfig.resource === SQS_RESOURCE_CURRENT_QUEUE - ? queueArn - : policyConfig.resource === SQS_RESOURCE_ANY - ? `arn:aws:sqs:*:*:*` - : policyConfig.resource - return JSON.stringify({ Version: POLICY_VERSION, - Resource: resource, Statement: statements, }) } diff --git a/packages/sqs/package.json b/packages/sqs/package.json index 44b86deb..55943c09 100644 --- a/packages/sqs/package.json +++ b/packages/sqs/package.json @@ -1,6 +1,6 @@ { "name": "@message-queue-toolkit/sqs", - "version": "22.2.0", + "version": "22.2.1", "private": false, "license": "MIT", "description": "SQS adapter for message-queue-toolkit", diff --git a/packages/sqs/test/consumers/SqsPermissionConsumer.spec.ts b/packages/sqs/test/consumers/SqsPermissionConsumer.spec.ts index d11d37be..460b898f 100644 --- a/packages/sqs/test/consumers/SqsPermissionConsumer.spec.ts +++ b/packages/sqs/test/consumers/SqsPermissionConsumer.spec.ts @@ -334,7 +334,6 @@ describe('SqsPermissionConsumer', () => { const policy = JSON.parse(attributes.result?.attributes?.Policy || '{}') expect(policy).toMatchInlineSnapshot(` { - "Resource": "arn:aws:sqs:eu-west-1:000000000000:myTestQueue", "Statement": [ { "Action": [ @@ -345,6 +344,7 @@ describe('SqsPermissionConsumer', () => { "Principal": { "AWS": "arn:aws:iam::123456789012:user/test-user", }, + "Resource": "arn:aws:sqs:eu-west-1:000000000000:myTestQueue", }, ], "Version": "2012-10-17", @@ -398,7 +398,7 @@ describe('SqsPermissionConsumer', () => { // Verify updated policy was applied const attributes = await getQueueAttributes(sqsClient, updatedConsumer.queueProps.url) const policy = JSON.parse(attributes.result?.attributes?.Policy || '{}') - expect(policy.Resource).toBe('*') + expect(policy.Statement[0].Resource).toBe('*') await updatedConsumer.close() }) diff --git a/packages/sqs/test/publishers/SqsPermissionPublisher.spec.ts b/packages/sqs/test/publishers/SqsPermissionPublisher.spec.ts index 21c3eb64..ef6a1b1e 100644 --- a/packages/sqs/test/publishers/SqsPermissionPublisher.spec.ts +++ b/packages/sqs/test/publishers/SqsPermissionPublisher.spec.ts @@ -316,10 +316,9 @@ describe('SqsPermissionPublisher', () => { const policy = JSON.parse(attributes.result?.attributes?.Policy || '{}') expect(policy.Version).toBe('2012-10-17') - expect(policy.Resource).toBe(newPublisher.queueProps.arn) + expect(policy.Statement[0].Resource).toBe(newPublisher.queueProps.arn) expect(policy).toMatchInlineSnapshot(` { - "Resource": "arn:aws:sqs:eu-west-1:000000000000:someQueue", "Statement": [ { "Action": [ @@ -330,6 +329,7 @@ describe('SqsPermissionPublisher', () => { "Principal": { "AWS": "arn:aws:iam::123456789012:user/test-user", }, + "Resource": "arn:aws:sqs:eu-west-1:000000000000:someQueue", }, ], "Version": "2012-10-17", @@ -380,7 +380,7 @@ describe('SqsPermissionPublisher', () => { // Verify updated policy was applied const attributes = await getQueueAttributes(sqsClient, updatedPublisher.queueProps.url) const policy = JSON.parse(attributes.result?.attributes?.Policy || '{}') - expect(policy.Resource).toBe('*') + expect(policy.Statement[0].Resource).toBe('*') }) }) })