Merge pull request #8 from hashicorp/b-condition-with-empty-array

Treat `Condition`s with empty array values as empty string values
hashicorp · Jan 12, 2022 · bd206d4 · bd206d4
2 parents 853611c + 1180d9d
commit bd206d4
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 0 deletions.
diff --git a/aws_policy_equivalence.go b/aws_policy_equivalence.go
@@ -403,6 +403,9 @@ func newStringSet(members interface{}) stringSet {
 				return nil
 			}
 		}
+		if len(actions) == 0 {
+			return stringSet{}
+		}
 		return stringSet(actions)
 	default:
 		return nil

diff --git a/aws_policy_equivalence_test.go b/aws_policy_equivalence_test.go
@@ -279,6 +279,12 @@ func TestPolicyEquivalence(t *testing.T) {
 			policy2:    policyTest37b,
 			equivalent: true,
 		},
+		{
+			name:       "Condition containing empty array",
+			policy1:    policyTest38a,
+			policy2:    policyTest38b,
+			equivalent: true,
+		},
 	}
 
 	for _, tc := range cases {
@@ -1484,6 +1490,44 @@ const policyTest37b = `{
   ]
  }`
 
+const policyTest38a = `{
+  "Id":"sqspolicy",
+  "Statement":[
+     {
+        "Action":"sqs:SendMessage",
+        "Condition":{
+           "ArnEquals":{
+              "aws:SourceArn":[]
+           }
+        },
+        "Effect":"Allow",
+        "Principal":"*",
+        "Resource":"arn:aws:sqs:***:redacted:redacted",
+        "Sid":"AllowSNSSubscriptions"
+     }
+  ],
+  "Version":"2012-10-17"
+}`
+
+const policyTest38b = `{
+  "Version":"2012-10-17",
+  "Id":"sqspolicy",
+  "Statement":[
+     {
+        "Sid":"AllowSNSSubscriptions",
+        "Effect":"Allow",
+        "Principal":"*",
+        "Action":"sqs:SendMessage",
+        "Resource":"arn:aws:sqs:***:redacted:redacted",
+        "Condition":{
+           "ArnEquals":{
+              "aws:SourceArn":[]
+           }
+        }
+     }
+  ]
+}`
+
 func TestStringValueSlicesEqualIgnoreOrder(t *testing.T) {
 	equal := []interface{}{
 		[]interface{}{