fix(Config Schema): Recognize API Gateway resource policy shorthands

(PR #8506)
2026-01-18 14:58:43 +00:00 · 2020-11-20 17:50:06 +01:00 · 2020-11-20 17:50:06 +01:00 · b7901cdb77
commit b7901cdb77
parent 3f0fe5986c
1 changed files with 47 additions and 1 deletions
--- a/lib/plugins/aws/provider/awsProvider.js
+++ b/lib/plugins/aws/provider/awsProvider.js
@ -244,6 +244,10 @@ class AwsProvider {
            maxLength: 256,
            pattern: '^[a-zA-Z0-9._\\-]+$',
          },
+          awsApiGatewayAbbreviatedArn: {
+            type: 'string',
+            pattern: '^execute-api:/',
+          },
          awsArn: {
            anyOf: [
              { $ref: '#/definitions/awsArnString' },
@ -445,6 +449,48 @@ class AwsProvider {
          },
          awsResourceCondition: { type: 'string' },
          awsResourceDependsOn: { type: 'array', items: { type: 'string' } },
+          awsResourcePolicyResource: {
+            anyOf: [
+              { const: '*' },
+              { $ref: '#/definitions/awsArn' },
+              // API Gateway Resource Policy resource property abbreviated syntax - https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies-examples.html
+              { $ref: '#/definitions/awsApiGatewayAbbreviatedArn' },
+              {
+                type: 'array',
+                items: {
+                  anyOf: [
+                    { const: '*' },
+                    { $ref: '#/definitions/awsArn' },
+                    // API Gateway Resource Policy resource property abbreviated syntax - https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies-examples.html
+                    { $ref: '#/definitions/awsApiGatewayAbbreviatedArn' },
+                  ],
+                },
+              },
+            ],
+          },
+          awsResourcePolicyStatements: {
+            type: 'array',
+            items: {
+              type: 'object',
+              properties: {
+                Sid: { type: 'string' },
+                Effect: { enum: ['Allow', 'Deny'] },
+                Action: { $ref: '#/definitions/awsIamPolicyAction' },
+                NotAction: { $ref: '#/definitions/awsIamPolicyAction' },
+                Principal: { $ref: '#/definitions/awsIamPolicyPrincipal' },
+                NotPrincipal: { $ref: '#/definitions/awsIamPolicyPrincipal' },
+                Resource: { $ref: '#/definitions/awsResourcePolicyResource' },
+                NotResource: { $ref: '#/definitions/awsResourcePolicyResource' },
+                Condition: { type: 'object' },
+              },
+              additionalProperties: false,
+              allOf: [
+                { required: ['Effect'] },
+                { oneOf: [{ required: ['Action'] }, { required: ['NotAction'] }] },
+                { oneOf: [{ required: ['Resource'] }, { required: ['NotResource'] }] },
+              ],
+            },
+          },
          awsResourceProperties: {
            Properties: { type: 'object' },
            CreationPolicy: { type: 'object' },
@ -789,7 +835,7 @@ class AwsProvider {
                'sa-east-1',
              ],
            },
-            resourcePolicy: { $ref: '#/definitions/awsIamPolicyStatements' },
+            resourcePolicy: { $ref: '#/definitions/awsResourcePolicyStatements' },
            role: { $ref: '#/definitions/awsLambdaRole' },
            rolePermissionsBoundary: { $ref: '#/definitions/awsArnString' },
            rollbackConfiguration: {