From b7901cdb77cb2c81dee62cb614d39d5d2fc824ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Barthelet?= <fredericb@theodo.fr>
Date: Fri, 20 Nov 2020 17:50:06 +0100
Subject: [PATCH] fix(Config Schema): Recognize API Gateway resource policy
 shorthands

(PR #8506)
---
 lib/plugins/aws/provider/awsProvider.js | 48 ++++++++++++++++++++++++-
 1 file changed, 47 insertions(+), 1 deletion(-)

diff --git a/lib/plugins/aws/provider/awsProvider.js b/lib/plugins/aws/provider/awsProvider.js
index f283682f2..50a43c612 100644
--- a/lib/plugins/aws/provider/awsProvider.js
+++ b/lib/plugins/aws/provider/awsProvider.js
@@ -244,6 +244,10 @@ class AwsProvider {
             maxLength: 256,
             pattern: '^[a-zA-Z0-9._\\-]+$',
           },
+          awsApiGatewayAbbreviatedArn: {
+            type: 'string',
+            pattern: '^execute-api:/',
+          },
           awsArn: {
             anyOf: [
               { $ref: '#/definitions/awsArnString' },
@@ -445,6 +449,48 @@ class AwsProvider {
           },
           awsResourceCondition: { type: 'string' },
           awsResourceDependsOn: { type: 'array', items: { type: 'string' } },
+          awsResourcePolicyResource: {
+            anyOf: [
+              { const: '*' },
+              { $ref: '#/definitions/awsArn' },
+              // API Gateway Resource Policy resource property abbreviated syntax - https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies-examples.html
+              { $ref: '#/definitions/awsApiGatewayAbbreviatedArn' },
+              {
+                type: 'array',
+                items: {
+                  anyOf: [
+                    { const: '*' },
+                    { $ref: '#/definitions/awsArn' },
+                    // API Gateway Resource Policy resource property abbreviated syntax - https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies-examples.html
+                    { $ref: '#/definitions/awsApiGatewayAbbreviatedArn' },
+                  ],
+                },
+              },
+            ],
+          },
+          awsResourcePolicyStatements: {
+            type: 'array',
+            items: {
+              type: 'object',
+              properties: {
+                Sid: { type: 'string' },
+                Effect: { enum: ['Allow', 'Deny'] },
+                Action: { $ref: '#/definitions/awsIamPolicyAction' },
+                NotAction: { $ref: '#/definitions/awsIamPolicyAction' },
+                Principal: { $ref: '#/definitions/awsIamPolicyPrincipal' },
+                NotPrincipal: { $ref: '#/definitions/awsIamPolicyPrincipal' },
+                Resource: { $ref: '#/definitions/awsResourcePolicyResource' },
+                NotResource: { $ref: '#/definitions/awsResourcePolicyResource' },
+                Condition: { type: 'object' },
+              },
+              additionalProperties: false,
+              allOf: [
+                { required: ['Effect'] },
+                { oneOf: [{ required: ['Action'] }, { required: ['NotAction'] }] },
+                { oneOf: [{ required: ['Resource'] }, { required: ['NotResource'] }] },
+              ],
+            },
+          },
           awsResourceProperties: {
             Properties: { type: 'object' },
             CreationPolicy: { type: 'object' },
@@ -789,7 +835,7 @@ class AwsProvider {
                 'sa-east-1',
               ],
             },
-            resourcePolicy: { $ref: '#/definitions/awsIamPolicyStatements' },
+            resourcePolicy: { $ref: '#/definitions/awsResourcePolicyStatements' },
             role: { $ref: '#/definitions/awsLambdaRole' },
             rolePermissionsBoundary: { $ref: '#/definitions/awsArnString' },
             rollbackConfiguration: {