Merge pull request #86 from kapost/jd/STUD-13477/fix-sqs-policy-gener…

…ation changes policy creation to avoid statement limit of 20
kapost · Jan 27, 2023 · d493254 · d493254
2 parents e162337 + e49c63b
commit d493254
Show file tree

Hide file tree

Showing 7 changed files with 29 additions and 11 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -3,7 +3,7 @@ jobs:
   build:
     working_directory: ~/circuitry
     docker:
-      - image: kapost/ruby:2.4.3-node-6.11.5
+      - image: kapost/ruby:2.6.3-node-6.11.5
     steps:
       - checkout
       - run: bundle install

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,9 @@
-## Circuitry 3.4.0 Sep 16, 2020)
+## Circuitry 3.5.0 (Jan 27, 2023)
+
+* Changes the way SQL Policy statements are generated to avoid triggering an error when more a
+  queue subscribes to more than 20 SNS topics.
+
+## Circuitry 3.4.0 (Sep 16, 2020)
 
 * Adds an option for publisher and subscriber configs to override the AWS client options. *wahlg*
   See: https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SQS/Client.html

diff --git a/Gemfile b/Gemfile
@@ -3,4 +3,4 @@ source 'https://rubygems.org'
 # Specify your gem's dependencies in circuitry.gemspec
 gemspec
 
-gem 'memcache_mock', '0.0.14', github: 'mhuggins/MemcacheMock', branch: 'expiry-and-add'
+gem 'memcache_mock', '0.0.14', git: 'https://github.com/mhuggins/MemcacheMock', branch: 'expiry-and-add'
diff --git a/circuitry.gemspec b/circuitry.gemspec
@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'virtus', '~> 1.0'
   spec.add_dependency 'thor'
 
-  spec.add_development_dependency 'bundler', '~> 1.8'
+  spec.add_development_dependency 'bundler', '~> 1.17.0'
   spec.add_development_dependency 'simplecov'
   spec.add_development_dependency 'connection_pool'
   spec.add_development_dependency 'dalli'

diff --git a/lib/circuitry/provisioning/subscription_creator.rb b/lib/circuitry/provisioning/subscription_creator.rb
@@ -43,20 +43,20 @@ def build_policy
           'Policy' => {
             'Version'   => '2012-10-17',
             'Id'        => "#{queue.arn}/SNSPolicy",
-            'Statement' => topics.map { |t| build_policy_statement(t) }
+            'Statement' => [build_policy_statement]
           }.to_json
         }
       end
 
-      def build_policy_statement(topic)
+      def build_policy_statement
         {
-          'Sid'       => "Sid#{topic.name}",
+          'Sid'       => "Sid-#{queue.name}-subscriptions",
           'Effect'    => 'Allow',
           'Principal' => { 'AWS' => '*' },
           'Action'    => 'SQS:SendMessage',
           'Resource'  => queue.arn,
           'Condition' => {
-            'ArnEquals' => { 'aws:SourceArn' => topic.arn }
+            'ForAnyValue:ArnEquals' => { 'aws:SourceArn' => topics.map(&:arn) }
           }
         }
       end

diff --git a/lib/circuitry/version.rb b/lib/circuitry/version.rb
@@ -1,3 +1,3 @@
 module Circuitry
-  VERSION = '3.4.0'
+  VERSION = '3.5.0'
 end
diff --git a/spec/circuitry/provisioning/subscription_creator_spec.rb b/spec/circuitry/provisioning/subscription_creator_spec.rb
@@ -7,6 +7,13 @@
   end
 end
 
+RSpec::Matchers.define :policy_statement_arn_condition_count do |statement_position:, count:|
+  match do |actual|
+    statement = JSON.parse(actual[:attributes]['Policy'])['Statement'][statement_position]
+    statement.dig('Condition', 'ForAnyValue:ArnEquals', 'aws:SourceArn').length == count
+  end
+end
+
 RSpec.describe Circuitry::Provisioning::SubscriptionCreator do
   describe '.subscribe_all' do
     subject { described_class }
@@ -29,9 +36,15 @@
       expect(mock_sns).to have_received(:subscribe).thrice.with(hash_including(endpoint: queue_arn, protocol: 'sqs'))
     end
 
-    it 'sets policy attribute on sqs queue for each topic' do
+    it 'sets policy attribute on sqs queue' do
+      subject.subscribe_all(queue, topics)
+      expect(mock_sqs).to have_received(:set_queue_attributes).once.with(policy_statement_count(1))
+    end
+
+    it 'sets the policy statement condition on sqs que for topics' do
       subject.subscribe_all(queue, topics)
-      expect(mock_sqs).to have_received(:set_queue_attributes).once.with(policy_statement_count(3))
+      expect(mock_sqs).to have_received(:set_queue_attributes).once
+        .with(policy_statement_arn_condition_count(statement_position: 0, count: 3))
     end
   end
 end