1use awsim_core::{AccountRegionStore, ResourcePolicyLookup};
2use awsim_iam_policy::PolicyDocument;
3use serde_json::json;
4
5use crate::state::LambdaState;
6
7pub struct LambdaResourcePolicyLookup {
8 store: AccountRegionStore<LambdaState>,
9}
10
11impl LambdaResourcePolicyLookup {
12 pub fn new(store: AccountRegionStore<LambdaState>) -> Self {
13 Self { store }
14 }
15}
16
17fn extract_function_name(arn: &str) -> Option<String> {
18 let rest = arn.strip_prefix("arn:aws:lambda:")?;
19 let parts: Vec<&str> = rest.splitn(3, ':').collect();
20 if parts.len() < 3 {
21 return None;
22 }
23 let resource = parts[2];
24 let after = resource.strip_prefix("function:")?;
25 let name = after.split(':').next()?;
26 Some(name.to_string())
27}
28
29impl ResourcePolicyLookup for LambdaResourcePolicyLookup {
30 fn lookup(&self, resource_arn: &str) -> Option<PolicyDocument> {
31 let function_name = extract_function_name(resource_arn)?;
32 for (_, state) in self.store.iter_all() {
33 if let Some(func) = state.functions.get(&function_name) {
34 if func.policy_statements.is_empty() {
35 return None;
36 }
37 let statements: Vec<serde_json::Value> =
38 func.policy_statements.values().cloned().collect();
39 let doc = json!({
40 "Version": "2012-10-17",
41 "Statement": statements,
42 });
43 return awsim_iam_policy::parse(&doc.to_string()).ok();
44 }
45 }
46 None
47 }
48}