### Compare Non-Equivalent Policies (Different Action) Source: https://context7.com/jen20/awspolicyequivalence/llms.txt Demonstrates comparing two policies that are not equivalent due to a difference in the specified action. The function correctly returns false. ```go // --- Example 2: Non-equivalent policies (different Action) --- policy3 := `{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-bucket/*" } ] }` policy4 := `{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::my-bucket/*" } ] }` eq2, err := awspolicy.PoliciesAreEquivalent(policy3, policy4) if err != nil { log.Fatalf("error comparing policies: %s", err) } fmt.Println(eq2) // false — different actions ``` -------------------------------- ### Compare Multi-Statement Policies (Reordered) Source: https://context7.com/jen20/awspolicyequivalence/llms.txt Compares two multi-statement policies where the order of statements and the order of values within conditions are different. The function correctly returns true, demonstrating normalization. ```go // --- Example 4: Multi-statement policy with conditions, reordered --- policy7 := `{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": ["s3:ListAllMyBuckets", "s3:GetBucketLocation"], "Resource": "arn:aws:s3:::*" }, { "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::my-bucket", "Condition": {"StringLike": {"s3:prefix": ["", "home/"]}} } ] }` policy8 := `{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::my-bucket", "Condition": {"StringLike": {"s3:prefix": ["home/", ""]}} }, { "Effect": "Allow", "Action": ["s3:GetBucketLocation", "s3:ListAllMyBuckets"], "Resource": "arn:aws:s3:::*" } ] }` eq4, err := awspolicy.PoliciesAreEquivalent(policy7, policy8) if err != nil { log.Fatalf("error comparing policies: %s", err) } fmt.Println(eq4) // true — statement order and condition value order are normalized ``` -------------------------------- ### Compare Equivalent Policies (String vs. Array Action) Source: https://context7.com/jen20/awspolicyequivalence/llms.txt Use PoliciesAreEquivalent to compare policies where actions are represented as a string in one and a single-element array in another. This function normalizes casing and key order. ```go package main import ( "fmt" "log" awspolicy "github.com/jen20/awspolicyequivalence" ) func main() { // --- Example 1: Equivalent policies (string action vs single-element array) --- policy1 := `{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": {"Service": "ec2.amazonaws.com"}, "Action": "sts:AssumeRole" } ] }` policy2 := `{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "allow", "Principal": {"Service": ["ec2.amazonaws.com"]}, "Action": ["sts:AssumeRole"] } ] }` eq, err := awspolicy.PoliciesAreEquivalent(policy1, policy2) if err != nil { log.Fatalf("error comparing policies: %s", err) } fmt.Println(eq) // true — array vs string, effect casing, and key ordering are normalized } ``` -------------------------------- ### Handle Invalid JSON Input Source: https://context7.com/jen20/awspolicyequivalence/llms.txt Demonstrates the behavior when one of the input policy strings is not valid JSON. The PoliciesAreEquivalent function returns a non-nil error, which is caught and printed. ```go // --- Example 5: Invalid JSON returns an error --- _, err = awspolicy.PoliciesAreEquivalent(`{"Version": "2012-10-17", "Statement": [}`, policy1) if err != nil { fmt.Println("got expected error:", err) // got expected error: Error unmarshaling policy: ... } } ``` -------------------------------- ### Account ID vs. Root IAM ARN Equivalence Source: https://context7.com/jen20/awspolicyequivalence/llms.txt Compares policies where one principal is an AWS account ID string and the other is its corresponding root IAM ARN. The function correctly identifies them as equivalent. ```go // --- Example 3: Account ID equivalent to root IAM ARN --- policy5 := `{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "*", "Resource": "*", "Principal": "123456789012" } ] }` policy6 := `{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "*", "Resource": "*", "Principal": "arn:aws:iam::123456789012:root" } ] }` eq3, err := awspolicy.PoliciesAreEquivalent(policy5, policy6) if err != nil { log.Fatalf("error comparing policies: %s", err) } fmt.Println(eq3) // true — account ID and root ARN are treated as equivalent ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.