feat(policy-templates): add AcmGetCertificatePolicy (aws#1853)

forzagreen · mgrandis · commit 4ab32ac1acb4 · 2021-03-02T09:13:10.000-08:00
* Policy templates: add AcmGetCertificatePolicy

* Add unit tests
diff --git a/samtranslator/policy_templates_data/policy_templates.json b/samtranslator/policy_templates_data/policy_templates.json
@@ -2306,6 +2306,34 @@
           }
         ]
       }
+    },
+    "AcmGetCertificatePolicy": {
+      "Description": "Gives permission to retrieve a certificate and its certificate chain from ACM",
+      "Parameters": {
+        "CertificateArn": {
+          "Description": "The ARN of the certificate to grant access to"
+        }
+      },
+      "Definition": {
+        "Statement": [
+          {
+            "Effect": "Allow",
+            "Action": [
+              "acm:GetCertificate"
+            ],
+            "Resource": {
+              "Fn::Sub": [
+                "${certificateArn}",
+                {
+                  "certificateArn": {
+                    "Ref": "CertificateArn"
+                  }
+                }
+              ]
+            }
+          }
+        ]
+      }
     }
   }
 }
diff --git a/tests/translator/input/all_policy_templates.yaml b/tests/translator/input/all_policy_templates.yaml
@@ -168,3 +168,6 @@ Resources:
 
         - EventBridgePutEventsPolicy:
             EventBusName: name
+
+        - AcmGetCertificatePolicy:
+            CertificateArn: arn
diff --git a/tests/translator/output/all_policy_templates.json b/tests/translator/output/all_policy_templates.json
@@ -1570,6 +1570,27 @@
                 }
               ]
             }
+          },
+          {
+            "PolicyName": "KitchenSinkFunctionRolePolicy58",
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": [
+                    "acm:GetCertificate"
+                  ],
+                  "Resource": {
+                    "Fn::Sub": [
+                      "${certificateArn}",
+                      {
+                        "certificateArn": "arn"
+                      }
+                    ]
+                  },
+                  "Effect": "Allow"
+                }
+              ]
+            }
           }
         ], 
         "Tags": [
diff --git a/tests/translator/output/aws-cn/all_policy_templates.json b/tests/translator/output/aws-cn/all_policy_templates.json
@@ -1570,6 +1570,27 @@
                 }
               ]
             }
+          },
+          {
+            "PolicyName": "KitchenSinkFunctionRolePolicy58",
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": [
+                    "acm:GetCertificate"
+                  ],
+                  "Resource": {
+                    "Fn::Sub": [
+                      "${certificateArn}",
+                      {
+                        "certificateArn": "arn"
+                      }
+                    ]
+                  },
+                  "Effect": "Allow"
+                }
+              ]
+            }
           }
         ], 
         "Tags": [
diff --git a/tests/translator/output/aws-us-gov/all_policy_templates.json b/tests/translator/output/aws-us-gov/all_policy_templates.json
@@ -1570,6 +1570,27 @@
                 }
               ]
             }
+          },
+          {
+            "PolicyName": "KitchenSinkFunctionRolePolicy58",
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": [
+                    "acm:GetCertificate"
+                  ],
+                  "Resource": {
+                    "Fn::Sub": [
+                      "${certificateArn}",
+                      {
+                        "certificateArn": "arn"
+                      }
+                    ]
+                  },
+                  "Effect": "Allow"
+                }
+              ]
+            }
           }
         ], 
         "Tags": [
