From b9b3857d89bceec8794ff8266290f4c4ddb2e669 Mon Sep 17 00:00:00 2001
From: Ayushi Sharma <ayushi.sharma@gojek.com>
Date: Wed, 11 Dec 2024 08:12:23 +0530
Subject: [PATCH] fix(oss): extract principalID from appeals Account ID

---
 plugins/providers/oss/provider.go | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/plugins/providers/oss/provider.go b/plugins/providers/oss/provider.go
index b335379c5..3ec37c5ad 100644
--- a/plugins/providers/oss/provider.go
+++ b/plugins/providers/oss/provider.go
@@ -251,7 +251,10 @@ func revokePermissionsFromPolicy(policyString string, g domain.Grant) (string, e
 		return "", err
 	}
 
-	principalAccountID := g.AccountID
+	principalAccountID, err := getPrincipalFromAccountID(g.AccountID)
+	if err != nil {
+		return "", err
+	}
 	resourceAccountID, err := getAccountIDFromResource(g.Resource)
 	if err != nil {
 		return "", err
@@ -300,7 +303,11 @@ func updatePolicyToGrantPermissions(policy string, g domain.Grant) (string, erro
 		return "", err
 	}
 
-	principalAccountID := g.AccountID
+	principalAccountID, err := getPrincipalFromAccountID(g.AccountID)
+	if err != nil {
+		return "", err
+	}
+
 	resourceAccountID, err := getAccountIDFromResource(g.Resource)
 	if err != nil {
 		return "", err
@@ -422,6 +429,20 @@ func getAccountIDFromResource(resource *domain.Resource) (string, error) {
 	return urnParts[2], nil
 }
 
+func getPrincipalFromAccountID(accountID string) (string, error) {
+	accountIDParts := strings.Split(accountID, "$")
+	if len(accountIDParts) < 2 {
+		return "", fmt.Errorf("invalid accountID format")
+	}
+
+	subParts := strings.Split(accountIDParts[1], ":")
+	if len(subParts) < 2 {
+		return "", fmt.Errorf("invalid accountID format")
+	}
+
+	return subParts[1], nil
+}
+
 func unmarshalPolicy(policy string) (Policy, error) {
 	var bucketPolicy Policy
 	if err := json.Unmarshal([]byte(policy), &bucketPolicy); err != nil {