Fix SQS resource flapping

* one case of AWS returning different JSON than we passed
* AWS returning a field we do not (and can not) build an expected value of

pkg/model/awsmodel/nodeterminationhandler.go

@@ -37,9 +37,7 @@ const (
 				"Service": ["events.amazonaws.com", "sqs.amazonaws.com"]
 			},
 			"Action": "sqs:SendMessage",
-			"Resource": [
-				"arn:aws:sqs:{{ AWS_REGION }}:{{ ACCOUNT_ID }}:{{ SQS_QUEUE_NAME }}"
-			]
+			"Resource": "arn:aws:sqs:{{ AWS_REGION }}:{{ ACCOUNT_ID }}:{{ SQS_QUEUE_NAME }}"
 		}]
 	}`
 	DefaultMessageRetentionPeriod = 300

tests/integration/update_cluster/nth_sqs_resources/cloudformation.json

@@ -1344,9 +1344,7 @@
                   "sqs.amazonaws.com"
                 ]
               },
-              "Resource": [
-                "arn:aws:sqs:us-test-1:123456789012:nthsqsresources-example-com-nth"
-              ]
+              "Resource": "arn:aws:sqs:us-test-1:123456789012:nthsqsresources-example-com-nth"
             }
           ],
           "Version": "2012-10-17"

tests/integration/update_cluster/nth_sqs_resources/data/aws_sqs_queue_nthsqsresources-example-com-nth_policy

@@ -6,8 +6,6 @@
 				"Service": ["events.amazonaws.com", "sqs.amazonaws.com"]
 			},
 			"Action": "sqs:SendMessage",
-			"Resource": [
-				"arn:aws:sqs:us-test-1:123456789012:nthsqsresources-example-com-nth"
-			]
+			"Resource": "arn:aws:sqs:us-test-1:123456789012:nthsqsresources-example-com-nth"
 		}]
 	}

upup/pkg/fi/cloudup/awstasks/sqs.go

@@ -19,9 +19,11 @@ package awstasks
 import (
 	"encoding/json"
 	"fmt"
+	"reflect"
 	"strconv"
 
 	"k8s.io/apimachinery/pkg/util/validation/field"
+	"k8s.io/klog/v2"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/sqs"
@@ -38,7 +40,7 @@ type SQS struct {
 
 	URL                    *string
 	MessageRetentionPeriod int
-	Policy                 fi.Resource // "inline" IAM policy
+	Policy                 fi.Resource
 
 	Tags map[string]string
 }
@@ -78,7 +80,7 @@ func (q *SQS) Find(c *fi.Context) (*SQS, error) {
 	if err != nil {
 		return nil, fmt.Errorf("error getting SQS queue attributes: %v", err)
 	}
-	policy := fi.NewStringResource(*attributes.Attributes["Policy"])
+	actualPolicy := *attributes.Attributes["Policy"]
 	period, err := strconv.Atoi(*attributes.Attributes["MessageRetentionPeriod"])
 	if err != nil {
 		return nil, fmt.Errorf("error coverting MessageRetentionPeriod to int: %v", err)
@@ -91,15 +93,41 @@ func (q *SQS) Find(c *fi.Context) (*SQS, error) {
 		return nil, fmt.Errorf("error listing SQS queue tags: %v", err)
 	}
 
+	// We parse both as JSON; if the json forms are equal we pretend the actual value is the expected value
+	if q.Policy != nil {
+		expectedPolicy, err := fi.ResourceAsString(q.Policy)
+		if err != nil {
+			return nil, fmt.Errorf("error reading expected Policy for SQS %q: %v", aws.StringValue(q.Name), err)
+		}
+		expectedJson := make(map[string]interface{})
+		err = json.Unmarshal([]byte(expectedPolicy), &expectedJson)
+		if err != nil {
+			return nil, fmt.Errorf("error parsing expected Policy for SQS %q: %v", aws.StringValue(q.Name), err)
+		}
+		actualJson := make(map[string]interface{})
+		err = json.Unmarshal([]byte(actualPolicy), &actualJson)
+		if err != nil {
+			return nil, fmt.Errorf("error parsing actual Policy for SQS %q: %v", aws.StringValue(q.Name), err)
+		}
+
+		if reflect.DeepEqual(actualJson, expectedJson) {
+			klog.V(2).Infof("actual Policy was json-equal to expected; returning expected value")
+			actualPolicy = expectedPolicy
+		}
+	}
+
 	actual := &SQS{
 		Name:                   q.Name,
 		URL:                    url,
 		Lifecycle:              q.Lifecycle,
-		Policy:                 policy,
+		Policy:                 fi.NewStringResource(actualPolicy),
 		MessageRetentionPeriod: period,
 		Tags:                   intersectSQSTags(tags.Tags, q.Tags),
 	}
 
+	//Avoid flapping
+	q.Name = actual.Name
+
 	return actual, nil
 }