fix: compilation failure in Go (#35871)

rix0rrr · web-flow · commit 5e4f603a17fa · 2025-10-28T16:53:49.000Z
This is a revert of #35770; `jsii-pacmak` doesn't generate correct Go code for cross-module type intersections. Fixes #35862.
diff --git a/allowed-breaking-changes.txt b/allowed-breaking-changes.txt
@@ -966,3 +966,6 @@ removed:aws-cdk-lib.lambda_layer_kubectl.KubectlLayer
 # Fixing the JsonSchema interface to be consistent with JSON Schema spec
 changed-type:aws-cdk-lib.aws_apigateway.JsonSchema.additionalItems
 strengthened:aws-cdk-lib.aws_apigateway.JsonSchema
+
+# Revert a failing change
+strengthened:aws-cdk-lib.aws_stepfunctions.StateMachineProps
diff --git a/packages/aws-cdk-lib/aws-stepfunctions/lib/state-machine.ts b/packages/aws-cdk-lib/aws-stepfunctions/lib/state-machine.ts
@@ -117,7 +117,7 @@ export interface StateMachineProps {
    *
    * @default A role is automatically created
    */
-  readonly role?: iam.IRoleRef & iam.IGrantable;
+  readonly role?: iam.IRole;
 
   /**
    * Maximum run time for this state machine
@@ -427,6 +427,11 @@ export class StateMachine extends StateMachineBase {
    */
   public static readonly PROPERTY_INJECTION_ID: string = 'aws-cdk-lib.aws-stepfunctions.StateMachine';
 
+  /**
+   * Execution role of this state machine
+   */
+  public readonly role: iam.IRole;
+
   /**
    * The name of the state machine
    * @attribute
@@ -450,11 +455,6 @@ export class StateMachine extends StateMachineBase {
    */
   public readonly stateMachineRevisionId: string;
 
-  /**
-   * Execution role of this state machine
-   */
-  private readonly _role: iam.IRoleRef & iam.IGrantable;
-
   constructor(scope: Construct, id: string, props: StateMachineProps) {
     super(scope, id, {
       physicalName: props.stateMachineName,
@@ -476,7 +476,7 @@ export class StateMachine extends StateMachineBase {
       this.validateLogOptions(props.logs);
     }
 
-    this._role = props.role || new iam.Role(this, 'Role', {
+    this.role = props.role || new iam.Role(this, 'Role', {
       assumedBy: new iam.ServicePrincipal('states.amazonaws.com'),
     });
 
@@ -494,7 +494,7 @@ export class StateMachine extends StateMachineBase {
     }
 
     if (props.encryptionConfiguration instanceof CustomerManagedEncryptionConfiguration) {
-      this._role.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({
+      this.role.addToPrincipalPolicy(new iam.PolicyStatement({
         effect: iam.Effect.ALLOW,
         actions: [
           'kms:Decrypt', 'kms:GenerateDataKey',
@@ -513,7 +513,7 @@ export class StateMachine extends StateMachineBase {
       }));
 
       if (props.logs && props.logs.level !== LogLevel.OFF) {
-        this._role.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({
+        this.role.addToPrincipalPolicy(new iam.PolicyStatement({
           effect: iam.Effect.ALLOW,
           actions: [
             'kms:GenerateDataKey',
@@ -540,10 +540,10 @@ export class StateMachine extends StateMachineBase {
     const resource = new CfnStateMachine(this, 'Resource', {
       stateMachineName: this.physicalName,
       stateMachineType: props.stateMachineType ?? undefined,
-      roleArn: this._role.roleRef.roleArn,
+      roleArn: this.role.roleArn,
       loggingConfiguration: props.logs ? this.buildLoggingConfiguration(props.logs) : undefined,
       tracingConfiguration: this.buildTracingConfiguration(props.tracingEnabled),
-      ...definitionBody.bind(this, this._role.grantPrincipal, props, graph),
+      ...definitionBody.bind(this, this.role, props, graph),
       definitionSubstitutions: props.definitionSubstitutions,
       encryptionConfiguration: buildEncryptionConfiguration(props.encryptionConfiguration),
     });
@@ -569,27 +569,15 @@ export class StateMachine extends StateMachineBase {
    * The principal this state machine is running as
    */
   public get grantPrincipal() {
-    return this._role.grantPrincipal;
-  }
-
-  /**
-   * Execution role of this state machine
-   *
-   * Will throw if the Role object that was given does not implement IRole
-   */
-  public get role(): iam.IRole {
-    if (!isIRole(this._role)) {
-      throw new ValidationError(`The role given to this StateMachine is not an IRole, but ${this._role.constructor.name}`, this);
-    }
-    return this._role;
+    return this.role.grantPrincipal;
   }
 
   /**
    * Add the given statement to the role's policy
    */
   @MethodMetadata()
   public addToRolePolicy(statement: iam.PolicyStatement) {
-    this._role.grantPrincipal.addToPrincipalPolicy(statement);
+    this.role.addToPrincipalPolicy(statement);
   }
 
   private validateStateMachineName(stateMachineName: string) {
@@ -858,9 +846,3 @@ export class ChainDefinitionBody extends DefinitionBody {
     };
   }
 }
-
-function isIRole(x: iam.IRoleRef): x is iam.IRole {
-  const xx = x as iam.IRole;
-  return (!!xx.addManagedPolicy && !!xx.addToPrincipalPolicy && !!xx.assumeRoleAction && !!xx.attachInlinePolicy
-   && !!xx.grant && !!xx.policyFragment);
-}
diff --git a/packages/awslint/bin/awslint.ts b/packages/awslint/bin/awslint.ts
@@ -2,15 +2,12 @@
 /* eslint-disable no-console */
 import * as child_process from 'child_process';
 import * as path from 'path';
-import { JsiiFeature } from '@jsii/spec';
 import * as chalk from 'chalk';
 import * as fs from 'fs-extra';
 import * as reflect from 'jsii-reflect';
 import * as yargs from 'yargs';
 import { ALL_RULES_LINTER, DiagnosticLevel, RuleFilterSet } from '../lib';
 
-const FEATURES: JsiiFeature[] = ['intersection-types'];
-
 let stackTrace = false;
 
 async function main() {
@@ -250,7 +247,7 @@ main().catch(e => {
 
 async function loadModule(dir: string) {
   const ts = new reflect.TypeSystem();
-  await ts.load(dir, { validate: false, supportedFeatures: FEATURES }); // Don't validate to save 66% of execution time (20s vs 1min).
+  await ts.load(dir, { validate: false }); // Don't validate to save 66% of execution time (20s vs 1min).
   // We run 'awslint' during build time, assemblies are guaranteed to be ok.
 
   // We won't load any more assemblies. Lock the typesystem to benefit from performance improvements.
diff --git a/packages/awslint/lib/rules/api.ts b/packages/awslint/lib/rules/api.ts
@@ -139,11 +139,6 @@ apiLinter.add({
         return;
       }
 
-      if (type.intersectionOfTypes) {
-        // Type intersections are okay
-        return;
-      }
-
       throw new Error(`invalid type reference: ${type.toString()}`);
     }
   },
diff --git a/scripts/run-rosetta.sh b/scripts/run-rosetta.sh
@@ -73,7 +73,7 @@ time $ROSETTA extract \
 
 if $infuse; then
     echo "💎 Generating synthetic examples for the remainder" >&2
-    time npx cdk-generate-synthetic-examples \
+    time npx cdk-generate-synthetic-examples@^0.1.292 \
         $(cat $jsii_pkgs_file)
 
     time $ROSETTA extract \

Original file line number	Diff line number	Diff line change
`@@ -139,11 +139,6 @@ apiLinter.add({`
`139`	`139`	`return;`
`140`	`140`	`}`
`141`	`141`
`142`		`- if (type.intersectionOfTypes) {`
`143`		`- // Type intersections are okay`
`144`		`- return;`
`145`		`- }`
`146`		`-`
`147`	`142`	throw new Error(`invalid type reference: ${type.toString()}`);
`148`	`143`	`}`
`149`	`144`	`},`