diff --git a/packages/@aws-cdk/aws-codepipeline/test/integ.lambda-pipeline.expected.json b/packages/@aws-cdk/aws-codepipeline/test/integ.lambda-pipeline.expected.json index fb5e308bdeb8a..3f55ac2a23f86 100644 --- a/packages/@aws-cdk/aws-codepipeline/test/integ.lambda-pipeline.expected.json +++ b/packages/@aws-cdk/aws-codepipeline/test/integ.lambda-pipeline.expected.json @@ -44,6 +44,12 @@ "Arn" ] }, + { + "Fn::GetAtt": [ + "PipelineBucketB967BD35", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -57,22 +63,6 @@ "/*" ] ] - } - ] - }, - { - "Effect": "Allow", - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineBucketB967BD35", - "Arn" - ] }, { "Fn::Join": [ diff --git a/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-cfn.expected.json b/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-cfn.expected.json index 8000f18a45b92..3a268e390f54a 100644 --- a/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-cfn.expected.json +++ b/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-cfn.expected.json @@ -44,6 +44,12 @@ "Arn" ] }, + { + "Fn::GetAtt": [ + "PipelineBucketB967BD35", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -57,22 +63,6 @@ "/*" ] ] - } - ] - }, - { - "Effect": "Allow", - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineBucketB967BD35", - "Arn" - ] }, { "Fn::Join": [ diff --git a/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.expected.json b/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.expected.json index 6abf964233ee3..2012382bd35ab 100644 --- a/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.expected.json +++ b/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.expected.json @@ -118,36 +118,6 @@ } ] }, - { - "Effect": "Allow", - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Resource": [ - { - "Fn::GetAtt": [ - "CodeDeployPipelineIntegTest9F618D61", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "CodeDeployPipelineIntegTest9F618D61", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, { "Effect": "Allow", "Action": [ diff --git a/packages/@aws-cdk/aws-iam/test/test.policy-document.ts b/packages/@aws-cdk/aws-iam/test/test.policy-document.ts index d93441d36f7f2..1fe7deec297bb 100644 --- a/packages/@aws-cdk/aws-iam/test/test.policy-document.ts +++ b/packages/@aws-cdk/aws-iam/test/test.policy-document.ts @@ -140,6 +140,22 @@ export = { test.done(); }, + 'addAccountPrincipal can be used multiple times'(test: Test) { + const p = new PolicyStatement(); + p.addAwsAccountPrincipal('1234'); + p.addAwsAccountPrincipal('5678'), + test.deepEqual(resolve(p), { + Effect: 'Allow', + Principal: { + AWS: [ + { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::1234:root']] }, + { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::5678:root']] } + ] + } + }); + test.done(); + }, + 'hasResource': { 'false if there are no resources'(test: Test) { test.equal(new PolicyStatement().hasResource, false, 'hasResource should be false for an empty permission');